Skip to main content
Skip table of contents

Open Collector Operating System Patch Management

This guide outlines the procedure for installing minor updates/patches on the Open Collector operating system.

Ensure the Open Collector is Updated

Before patching the Open Collector operating system, ensure that the Open Collector itself is updated to the latest version. For information on updating the Open Collector, refer to Upgrade the Open Collector. By default, auto-upgrade is enabled.

To avoid Beat updates during OS patching (for example, when isolating the change strictly to the operating system) run the following command before updating:

CODE 
./lrctl autoupdate disable

If auto-update is disabled, you can enable it and then restart the Open Collector to apply updates:

  1. Verify the auto-update status with the following command:

CODE 
./lrctl autoupdate status

  1. If auto-update is disabled, run the following command to enable it so that updates can be applied. Otherwise, skip to the next step.

CODE 
./lrctl autoupdate enable

  1. Restart the Open Collector using the following command to apply any updates:

CODE 
./lrctl oc restart

If Open Collector auto‑update is enabled, Open Collector and Beat updates are handled automatically during restart, eliminating the need for manual Docker or Beat upgrades. This minimizes downtime by allowing updates during service restarts rather than requiring full system reboots, while still permitting a full reboot when kernel patches require it. When planning to update the Open Collector container in conjunction with operating system patching, always run the "./lrctl oc restart" command first to ensure the environment is updated and stable before applying operating system-level changes.

Open Collector Operating System Patching

To patch the Open Collector operating system:

  1. Document the Beats that are currently running with the following command:

CODE 
docker ps

  1. Stop the Open Collector and all Beats with the following commands:

CODE 
./lrctl oc stop
./lrctl metrics stop
./lrctl <beatname> stop

Run the <beatname> stop command for each individual running Beat.

  1. Apply operating system patches uses the following command, or the equivalent package manager:

CODE 
sudo dnf update

It may be required to reboot the operating system at this stage, if prompted.

  1. After the server reboots, restore the Open Collector and Beats using the following commands:

CODE 
./lrctl oc restart
./lrctl metrics restart
./lrctl <beatname> restart

Run the <beatname> restart command for each individual Beat.

  1. Verify that all services are running correctly using the following command:

CODE 
docker ps

If any issues arise, you can check the logs using the following commands:

CODE 
./lrctl oc logs
./lrctl metrics logs
./lrctl <beatname> logs

  1. Confirm that logs are flowing into the SIEM by validating data through the corresponding System Monitor agent.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close