mrughindersingh/Qradar Installation - (fixing the centos-gluster38 AND kmod_pf_ring errors)

## Qradar Installation - (fixing the centos-gluster38 AND kmod_pf_ring errors)
HEllo folks..I am trying to learn about SIEM and QRAdar, one of the first steps was to install QRadar.. and it was not so plesent! as the installation of Qradar kept on crashing.
I am sure a lot of people would be facing same problem during the installation of QRadar.
After looking at a number of videos and browsing the web for many hours and many many failed installations not to mention setting up a fresh vm of centos again and again and Again(before I strated using multiple clones of it), I finally managed to get it installed and working!
So I would like to share the process which worked for me, hopefully its helpfull for someone.

PART 1: Installing the Centos VM:

So Basically I was following Jose Bravo`s videos over youtube. Thanks to him for posting such informative demos. He has a lot of stuff on his page and I am follwing his demos.

So here is the video from Jose`s channel which I followed to install CentOS:
https://www.youtube.com/watch?v=FLMPFH9HgRM&index=2&list=PLKsSbpbsp5hnO3f7JwFedwBGydrz7dXpI&t=10s

He has also provided the links to Community Edition of Qradar (which I am using)
Now In this video, make sure you put the correct values for IP, gateway, namespace according to your VM`s settings otherwise you wont hvae internet in the Centos VM.
If you are using VMware Workstation Pro, you can simlpy select the VM your are working on, Go to EDIT and then click on Virtual Network Editor know your IP`s:
EDIT-->Virtual Network manager-->select NAT
now use 'NET Settings' and 'DHCP settings' tabs for the values required.

Keep following the steps in the video by Jose for installation of CentOS and seting up the network, just make sure you put the correct addresses according to your VM.


Now if you were able to sucessfully get through this first part, I assume you have a working Centos VM with connectivity to internet and host.
DO NOT PROCEED further if that is not the case. Go Back, watch the video again make sure you have followed all the steps and have punched in correct values according to your network.
IF it works shutdown the VM ** MAKE TWO CLONES OF THIS WORKING VM NOW!!
Because if your installation gets stuck/crashes/fails you wont have to do all this again.
Make clone of this working vm and proceed to second step with one of the clone.If something goes wrong in the second step like intsallation crashes for whatever reason, take screen shot of the error delete the vm, make another clone and start working again on that new clone.

PART 2: Installing the QRadar (and how to avoid failing/crashing Qradar installations..)
Download the QRadar Community version from IBM:
https://developer.ibm.com/qradar/ce/
I iso whcih I got was QRadarCE7_3_0.GA.iso
If you get newer version they might have fixed a few things that cause the issues.

Jose has another video for this part :
https://www.youtube.com/watch?v=i-qA3-b6_ME&t=483s
Watch it till the part where he transfers the QRadar ISO into the VM dont yet begin the installation cause there are few things we need to fix before

His installation workes like a charm but mine didnt...and I spent so many hours searching the web how to fix it and hence this post.
If you get errors regarding centos-gluster38 ERROR 256...ERROR 14
ERROR: Yum operation Installation QRadar RPM`s failed
or
Errors regarding packages kmod-pf_ring-6.2.0-2.217.x86_64 (local)
ERROR: Yum operation Installation QRadar RPM`s failed

THEN THIS POST IS FOR YOU :)
thses are the steps you need to follow:
NOTE: Begin on a fresh installation of Centos or working clones you created in Part 1


After booting up your working centos VM (after making clones in Part 1) follow the following steps:

1)run following commands:-

sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config && cat /etc/selinux/config

echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf

yum -y update && yum -y upgrade

after this reboot.

