Skip to main content
Skip table of contents

Prepare to Upgrade an HA + DR Deployment

Download the LR Database Upgrade Tool

Download the LogRhythm Database Upgrade Tool from the LogRhythm Community. You must create a user account if you do not already have one.

The Database Upgrade Tool is packaged in a .zip archive. After downloading the archive, copy it to each XM or Platform Manager appliance or server that you want to upgrade, and then extract the contents of the archive into a new directory.

Download the LR Install Wizard

The LogRhythm Install Wizard can install any supported combination of the LogRhythm components on an appliance or server. You can download the Install Wizard from the LogRhythm Community.

The Install Wizard is packaged in a .zip archive. After downloading the archive, copy it to each appliance or server that you want to upgrade, and then extract the contents of the archive into a new directory.

Each of the LogRhythm component installers are included with the Install Wizard. They can be found in the Installers directory where you extracted the archive.

Exit all Client Consoles

Client Consoles running on all systems should be closed.

SIOS DataKeeper and LifeKeeper at Version 8.7

Your SIOS product versions must be at least version 8.6. Version 8.7.0 is included and automatically installed with the installer scripts.

If you need to add DataKeeper or LifeKeeper manually, you can download the SIOS setup files from the LogRhythm Community, and they must be run on both nodes in the HA pair. A reboot after the installation is required. To minimize downtime:

  1. Run the installer on Node 1 (the active system) and then reboot Node 1.
  2. Failover resources from Node 1 to Node 2.
  3. Install on Node 2 and then reboot Node 2.

Address Pending Restarts

If there are updates or restarts pending on the Windows server, you must address them prior to performing an upgrade on SQL or LogRhythm. Address any other updates or actions requiring a restart before the upgrade.

Record Service Credentials

If the LogRhythm services in your deployment use Windows accounts, you need the account name and password to complete this upgrade.

  1. To see if a service is running under a Windows account, click Start, click All Programs, click Administrative Tools, and then click Services.
  2. Double-click a LogRhythm service.
  3. In Service Properties, click the Log On tab. If the This account option button is selected, this service is running under Windows credentials.
  4. For each LogRhythm service, note the account name and obtain the account password from your network administrator.

Shutdown Antivirus and Endpoint Protection Software

Shut down any antivirus or endpoint protection software you have running on all LogRhythm systems.

In the case of endpoint protection software, you may need to uninstall the software from all LogRhythm systems as it has been known to interfere with the LogRhythm solution.

When the LogRhythm installation is complete, you can enable or install antivirus or endpoint protection software again.


Synchronize the Stored Knowledge Base

If a Knowledge Base has been downloaded but not synchronized, synchronize it before starting the upgrade. If you do not have a downloaded Knowledge Base, you can skip this step.

  1. Log on to a system where the Client Console is installed.
  2. Start the Client Console.
  3. On the Tools menu, click Knowledge, and then click Knowledge Base Manager.
    The Knowledge Base Manager appears. If a downloaded Knowledge Base is ready for synchronization, a notice is displayed at the top of the window.
  4. Click Synchronize Stored Knowledge Base.
    The Knowledge Base Import Wizard appears and starts unpacking and validating the Knowledge Base file. The file is checked for compatibility with your current deployment and prepared for import. This may take several minutes.
    When finished, the Unpack Progress: Knowledge Base unpacked message appears.
  5. To Import the Knowledge Base, click Next.
  6. In the Knowledge Base Updated dialog box, click OK.
  7. In the Knowledge Base Import Wizard, click Close.
  8. Perform either of the following procedures as needed:
    • To enable the Knowledge Base Modules and synchronize them, perform the following steps:
      1. Select the Action check boxes next to the modules you want.
      2. Right-click the grid, click Actions, and then click Enable Module.
        The Enable Selected Modules dialogue box appears.
      3. Select the options you want, and then click OK.
        The Enable Modules box displays a confirmation message.
      4. To start the synchronization, click Yes.
      5. When complete, click Close to close the Import Wizard.
    • To Migrate Common Event Changes, perform any of the following steps as needed:

      If you are not familiar with the customizations which have been made to your deployment, you should not proceed with the import until such knowledge is acquired or contact LogRhythm Customer Support for assistance. For more information, see Migrate Common Events.

      If Action Required is displayed, some items need to be updated due to Common Event migration changes. Follow the instructions below. If Action Required is not displayed, go to step 9.

      1. Click Common Event Change Manager.
      2. Perform any of the following procedures as needed:
        • To migrate a Common Event with a preview, select the Action check box for the item. Right-click the grid, click Migrate with Preview, and then click Migrate Common Event to Common Event or Common Event to MPE Rule.
        • To migrate a Common Event without a preview, select the Action check box for the item. Right-click the grid, click Action, and then click Migrate Common Event to Common Event or Migrate Common Event to MPE Rule.
        • To ignore the Common Events, select the Action check box for the item. Right-click the grid, click Action, and then click Ignore. When this option is selected, items checked in the grid are ignored during future Common Event Migration checks. The items no longer appear in the Common Event Change Manager.
      3.  To close the Common Event Change Manager, click Close.
  9. To view the Synchronization History, click View Synchronization History.
  10. Click Close.
  11. To close the Knowledge Base Manager, click OK.

Run the Pre-Upgrade Script on Each HA Node

If not already done, download the HA Upgrade 10.1 zip file from the LogRhythm Community.

  1. On the Primary HA node, browse to where the HA Upgrade 10.1 zip file was saved.
  2. Extract the files from the HA Upgrade 10.1 zip file. When the files are extracted, they are stored in the HA Upgrade 10.1 subdirectory.
  3. Browse to the HA Upgrade 10.1 subdirectory.
  4. Right-click the PreUpgrade.ps1 file and then click Run with PowerShell.
  5. When the script completes, complete the steps again on the Secondary Node.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.