This article applies to:

• SIEM OE 5.9
• SIEM OE 5.9.1

Question:

• How can I change the IP address of an active server?

Procedure:

If necessary, you can change the IP addresses of all servers.

1. Shut down all SIEM OE services:
    
   /opt/nsm/common/nsm-all stop
   
   
2. Change the IP addresses on the server (Red Hat configuration). Ensure that you update the configurations in /etc/hosts if they exist.
3. Change the IP addresses following the examples provided in "IP Address Change Examples" below.
   • Help is available by running ./ipchange_post.sh -h
4. Restart the SIEM OE services:
    
   /opt/nsm/common/nsm-all restart
   
   
5. Run the SDW post-install script:
    
   /opt/nsm/cs/bin/update_ism.sh
   

IP Address Change Examples:

DA, SOC, TD and TE

1. On the server, (DA, SOC, TD or TE) run ./ipchange_post.sh [server] [new_ip]
   
   where
   • [server] represents the name you gave to the DA, SOC, TD or TE when you installed SIEM
   • [new_ip] represents the new IP address you are assigning to the server
2. On the SDW, run ./ipchange_post.sh [server] [new_ip]

If installing on a single server, you can also use all in place of [server] to update all the IP addresses.

SDW

1. On the SDW, run ./ipchange_post.sh all [new_sdw_ip]
   
   where [new_sdw_ip] is the new IP address you are assigning to the SDW.
   
2. On the other servers, run ./ipchange_post.sh sdw [new_sdw_ip]

Notes:

When the IP address is changed on the SDW, you should regenerate the SSL certificate, to reference the new IP address. See the Trustwave SIEM Operations Edition Installation Guide for instructions.