User Guide

Update Procedure

This guide will lead you through the steps of updating NetEye.

Prerequisites

  1. NetEye must be up and running in a healthy state.

  2. Disk Space required:

    • 3GB for / and /var

    • 150MB for /boot

  3. If the SIEM module is installed:

    • The rubygems.org domain should be reachable by the NetEye Master only during the update/upgrade procedure. This domain is needed to update additional Logstash plugins and thus is required only if you manually installed any Logstash plugin that is not present by default.

    • The port TCP 5045 should be open to Logstash as input for Elastic Agent incoming logs

    • In case before NetEye 4.33 custom Fleet policies were applied to the Elastic Agents running on the NetEye Master nodes, remember to complete the migration of the policies to NetEye official ones (see the 4.33 upgrade guide), since the upgrade to NetEye 4.34 will enforce the usage of the NetEye official policies if those haven’t been applied.

Update NetEye Single Instance

  1. Run the update command:

    neteye# nohup neteye update
    

    After the command was executed, the output will inform if the update was successful or not:

    • In case of successful update you might need to restart NetEye to properly apply the updates. If the reboot is not needed, please skip the next step.

    • In case the command fails refer to the troubleshooting section.

  2. Reboot the node to apply the updates correctly if required:

    neteye# neteye node reboot
    
  3. Finally, to ensure that any potentially stopped and/or newly installed NetEye services are running, use the command

    neteye# neteye start
    

Update NetEye Cluster

Updating a cluster will take a nontrivial amount of time, however no downtime needs to be planned. During the update, individual nodes will be put into standby mode. Thus, overall performance will be degraded until the upgrade is completed and all nodes are revoked from standby mode. Granted the environment connectivity is seamless, the update procedure may take up to 15 minutes per node.

1. Run the Update

The Cluster Update is carried out by running the following command:

cluster# (nohup neteye update &) && tail --retry -f nohup.out

Warning

If the SIEM feature module is installed and a new version of Elasticsearch is available, please note that the procedure will update one node at the time and wait for the Elasticsearch cluster health status to turn green before proceeding with the next node. For more information, please consult the dedicated section.

After the command was executed, the output will inform if the update was successful or not:

  • In case of successful update you might need to restart the nodes to properly apply the updates. If the reboot is not needed, please skip the next step.

  • In case the command fails refer to the troubleshooting section.

2. Reboot Nodes

Restart each node, one at a time, to apply the updates correctly.

  1. Run the reboot command

    cluster-node-N# neteye node reboot
    
  2. In case of a standard NetEye node, put it back online once the reboot is finished

    cluster-node-N# pcs node unstandby --wait=300
    

You can now reboot the next node.

3. Cluster Reactivation

At this point you can proceed to restore the cluster to high availability operation.

  1. Bring all cluster nodes back out of standby with this command on the last standard node

    cluster# pcs node unstandby --all --wait=300
    cluster# echo $?
    
    0
    

    If the exit code is different from 0, some nodes have not been reactivated, so please make sure that all nodes are active before proceeding.

  2. Run the checks in the section Checking that the Cluster Status is Normal. If any of the above checks fail, please call our service and support team before proceeding.

  3. Re-enable fencing on the last standard node, if it was enabled prior to the update:

    cluster# pcs property set stonith-enabled=true
    

NetEye Satellites

Prerequisites

  1. To update a Satellite it is required to have the configuration archive located in /root/satellite-setup/config/<neteye_release>/satellite-config.tar.gz.

1. Run the Update

To automatically download the latest update you can run the following command on the Satellite:

sat# neteye satellite update

After the command was executed, the output will inform if the update was successful or not:

  • In case of successful upgrade you might need to restart NetEye to properly apply the updates. If the reboot is not needed, please skip the next step.

  • In case the command fails refer to the troubleshooting section.

2. Reboot

Restart NetEye to apply the updates correctly.

sat# neteye node reboot

3. Setup

Execute the command below to setup the Satellite with the new updates:

sat# neteye satellite setup

DPO Machine

It is possible to update the Docker image used on the DPO machine, by running, on a NetEye Master node, the following command:

neteye# neteye dpo setup

The command updates the container image at every execution, ensuring you are using the latest available image matching your NetEye version, and restarts the already configured containers with the updated image.