The LogRhythm Database Upgrade Tool is packaged in a .ZIP file. After downloading the file, extract it using a tool such as WinZip and place the files on the local drive of your XM and Platform Manager. You must upgrade all of the LogRhythm databases using the Database Upgrade Tool. If you have an XM appliance, you only need to run the tool on the XM appliance.
If ALL databases are mirrored, you only need to run the Database Upgrade Tool on your Active XM or Platform Manager appliance. If any databases are not mirrored, you must upgrade the primary databases, failover to the secondary, and repeat steps to run the LogRhythm Database Upgrade Tool.
- Log in to the appliance as an administrator.
- Locate the directory on the appliance where you extracted the Database Upgrade Tool.
Right-click LogRhythmDatabaseUpgradeSetup.exe, and then click Run as administrator.The account that runs the Database Upgrade Tool must have the following rights: the right to back up files and directories and the right to manage auditing and the security log. If you are unsure, contact your system administrator.
- If possible, run the installer as a local administrator instead of a domain administrator.
If Microsoft .NET Framework 4.7.2 or higher is not installed, an error message is displayed. If necessary, install .NET Framework 4.7.2 and run the LogRhythm Database Upgrade Tool again.
- The Introduction screen appears. Before you begin, ensure that your system meets all the prerequisites.
- To proceed, click Next.
The Database Upgrade Tool displays a confirmation dialog box: Are you sure you understand these instructions and are ready to proceed with the upgrade?
- Click Yes.
The Login screen appears.
Select SQL Server Authentication and provide the password for the sa and LogRhythmAdmin accounts.Do not use Windows Authentication for the database upgrade.
Click Next. The Database Upgrade Tool validates your credentials against the database. If validation fails, an error message appears and you must enter the proper credentials.
The Review Components screen displays the current services and database versions. This page provides you with information about installed LogRhythm services, their current state, and their version. All databases on the server are listed including the type, version, host name, and an estimate of how long it will take to upgrade the database.
There are no changes required on this screen.
- To proceed, click Next.
The Backup Databases screen appears.
- Select the Backup check box for each of the databases that you want to back up later in the upgrade process.
- By default, the LogRhythm EMDB database is selected and must be backed up. During the upgrade, all database data is retained. As an additional precaution, you can choose to backup additional databases.
- Generally, the backup process can be completed in about an hour, but it may take much longer for very large databases.
- If you clear the check box and click Next, the following message appears and the LogRhythmEMDB database is selected after you click OK: Performing a backup of the LogRhythmEMDB database is required.
To select a directory for the database backups, click Browse.The SQL Server service must have permission to write to this folder.
- If you select additional databases, the following message appears: You have elected to backup an additional database. These databases can be very large. Ensure that the backup location has sufficient space to store the backups.
- If you do not have enough space, change the location or clear the check boxes of any databases that you do not want to back up.
The Upgrade Databases screen appears.
To proceed, click Upgrade.
When the upgrade is finished, the LogRhythm Database Upgrade Tool confirmation message appears.
- To close the message and continue, click OK.
The Complete screen appears.
- To see upgrade logs, click View log files.
- To see script output, click View script output.
To exit the Database Upgrade Tool, click Close.
Install SQL Server Updates to Support TLS 1.2 Communication
Before applying updates to enable TLS 1.2 communication between SQL Server and LogRhythm SIEM components, your Platform Manager (Event Manager) must be running SQL Server 2008 R2 SP3 — SQL Server 2012 SP3 is acceptable, though it is not officially supported.
After ensuring that your base deployment meets the above requirements, you must apply patches to the Platform Manager and any appliances or computers that connect to SQL Server on the Platform Manager.
Apply SQL Server Hotfix to the Platform Manager
The SQL Server hotfix installer, SQLServer2008R2-KB3144114-x64.exe, is provided in Microsoft HotFix Self-Extractor 490329_intl_x64_zip.exe.
To apply the SQL Server hotfix to the Platform Manager:
- Log in to the Platform Manager as an administrator.
- Stop the SQL Server (MSSQLSERVER) service. Doing so also stops the SQL Server Agent (MSSQLSERVER) service.
- Browse to the directory where you copied SQLServer2008R2-KB3144114-x64.exe.
- Right-click SQLServer2008R2-KB3144114-x64.exe, and then click Run as administrator.
The SQL Server 2008 R2 update wizard appears.
- Follow the steps in the installation wizard until the SQL Server 2008 R2 update is complete.
- Start the SQL Server (MSSQLSERVER) service and SQL Server Agent (MSSQLSERVER) service.
Apply SQL Server Native Client Hotfix to the Platform Manager
The SQL Server Native Client hotfix installer, sqlncli.msi, is provided in Microsoft HotFix Self-Extractor 489678_ENU_x64_zip.exe. To apply the SQL Server Native Client hotfix, do the following on each appliance or computer that connects to SQL Server on the Platform Manager — AI Engine, Data Processor, Windows Data Indexer, Web Console, Client Console:
- Log in to the appliance or computer as an administrator.
- Browse to the directory where you copied sqlncli.msi.
- Double-click sqlncli.msi.
If the hotfix is required, you are prompted to run SQL Server 2008 R2 Native Client Setup.
Click Yes to continue, and follow the steps in the installation wizard until the SQL Server 2008 R2 Native Client update is complete.If a higher version of SQL Server Native Client is detected, the installer indicates it. In this case, you do not need to install the hotfix.