Skip to main content
Skip table of contents

Upgrade the Open Collector Operating System

Open Collector supports multiple different operating systems with some dating back to RHEL/CentOS 7.x which are reaching end-of-life. LogRhythm encourages all customers to consider migrating off of RHEL/CentOS 7, which will be considered End Of Life by the Red Hat foundation on June 30, 2024. LogRhythm will continue to support customers running CentOS in a “best effort” basis following the End-Of-Life. As with any OS upgrade, please proceed carefully and ensure that backups or restore points are created to leverage in the event the upgrade fails or is not successful. If you have any questions or concerns about this process, please contact LogRhythm's Customer Success team for clarification or guidance.

RHEL 7.x to RHEL 8/9

For customers using RHEL 7.x which is licensed through the Red Hat Foundation you can find an online upgrade guide to RHEL 8 here. LogRhythm does not provide operating system level support for RHEL, if you are running RHEL all support for that operating system is covered under your support agreement with RHEL. LogRhythm has not and does not have the ability to validate this upgrade process independently, use at your own discretion.

CentOS 7.x to Rocky 9.x

There is no supported online migration path from CentOS 7.x to Rocky 9.x so this will require your Open Collector to be rebuilt/reimaged and reinstalled. Recent releases of Open Collector and LR 7.x SIEM have added support for new log delivery architectures from Open Collector along with support of OC configuration within the Web Console. If your Open Collector was built using the old method (CLI managed, syslog output to system monitor agent) and you are not using custom beats, we recommend you migrate to the new method (web managed, JSON output to system monitor agent).

Migration Option 1 (web/JSON)

This migration option requires reconfiguration of all active beats and does not support an export/import function. You will be able to directly view/copy out configuration values for every beat then re-enter them when configuring the SIEM connection. Configuration values that are encrypted (keys, passwords, etc) are not recoverable for this migration, you will need to re-source or re-generate those values.

  1. List all beats

    CODE
    ./lrctl status
  2. For each beat you will need to view and copy the configuration. Keys and sensitive data will be obfuscated and will have to be regenerated from source application or pulled from a previously recorded location (password/key vault)

    CODE
    ./lrctl <beatname> config view
  3. Build the new Open Collector Virtual Machine Install Open Collector Operating System

  4. Install the Open Collector Install the Open Collector

  5. Configure the Open Collector connection to the SIEM using the WebUI method Configure Open Collector Connection to the SIEM (WebUI)

  6. Reconfigure each beat from within the WebUI, you will be prompted to enter the configuration values from step 2, for encrypted values you will need to regenerate those from source or pull from a previously recorded location

Migration Option 2 (Legacy-Syslog)

Customers using OC Admin, custom beats or LogRhythm SIEM versions prior to 7.14 should continue using the Legacy OC deployment method which performs the JSON>Syslog conversion locally and is managed using CLI (or through OC Admin). This method allows for export/import if the beat configurations including encrypted key values.

  1. List all beats

    CODE
    ./lrctl status
  2. Record and export the OC configuration which will include any custom transforms

    CODE
    ./lrctl oc config export --outfile oc-configexport.yml
  3. For each beat you will need to export the configuration. Keys and sensitive data will be encrypted however these will be re-read on import, you should not need to record or regenerate these values

    CODE
    ./lrctl <beatname> config export --outfile beatname-configexport.yml
  4. Copy your OC and beat configuration files off the OC machine using SCP or similar

  5. Build the new Open Collector Virtual Machine Install Open Collector Operating System

  6. Install the Open Collector Install the Open Collector

  7. Configure the Open Collector connection to the SIEM using the Legacy-Syslog method Configure Open Collector Connection to the SIEM (Legacy-Syslog)

  8. Import your OC Configuration

    CODE
    cat oc-configexport.yml | ./lrctl oc config import
  9. Import your Beat Configuration(s), repeat for each file/beat you exported previously

    CODE
    cat beatname-configexport.yml | ./lrctl <beatname> config import
  10. Restart your OC and start all Beat containers

    CODE
    ./lrctl oc restart
    ./lrctl <beatname> start


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.