IBM QRadar

Hello everyone,

We are trying to install Qradar 7.4.0 as a software appliance on Red Hat 7.6. We have procured Red Hat liscense separately beforehand and are now trying to install QRadar through .iso file downloaded from Fix Central.

But were are getting an error regarding dependencies as follows:

-> Running transaction check

---> Package fuse.x86_64 0:2.9.2-11.el7 will be installed

---> Package fuse-libs.x86_64 0:2.9.2-11.el7 will be installed

---> Package grub2-efi-aa64-modules.noarch 1:2.02-0.76.el7 will be installed

--> Processing Dependency: grub2-common = 1:2.02-0.76.el7 for package: 1:grub2-efi-aa64-modules-2.02-0.76.el7.noarch

---> Package libmspack.x86_64 0:0.5-0.8.alpha.el7 will be installed

---> Package libtool-ltdl.x86_64 0:2.4.2-22.el7_3 will be installed

---> Package xmlsec1.x86_64 0:1.2.20-7.el7_4 will be installed

---> Package xmlsec1-openssl.x86_64 0:1.2.20-7.el7_4 will be installed

--> Finished Dependency Resolution

Error: Package: 1:grub2-efi-aa64-modules-2.02-0.76.el7.noarch (local)

Requires: grub2-common = 1:2.02-0.76.el7

Installed: 1:grub2-common-2.02-0.87.el7_9.6.noarch (Support Member) grub2-common = 1:2.02-0.87.el7_9.6

Available: 1:grub2-common-2.02-0.64.el7.noarch (rhel-7-server-rpms) grub2-common = 1:2.02-0.64.el7

Available: 1:grub2-common-2.02-0.65.el7_4.2.noarch (rhel-7-server-rpms) grub2-common = 1:2.02-0.65.el7_4.2

Available: 1:grub2-common-2.02-0.76.el7.noarch (local) grub2-common = 1:2.02-0.76.el7

Available: 1:grub2-common-2.02-0.76.el7.1.noarch (rhel-7-server-rpms) grub2-common = 1:2.02-0.76.el7.1

Available: 1:grub2-common-2.02-0.80.el7.noarch (rhel-7-server-rpms) grub2-common = 1:2.02-0.80.el7

Available: 1:grub2-common-2.02-0.81.el7.noarch (rhel-7-server-rpms) grub2-common = 1:2.02-0.81.el7

Available: 1:grub2-common-2.02-0.86.el7_8.noarch (rhel-7-server-rpms) grub2-common = 1:2.02-0.86.el7_8

Available: 1:grub2-common-2.02-0.87.el7.noarch (rhel-7-server-rpms) grub2-common = 1:2.02-0.87.el7

Available: 1:grub2-common-2.02-0.87.el7_9.2.noarch (rhel-7-server-rpms) grub2-common = 1:2.02-0.87.el7_9.2

******************************************************************

yum can be configured to try to resolve such errors by temporarily enabling disabled repos and searching for missing dependencies. To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf

*******************************************************************

We also set 'notify_only=0' as error notification above states but with no luck.

We tried combination of Qradar 7.4.0 with RHEL 7.6 as well as QRadar 7.4.3 with RHEL 7.7 but issue persists.

Any thoughts?

Does using RHEL OS that is installed separately beforehand from different .iso is causing this trouble when used in conjunction with Qradar .iso that ships with its own RHEL?

Thanks for any help in advance.

Did you run a Red Hat update before you attempted to install QRadar? This is normally the cause of this dependency issue. If you patched your RHEL or ran an update before installing QRadar, you'll see this issue. We package everything QRadar needs on our ISO and there is strict matching for version checks. If you updated or yum updates ran, then that is the most likely cause for these grub2-common error messages.

You need to complete your base install of RHEL 7.6 64-bit (Do NOT run updates), then install QRadar.

Good day,

the issue is related to the enabled "rhel-7-server-rpms" repository.

The repository is automatically enabled when registering the RHEL OS with RHEL.

As a result, the "grub2-common" latest package revision is installed from the "rhel-7-server-rpms", which revision is incompatible with the QRadar installation bundle.

One can confirm that by looking into the QRadar installation log file "/var/log/setup-*/qradar_setup.log"

========================

 geoipupdate           noarch 3.1.1-1                  local              3.7 M
 gettext               x86_64 0.19.8.1-3.el7_9         rhel-7-server-rpms 1.0 M
 gettext-libs          x86_64 0.19.8.1-3.el7_9         rhel-7-server-rpms 502 k
 glib2                 x86_64 2.56.1-9.el7_9           local              2.5 M
 grub2                 x86_64 1:2.02-0.87.el7_9.11     rhel-7-server-rpms  34 k
 grub2-common          noarch 1:2.02-0.87.el7_9.11     rhel-7-server-rpms 733 k
 grub2-pc              x86_64 1:2.02-0.87.el7_9.11     rhel-7-server-rpms  34 k
 grub2-pc-modules      noarch 1:2.02-0.87.el7_9.11     rhel-7-server-rpms 860 k
 grub2-tools           x86_64 1:2.02-0.87.el7_9.11     rhel-7-server-rpms 1.8 M

================================

The "IBM QRadar 7.5 - Installation Guide" could be enhanced as follow:

Page 17 - change the text to "c) Click Software selection and select Infrastructure Server Install." It is not possible to register the RHEL OS if Minimal Install is performed, without registration QRadar "setup" script will exit.
Add a step to check and disable any RHEL repositories enabled during the RHEL OS registration. For example edit "/etc/yum.repos.d/redhat.repo" and change "enabled = 0" for the "rhel-7-server-rpms".

I hope that helps.

Kind regards,

------------------------------
Marin Botev
------------------------------