IBM Security QRadar

Hello Experts,

Can i deploy QRadar CE on Azure platform?

Thank You

------------------------------
benjamin Nworah
------------------------------

Hi Benjamin, 
the short answer is yes, but there might be a few things to do to get it running. I wrote a post about it on the forum, i hope it can help you.
#
HowTo: Qradar CE 7.3.3 v1.0 GA to Azure image

------------------------------
Eric Lauzon
------------------------------

Original Message:
Sent: Thu January 07, 2021 12:17 PM
From: benjamin Nworah
Subject: QRadar CE on Azure

Hello Experts,

Can i deploy QRadar CE on Azure platform?

Thank You

------------------------------
benjamin Nworah
------------------------------

Hello Experts,

I was able to deploy the qradar CE on Azure, but tomcat keeps failing.

I have attached logs from qradar.error file on the QRadar instance.

Kindly assists.

Regards,

------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Fri January 08, 2021 06:54 AM
From: Eric Lauzon
Subject: QRadar CE on Azure

Hi Benjamin, 
the short answer is yes, but there might be a few things to do to get it running. I wrote a post about it on the forum, i hope it can help you.
#
HowTo: Qradar CE 7.3.3 v1.0 GA to Azure image

------------------------------
Eric Lauzon

Original Message:
Sent: Thu January 07, 2021 12:17 PM
From: benjamin Nworah
Subject: QRadar CE on Azure

Hello Experts,

Can i deploy QRadar CE on Azure platform?

Thank You

------------------------------
benjamin Nworah
------------------------------

Hello Experts,

I was able to deploy the qradar CE on Azure, but tomcat keeps failing.

I have attached logs from qradar.error file on the QRadar instance.

Kindly assists.

------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Thu February 18, 2021 08:21 AM
From: benjamin Nworah
Subject: QRadar CE on Azure

Hello Experts,

I was able to deploy the qradar CE on Azure, but tomcat keeps failing.

I have attached logs from qradar.error file on the QRadar instance.

Kindly assists.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Fri January 08, 2021 06:54 AM
From: Eric Lauzon
Subject: QRadar CE on Azure

Hi Benjamin, 
the short answer is yes, but there might be a few things to do to get it running. I wrote a post about it on the forum, i hope it can help you.
#
HowTo: Qradar CE 7.3.3 v1.0 GA to Azure image

------------------------------
Eric Lauzon

Original Message:
Sent: Thu January 07, 2021 12:17 PM
From: benjamin Nworah
Subject: QRadar CE on Azure

Hello Experts,

Can i deploy QRadar CE on Azure platform?

Thank You

------------------------------
benjamin Nworah
------------------------------

Hi Benjamin,
no idea if this works. When trying to fire up tomcat and trying to access qradar, there are many error messages shown in here. One of the tomcat errors in question according to your log file is

Feb 18 12:15:22 ::ffff:127.0.0.1 [tomcat.tomcat] [gui_app_startup_thread] com.q1labs.frameworks.session.SessionContext: [ERROR] [NOT:0000003000][127.0.0.1/- -] [-/- -]Session must be in the bounds of a transaction to access jpa/jdbc resources. Session Id: 5ab81a42-bebc-4ffa-ad02-4733d300db08

this is the latest tomcat error in there and shows that your apps in tomcat are not coming up for whatever reason. So there is little chance to get tomcat running in that state. From where are you trying to access? Make sure your QRadar NAT IP van be accessed externally. Try GUI access from an azure container first running redhat or ubuntu using firefox that does not have to access thru firewalls and that kind of stuff. Secondly use systemctl for checking status of tomcat and restart it until errors are gone in qradar.log. If you cant get rid of them reinstall or go back to the last config working.

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Thu February 18, 2021 08:21 AM
From: benjamin Nworah
Subject: QRadar CE on Azure

Hello Experts,

I was able to deploy the qradar CE on Azure, but tomcat keeps failing.

I have attached logs from qradar.error file on the QRadar instance.

Kindly assists.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Fri January 08, 2021 06:54 AM
From: Eric Lauzon
Subject: QRadar CE on Azure

Hi Benjamin, 
the short answer is yes, but there might be a few things to do to get it running. I wrote a post about it on the forum, i hope it can help you.
#
HowTo: Qradar CE 7.3.3 v1.0 GA to Azure image

------------------------------
Eric Lauzon

Original Message:
Sent: Thu January 07, 2021 12:17 PM
From: benjamin Nworah
Subject: QRadar CE on Azure

Hello Experts,

Can i deploy QRadar CE on Azure platform?

Thank You

------------------------------
benjamin Nworah
------------------------------

Hello Karl,

Thank you for your input.

But the QRadar keeps going down (Imean the GUI access) for unknown reason. Using systemctl to check the status, the tomcat is running, while the GUI is down.
Regards,


------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Fri February 19, 2021 11:33 AM
From: Karl Jaeger
Subject: QRadar CE on Azure

Hi Benjamin,
no idea if this works. When trying to fire up tomcat and trying to access qradar, there are many error messages shown in here. One of the tomcat errors in question according to your log file is

Feb 18 12:15:22 ::ffff:127.0.0.1 [tomcat.tomcat] [gui_app_startup_thread] com.q1labs.frameworks.session.SessionContext: [ERROR] [NOT:0000003000][127.0.0.1/- -] [-/- -]Session must be in the bounds of a transaction to access jpa/jdbc resources. Session Id: 5ab81a42-bebc-4ffa-ad02-4733d300db08

this is the latest tomcat error in there and shows that your apps in tomcat are not coming up for whatever reason. So there is little chance to get tomcat running in that state. From where are you trying to access? Make sure your QRadar NAT IP van be accessed externally. Try GUI access from an azure container first running redhat or ubuntu using firefox that does not have to access thru firewalls and that kind of stuff. Secondly use systemctl for checking status of tomcat and restart it until errors are gone in qradar.log. If you cant get rid of them reinstall or go back to the last config working.

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Thu February 18, 2021 08:21 AM
From: benjamin Nworah
Subject: QRadar CE on Azure

Hello Experts,

I was able to deploy the qradar CE on Azure, but tomcat keeps failing.

I have attached logs from qradar.error file on the QRadar instance.

Kindly assists.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Fri January 08, 2021 06:54 AM
From: Eric Lauzon
Subject: QRadar CE on Azure

Hi Benjamin, 
the short answer is yes, but there might be a few things to do to get it running. I wrote a post about it on the forum, i hope it can help you.
#
HowTo: Qradar CE 7.3.3 v1.0 GA to Azure image

------------------------------
Eric Lauzon

Original Message:
Sent: Thu January 07, 2021 12:17 PM
From: benjamin Nworah
Subject: QRadar CE on Azure

Hello Experts,

Can i deploy QRadar CE on Azure platform?

Thank You

------------------------------
benjamin Nworah
------------------------------