User Guide

Single Node Upgrade from 4.23 to 4.24

This guide will lead you through the steps specific for upgrading from a NetEye Single Node installation from version 4.23 to 4.24. You must have successfully completed the Update Procedure before attempting to start the upgrade procedure.

Warning

Remember that you must upgrade sequentially without skipping versions, therefore an upgrade to 4.24 is possible only from 4.23; for example, if you have version 4.14, you must first upgrade to the 4.15, then 4.16, and so on.

Before starting an upgrade, you should very carefully read the latest release notes on NetEye’s blog and check the feature changes and deprecations specific to the version being upgraded. You should check also the whole section Breaking Changes below.

The remainder of this section is organised as follows. Section Breaking Changes introduces substantial changes that users must be aware of before starting the upgrade procedure and may require to carry out some tasks before starting the upgrade; section NetEye Single Node Upgrade Procedure presents the actual procedure, and finally section Additional Tasks shows which tasks must be executed after the upgrade procedure has been successfully executed.

Breaking Changes

NetEye Setup

Tags and new neteye node tags command

Release 4.23 introduced RHEL 8 as new underlying operating system, together with (optional) Red Hat Insights, while release 4.24 added automatic registration to both.

This means that a NetEye Single Node, Cluster, or Satellite must record a few information (Customer ID, contract number, type of installation and deployment, see Section neteye node tags set for more details) that will be used for registering the node to Red Hat.

The command neteye node tags set, used to record the data required, will be installed during the upgrade. This means that the Upgrade process will interrupt to allow you to use the command and register the data, after which you can resume the upgrade.

Make sure to have all these data at hand during the Upgrade process; if you do not know some or all of them, please refer to the official channels: sales, consultants, or support portal to receive them.

Elastic Stack

JVM Options

From NetEye 4.24 onwards, the JVM options file /neteye/local/elasticsearch/conf/jvm.options contains now only the standard options shipped by Elastic, with all other additional options placed in separated options files inside the /neteye/local/elasticsearch/conf/jvm.options.d/ folder, including NetEye default ones. In case custom options were present in the /neteye/local/elasticsearch/conf/jvm.options file, an rpmsave file will be created and the customizations must be migrated to an .options file in the /neteye/local/elasticsearch/conf/jvm.options.d/ folder, for example /neteye/local/elasticsearch/conf/jvm.options.d/02_custom_jvm.options. In case of a cluster, this operation must be performed on all nodes where Elasticsearch is installed.

If you would like to specify or override some options, please refer to Section Elasticsearch JVM Optimization of the User Guide.

Netflow Filebeat module

The 4.24 version of NetEye introduces the possibility to modify the Netflow Filebeat module parameters: its status (enabled or disabled), host and port, without generating an rpmnew file during future updates or file renaming, preventing its re-installation in an enabled state. This ability is achieved by adopting environment variables with default values, which can be overridden by defining them in the /neteye/shared/filebeat/conf/sysconfig/filebeat-user-customization file, as described in Section Filebeat Netflow module specific configuration.

Logstash pipelines configurations

With the new Elastic Stack version, Logstash pipelines configuration files are now set as NetEye config files, resulting in users customizations being preserved during updates. Indeed the logic behind the storage of Logstash credentials has been completely reworked and they are now saved as environmental variables. Therefore, during this update, the following four rpmnew files, that need to be migrated are introduced:

/neteye/shared/logstash/conf/conf.auditbeat.d/1_f020_enrich_host.filter.rpmnew
/neteye/shared/logstash/conf/conf.filebeat.d/1_f020_enrich_host.filter.rpmnew
/neteye/shared/logstash/conf/conf.winlogbeat.d/1_f020_enrich_host.filter.rpmnew
/neteye/shared/logstash/conf/conf.ebp.d/2_o01_ebp_proxy.output.rpmnew

More details on how Logstash pipelines configurations can now be more easily customized can be found in Section Logstash Configuration.

NetEye Single Node Upgrade Procedure

Note

Recall that the upgrade process will be stopped to allow you to provide tags for registration to Red Hat and Red Hat Insights. Refer to Section Breaking Changes for more information.

To perform the upgrade, run from the command line the command:

neteye# (nohup neteye upgrade &) && tail --retry -f nohup.out

All the tasks carried out by the command are listed in section neteye upgrade; a dedicated section provides directions in case the command fails.

Additional Tasks

This section lists the tasks that must be carried out manually, because they are not part of the neteye upgrade command.

In this release, no additional task is required.