User Guide

Single Node Upgrade from 4.41 to 4.42

This guide will lead you through the steps specific for upgrading a NetEye Single Node installation from version 4.41 to 4.42.

Upgrading a NetEye Single Node takes a nontrivial amount of time. Granted the environment connectivity is seamless, the upgrade procedure may take up to 30 minutes.

Warning

Remember that you must upgrade sequentially without skipping versions, therefore an upgrade to 4.42 is possible only from 4.41; for example, if you have version 4.27, you must first upgrade to the 4.28, then 4.29, and so on.

Breaking Changes

Prerequisites

Before starting the upgrade, you should read very carefully the latest release notes on NetEye’s blog and check out the features that will be changed or deprecated after the upgrade.

  1. All NetEye packages installed on a currently running version must be updated according to the update procedure prior to running the upgrade.

  2. NetEye must be up and running in a healthy state.

  3. Disk Space required:

    • 3GB for / and /var

    • 150MB for /boot

  4. If the SIEM module is installed:

    • The rubygems.org domain should be reachable by the NetEye Master only during the update/upgrade procedure. This domain is needed to update additional Logstash plugins and thus is required only if you manually installed any Logstash plugin that is not present by default.

  5. A backup of MariaDB must be performed before starting the upgrade. After the backup is taken, please confirm the operation was done by setting the corresponding flag under Configuration / Modules / neteye / Configuration

  6. To ensure the full compatibility of your configuration with MariaDB 10.11, please run the neteye node check-upgrade-prerequisites on the node where MariaDB is running, as mentioned also here.

1. Run the Upgrade

To perform the upgrade, run from the command line the following command:

neteye# (nohup neteye upgrade &) && tail --retry -f nohup.out

After the command was executed, the output will inform if the upgrade was successful or not:

  • In case of successful upgrade you might need to restart NetEye to properly apply the upgrades. If the reboot is not needed, please skip the next step.

  • In case the command fails refer to the troubleshooting section.

2. Reboot

Restart NetEye to apply the upgrades correctly.

neteye# neteye node reboot

3. Additional Tasks

Enabling of the Content-Security-Policy (CSP) header

With the upgrade to IcingaWeb2 2.12.x we allow you to enable the Content-Security-Policy (CSP) header for the NetEye web interface. The CSP header helps protect your NetEye installation from cross-site scripting (XSS) attacks. The toggle for this can be found in the NetEye web interface under Configuration > Application > Enable strict content security policy.

Warning

The strict CSP header feature must be enabled before upgrading to the next release of NetEye (4.43).

IcingaWeb2 modules migration

Please make sure that all third-party icingaweb2 modules installed on the system are compatible with the CSP policies before enabling this feature to avoid any issues.

To do it you can follow the steps below:

  1. Check and in case fix/upgrade a module.

  2. Enable the strict CSP flag from the IcingaWeb2 settings.

  3. Verify if everything is working.

  4. In case of problems:

    1. Disable the flag.

    2. Fix the incompatibilities.

    3. Repeat from step 1.

  5. Repeat the process for the next module.

SLM report styling under the Content-Security-Policy (CSP) header

With the introduction of the CSP headers, we had to make minor breaking changes to the way styling is handled in the SLM reports. SLM reports can no longer use the inline style attributes. If any were used in a custom template, they now need to be migrated to the html style elements and applied with classes. Furthermore, if any html style elements are used in the custom template, they will now need to be updated to include the icingaweb2 style nonce to be compliant with the CSP header. Please refer to the appropriate section in the customizing templates section of the documentation for more information.