User Guide

Single Instance Upgrade Procedure from 4.20 to 4.21

This guide will lead you through the steps specific for upgrading from a NetEye Single Node installation from version 4.20 to 4.21. You must have successfully completed the Update Procedure before attempting to start the upgrade procedure.

Warning

Remember that you must upgrade sequentially without skipping versions, therefore an upgrade to 4.21 is possible only from 4.20; for example, if you have version 4.14, you must first upgrade to the 4.15, then 4.16, and so on.

Before starting an upgrade, you should very carefully read the latest release notes on NetEye’s blog and check the feature changes and deprecations specific to the version being upgraded. You should check also the whole section Breaking Changes below.

The remainder of this section is organised as follows. Section Breaking Changes introduces substantial changes that users must be aware of before starting the upgrade procedure and may require to carry out some tasks before starting the upgrade; section NetEye Single Instance Upgrade Procedure presents the actual procedure, and finally section Additional Tasks shows which tasks must be executed after the upgrade procedure has been successfully executed.

Breaking Changes

Upgrade Procedure

The upgrade procedure has now been automatised and requires only to launch a few commands: Details about them and the tasks they execute can be found in The neteye Command. No task should be executed for this change.

NATS telegraf user

The NATS telegraf user has been deprecated due to security issues and will be removed in the NetEye 4.22 release. This means that the telegraf user must be migrated before the upgrade to NetEye 4.22. It has been replaced by two new users:

  1. telegraf_wo with write-only privileges on NATS

  2. telegraf_ro with read-only privileges on NATS

Please change your telegraf collectors and consumers to use the two new users as described in Section Write Data to influxDB through NATS master of the User Guide. Once you have removed all occurrences of telegraf user please go to Configuration / Modules / neteye / Configuration, click Remove NATS telegraf user and Save Changes.

Tornado tenant Filters

From NetEye 4.21 onwards, some Nodes in the Tornado Processing Tree are reserved for the automatic generation of Filters for the NetEye tenants.

In case no NetEye Satellites are configured on your NetEye, no Processing Tree Nodes are reserved.

The reserved Nodes are those Nodes which are at the top level of the Processing Tree and have the exact same name as one of your NetEye tenants.

For example, if I configured some Satellites for the tenants my_first_tenant and my_second_tenant, the reserved Nodes in the Tornado Processing Tree will be:

  1. root->my_first_tenant

  2. root->my_second_tenant

  3. root->master: we remind you that the master tenant is a default tenant in NetEye and that the corresponding Filter is created only when at least one NetEye Satellite is configured.

This means that if such Nodes exist in your Tornado Processing Tree prior to the upgrade to 4.21, you must migrate them in one of these following ways:

  1. If the conflicting Node is not really related to the tenant, you should either rename it, or move it to a different path in the Processing Tree. This can be done either before or after the upgrade.

  2. If the conflicting Node applies to the tenant, after the upgrade you should move it as child of the tenant Filter generated by the upgrade. By doing this, you can ensure that only Events originated by the tenant will arrive to your Filter/Ruleset.

In case the conflicting Nodes are not manually migrated before the upgrade, they will be automatically backed-up by renaming them to <original_name>_backup_<timestamp_in_ms>, where <original_name> is the name of the Node before the upgrade and <timestamp_in_ms> is the timestamp in milliseconds when the renaming was performed.

NetEye Single Instance Upgrade Procedure

To perform the upgrade, run from the command line the command:

# nohup neteye upgrade

All the tasks carried out by the command are listed in section neteye upgrade; a dedicated section provides directions in case the command fails.

Additional Tasks

This section lists the tasks that must be carried out manually, because they are not part of the neteye upgrade command.

In this release, no additional task is required.