I wanted to install QRadarCE to familiarise my self with QRadar. QRadarCE is a limited version of QRadar. According to IBM it could be used to test QRadar deployments of various types in test before deploying the changes to production systems.
IBM has an official install guide but it did not work for me so i created my own from trying to install QRadarCE and fixing the errors as they came.
The install can be downloaded from here: https://developer.ibm.com/qradar/ce/ It does require an account.
Download the iso file into /tmp on the basis os.
My install guide is based on CentOS-7-x86_64-Minimal-1804 and QRadarCE7_3_1.GA.
Installation of Centos 7.5 will not be shown in this howto.
The first thing that needs to be done on the basis os is to install GlusterFS. This can be done in the following way:
Add Gluster.repo by doing: vi /etc/yum.repos.d/Gluster.repo
In the file add the following:
Now run the following command: yum install -y centos-release-gluster
When the above command is done run: yum install -y glusterfs-server
Now that GlusterFS is installed, we can continue with the installation of QRadarCE.
mount -o loop Qradar.iso file /media/cdrom
this will start the installer, the installer will ask for a restart. Restart the basis os when asked and rerun point 6 and 7 again, the installer will now continue with installing QRadarCE. This will take a while.
When the installer is done the admin password can be changed with: /opt/qradar/support/changePasswd.sh -a on the basis os.
After changing the password run the following command: service tomcat restart