2)create this  repositry which was causing the crash-
vi /etc/yum.repos.d/CentOS-Gluster-3.8.repo

3)paste the following data into this file and save, MAKE SURE NO SPACES ARE THEIR IN BEGINING OF ANY LINE
# CentOS-Gluster-3.8.repo
#
# Please see http://wiki.centos.org/SpecialInterestGroup/Storage for more
# information

[centos-gluster38]
name=CentOS-$releasever - Gluster 3.8
baseurl=http://buildlogs.centos.org/centos/$releasever/storage/$basearch/gluster-3.8/
gpgcheck=0
enabled=1

[centos-gluster38-test]
name=CentOS-$releasever - Gluster 3.8 Testing
baseurl=http://buildlogs.centos.org/centos/$releasever/storage/$basearch/gluster-3.8/
gpgcheck=0
enabled=0

save it and quit

9) yum update
reboot after the update

10)mount the QRADAR ISO
mkdir /media/cdrom

mount -o loop /tmp/ISO_NAME.iso /media/cdrom

yum install /media/cdrom/3rdparty/glusterfs/*.rpm

rpm -Uvh /media/cdrom/3rdparty/pf_ring/kmod-pf_ring-6.2.0-2.el7.x86_64.rpm --nodeps

yum update
reboot

11) mount qradar again in cdrom and run setup (Continue the second video: https://www.youtube.com/watch?v=i-qA3-b6_ME&t=483s)

12) it will take long time to install and after that it will ask for certain selections, just select defaults in all. Create admin password for qradar - remember to include uppecase,lowercase,number and special character YES ALL r compulsory otherwise you will have to change it on first startup of qradar(forced).

13) after all is done reboot
machine will boot up as qradar instead of localhost. login using admin and password set during installation
leave it for some time

14) Back to guest os, open your browser
put ip of qradar vm and wait
WAIT
a lot of WAIT!
it will load up after long time, keep refreshing.

==============================
links which I refered to
==============================
https://developer.ibm.com/answers/questions/447072/qradar-fails-to-install-centos-7-gluster-38/?page=1&pageSize=10&sort=votes
https://www.youtube.com/watch?v=FLMPFH9HgRM&index=2&list=PLKsSbpbsp5hnO3f7JwFedwBGydrz7dXpI&t=10s
https://www.youtube.com/watch?v=i-qA3-b6_ME&t=483s
	HEllo folks..I am trying to learn about SIEM and QRAdar, one of the first steps was to install QRadar.. and it was not so plesent! as the installation of Qradar kept on crashing.
	I am sure a lot of people would be facing same problem during the installation of QRadar.
	After looking at a number of videos and browsing the web for many hours and many many failed installations not to mention setting up a fresh vm of centos again and again and Again(before I strated using multiple clones of it), I finally managed to get it installed and working!
	So I would like to share the process which worked for me, hopefully its helpfull for someone.

	PART 1: Installing the Centos VM:

	So Basically I was following Jose Bravo`s videos over youtube. Thanks to him for posting such informative demos. He has a lot of stuff on his page and I am follwing his demos.

	So here is the video from Jose`s channel which I followed to install CentOS:
	https://www.youtube.com/watch?v=FLMPFH9HgRM&index=2&list=PLKsSbpbsp5hnO3f7JwFedwBGydrz7dXpI&t=10s

	He has also provided the links to Community Edition of Qradar (which I am using)
	Now In this video, make sure you put the correct values for IP, gateway, namespace according to your VM`s settings otherwise you wont hvae internet in the Centos VM.
	If you are using VMware Workstation Pro, you can simlpy select the VM your are working on, Go to EDIT and then click on Virtual Network Editor know your IP`s:
	EDIT-->Virtual Network manager-->select NAT
	now use 'NET Settings' and 'DHCP settings' tabs for the values required.

	Keep following the steps in the video by Jose for installation of CentOS and seting up the network, just make sure you put the correct addresses according to your VM.


	Now if you were able to sucessfully get through this first part, I assume you have a working Centos VM with connectivity to internet and host.
	DO NOT PROCEED further if that is not the case. Go Back, watch the video again make sure you have followed all the steps and have punched in correct values according to your network.
	IF it works shutdown the VM ** MAKE TWO CLONES OF THIS WORKING VM NOW!!
	Because if your installation gets stuck/crashes/fails you wont have to do all this again.
	Make clone of this working vm and proceed to second step with one of the clone.If something goes wrong in the second step like intsallation crashes for whatever reason, take screen shot of the error delete the vm, make another clone and start working again on that new clone.

