Skip to main content
Skip table of contents

Upgrade a LogRhythm Deployment

This guide describes the upgrade procedure to the current version of LogRhythm SIEM using the Database Upgrade Tool and the LogRhythm Install Wizard. The Database Upgrade Tool upgrades your LogRhythm databases, and the Install Wizard upgrades the LogRhythm components.

Customers who are upgrading from 7.5 or prior and who have a warm node Data Indexer configuration in their deployment should contact LogRhythm Customer Support after their upgrade.

If you are upgrading from 7.1 or 7.2, you will lose your existing ElasticSearch indices when upgrading to the current version of LogRhythm SIEM. Before upgrading to the current version, let ElasticSearch TTL out. Doing this will allow the old ElasticSearch indices to be deleted, and the new compatible ElasticSearch indices to be added. If you do not do this, the new ElasticSearch will not be compatible with the indices, and therefore cannot search them. This is not necessary when upgrading from 7.3 or later, as those indices are compatible.

Supported Upgrade Path

  • Core Components. You can upgrade to the current version of LogRhythm SIEM from versions 7.4.x or later.

    If you are running LogRhythm 7.3.x, 7.2.x, or 7.1.x, you must first upgrade to 7.4.10 and then upgrade to the current version. You must request a 7.4.10 license even for this "interim" upgrade. For 7.4 upgrade guides, please visit the Documentation & Downloads section of the LogRhythm Community, click the SIEM tab, click the 7.4 tab, and then select a 7.4 version.
  • Web Console. Upgrades from 6.3.3 and earlier are not supported. You will need to uninstall according to the instructions in the Installation Guide for your version, then perform a fresh installation using the instructions in the LogRhythm Software Installation Guide.

High Availability and Disaster Recovery Upgrades

This guide should only be used to upgrade standard LogRhythm systems to the current version. If your deployment includes LogRhythm’s HA or DR solution, switch to the relevant guide.

Existing Components

This upgrade guide describes how to update the following LogRhythm components:

  • Alarming and Response Manager
  • Job Manager
  • Mediator Server
  • Client Console
  • AI Engine
  • Data Indexer
  • Knowledge Base
  • All LogRhythm Databases
  • All Windows and *NIX System Monitor Agents

If any of the following procedures are unclear, if you require assistance with your upgrade, or if you encounter an unexpected error, contact LogRhythm Customer Support.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.