A pretty common mistake when dealing with QRadar environments is wrongly updating the network configuration directly on the Operational System. As everyone know, the QRadar runs on a customized RedHat distribution, but it doesn’t mean that we could make the changes directly on the OS. To change the network configuration (IP, Hostname, DNS server, Network Mask, etc) we should use the appropriated QRadar script for it, and it is even easier than changing directly on the OS. The following procedure can be done to change the network configuration. Please note that while the configuration is done, the QRadar services will be down and after the configuration a reboot will be necessary. Also note that the procedure should be done in the server terminal, and not through SSH.
Changing the Network Configuration:
- Open the QRadar terminal (It should be DIRECTLY on the server, not through SSH).
- Run the following command:
- Read the terms and press Y and enter to continue
- Wait while the services are stopped
- Proceed with the network configuration and change the necessary configuration
- After clicking in FINISH, the server will be rebooted.
With this procedure, all the QRadar configuration files will be changed with the new network configuration and also the OS will be updated. So with just one script we change all the necessary configuration.