	PART 2: Installing the QRadar (and how to avoid failing/crashing Qradar installations..)
	Download the QRadar Community version from IBM:
	https://developer.ibm.com/qradar/ce/
	I iso whcih I got was QRadarCE7_3_0.GA.iso
	If you get newer version they might have fixed a few things that cause the issues.

	Jose has another video for this part :
	https://www.youtube.com/watch?v=i-qA3-b6_ME&t=483s
	Watch it till the part where he transfers the QRadar ISO into the VM dont yet begin the installation cause there are few things we need to fix before

	His installation workes like a charm but mine didnt...and I spent so many hours searching the web how to fix it and hence this post.
	If you get errors regarding centos-gluster38 ERROR 256...ERROR 14
	ERROR: Yum operation Installation QRadar RPM`s failed
	or
	Errors regarding packages kmod-pf_ring-6.2.0-2.217.x86_64 (local)
	ERROR: Yum operation Installation QRadar RPM`s failed

	THEN THIS POST IS FOR YOU :)
	thses are the steps you need to follow:
	NOTE: Begin on a fresh installation of Centos or working clones you created in Part 1


	After booting up your working centos VM (after making clones in Part 1) follow the following steps:

	1)run following commands:-

	sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config && cat /etc/selinux/config

	echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf

	yum -y update && yum -y upgrade

	after this reboot.

	2)create this repositry which was causing the crash-
	vi /etc/yum.repos.d/CentOS-Gluster-3.8.repo

	3)paste the following data into this file and save, MAKE SURE NO SPACES ARE THEIR IN BEGINING OF ANY LINE
	# CentOS-Gluster-3.8.repo
	#
	# Please see http://wiki.centos.org/SpecialInterestGroup/Storage for more
	# information

	[centos-gluster38]
	name=CentOS-$releasever - Gluster 3.8
	baseurl=http://buildlogs.centos.org/centos/$releasever/storage/$basearch/gluster-3.8/
	gpgcheck=0
	enabled=1

	[centos-gluster38-test]
	name=CentOS-$releasever - Gluster 3.8 Testing
	baseurl=http://buildlogs.centos.org/centos/$releasever/storage/$basearch/gluster-3.8/
	gpgcheck=0
	enabled=0

	save it and quit

	9) yum update
	reboot after the update

	10)mount the QRADAR ISO
	mkdir /media/cdrom

	mount -o loop /tmp/ISO_NAME.iso /media/cdrom

	yum install /media/cdrom/3rdparty/glusterfs/*.rpm

	rpm -Uvh /media/cdrom/3rdparty/pf_ring/kmod-pf_ring-6.2.0-2.el7.x86_64.rpm --nodeps

	yum update
	reboot

	11) mount qradar again in cdrom and run setup (Continue the second video: https://www.youtube.com/watch?v=i-qA3-b6_ME&t=483s)

	12) it will take long time to install and after that it will ask for certain selections, just select defaults in all. Create admin password for qradar - remember to include uppecase,lowercase,number and special character YES ALL r compulsory otherwise you will have to change it on first startup of qradar(forced).

	13) after all is done reboot
	machine will boot up as qradar instead of localhost. login using admin and password set during installation
	leave it for some time

	14) Back to guest os, open your browser
	put ip of qradar vm and wait
	WAIT
	a lot of WAIT!
	it will load up after long time, keep refreshing.

	==============================
	links which I refered to
	==============================
	https://developer.ibm.com/answers/questions/447072/qradar-fails-to-install-centos-7-gluster-38/?page=1&pageSize=10&sort=votes
	https://www.youtube.com/watch?v=FLMPFH9HgRM&index=2&list=PLKsSbpbsp5hnO3f7JwFedwBGydrz7dXpI&t=10s
	https://www.youtube.com/watch?v=i-qA3-b6_ME&t=483s