Breadcrumbs

Disaster Recovery Upgrade Checklist

This checklist can be used to record your progress throughout the process of upgrading a LogRhythm Disaster Recovery deployment.

Prerequisites Verification

System Requirements

  • [ ] Verify both Primary and Secondary sites are running the same LogRhythm software version

  • [ ] Confirm Windows Server 2016, 2019, or 2022 is running on Windows-based appliances

  • [ ] Verify SQL Server 2016, 2019, or 2022 Standard is installed on Platform Manager

  • [ ] Confirm Microsoft .NET Framework 4.7.2 is installed on Platform Manager and core components

  • [ ] Verify Microsoft .NET Core 8.0.3+ is installed on Data Processor and AI Engine services

  • [ ] Check Active Directory domain requirements (both servers joined to same domain)

  • [ ] Verify DNS server access within Active Directory Domain

  • [ ] Confirm firewall ports/protocols are allowed through Windows firewall:

    • [ ] UDP 3343 (Cluster Service)

    • [ ] TCP 3343 (Cluster Service)

    • [ ] TCP 135 (RPC)

    • [ ] UDP 137 (Cluster Administrator)

    • [ ] TCP 445 (Windows Host)

    • [ ] UDP 1024-65535 (Ephemeral Ports)

    • [ ] TCP 49152-65535 (Ephemeral Ports)

    • [ ] TCP 5022 (SQL Replication)

    • [ ] TCP 1433 (MSSQL)

    • [ ] ICMP Echo Request/Reply

Account Configuration

  • [ ] Ensure upgrade user is an Active Directory account with administrative privileges on both servers

  • [ ] Confirm SQL Server and SQL Server Agent Services are configured with Active Directory account with local admin privileges

  • [ ] Verify SQL Server password for LogRhythmAdmin account

  • [ ] Confirm SQL Server sa password for LogRhythm databases

  • [ ] Check that upgrade user has required permissions:

    • [ ] Back up/restore files and directories

    • [ ] Manage auditing and security log

    • [ ] Take ownership of files or other objects

    • [ ] Shut down the system and debug programs

Network Configuration

  • [ ] Verify Failover Cluster IP addresses in multi-subnet scenario

  • [ ] Check the status of databases in DR Control application (should be Synchronized or Synchronizing)

Pre-Upgrade Tasks

  • [ ] Record service credentials for SQL Server, SQL Server Agent, and LogRhythm Service Registry

  • [ ] Request LogRhythm license file at least one business day prior to upgrade

  • [ ] Modify web.config for LR API (if using LR API)

  • [ ] Note Web Console environmental variables (if overriding Configuration Manager settings)

  • [ ] Record Platform Manager IP, LogRhythm Web UI password, and login warning banner

  • [ ] Synchronize stored Knowledge Base (if downloaded but not synchronized)

  • [ ] Configure System Monitor service to Startup Type = Automatic

  • [ ] Shut down antivirus and endpoint protection software

  • [ ] Exit all LogRhythm Client Consoles

Download Required Software

  • [ ] LogRhythm Database Upgrade Tool

  • [ ] Disaster Recovery Upgrade Tool

  • [ ] LogRhythm Install Wizard

  • [ ] Linux Data Indexer Installer (if applicable)

  • [ ] TLS 1.2 Patches and Hotfixes

  • [ ] Optional: System Monitor Packages for *NIX

  • [ ] Optional: Threat Intelligence Service, TrueIdentity Sync Client, SOAP API

Upgrade Process

Stop LogRhythm Services

  • [ ] Stop Platform Manager services

  • [ ] Stop Alarming and Response Manager (Job Manager, AI Engine Cache Drilldown)

  • [ ] Stop Data Processor services (Mediator Server Service)

  • [ ] Stop AI Engine services (AI Engine, AI Engine Communication Manager)

  • [ ] Stop Web Console services (Web Services Host API, Web Indexer, Web Console UI, Web Console API, Case API)

  • [ ] Optional: Stop Kibana

Database and DR Upgrade

  • [ ] Run LogRhythm Database Upgrade Tool on primary PM/XM

    • [ ] Select SQL Server Authentication (not Windows Authentication)

    • [ ] Provide sa and LogRhythmAdmin passwords

    • [ ] Review components screen

    • [ ] Back up LogRhythm EMDB database (required)

    • [ ] Back up additional databases (optional)

    • [ ] Complete upgrade process

  • [ ] Run DR Upgrade script on both servers:

    • [ ] Unzip the DR Upgrade.zip

    • [ ] Run DR_Upgrade.ps1 script as administrator

    • [ ] Provide sysadmin credentials when prompted

Upgrade LogRhythm Appliances

  • [ ] Run LogRhythm Install Wizard on primary PM/XM

  • [ ] In LogRhythm Deployment Tool:

    • [ ] Select "Yes" for Disaster Recovery when prompted

    • [ ] Provide FQDN of DR Cluster

    • [ ] Add Management IP address of each DR server as separate hosts

    • [ ] Create Deployment Package

    • [ ] Run Host Installer on Primary Host

  • [ ] On Secondary host:

    • [ ] Copy deployment package (Windows executable and plan file)

    • [ ] Run lrii_windows.exe /dr-secondary from elevated command prompt

    • [ ] Verify command completes without errors

  • [ ] Return to Primary DR server and select "Verify Status"

  • [ ] Verify LogRhythm Service Registry service is using appropriate service account

  • [ ] Run LogRhythm Install Wizard on secondary node

    • [ ] Click "Exit" when LogRhythm Infrastructure Installer opens

Configure Data Indexer (if applicable)

  • [ ] Configure proxy connection for Indexer upgrades (if behind proxy server)

  • [ ] Configure for dark sites without internet access (if applicable)

  • [ ] Upgrade single-node or multi-node cluster as appropriate

  • [ ] Validate Linux Indexer upgrade by checking logs

Post-Upgrade Procedures

System Configuration

  • [ ] Reboot all machines in the DR deployment

  • [ ] Import LogRhythm license file

  • [ ] Start LogRhythm components:

    • [ ] On Windows Data Indexer, run start-allservices.bat

    • [ ] Start all LogRhythm services via Services Control Panel

    • [ ] On Linux Data Indexers, run start-all-services-linux.sh

  • [ ] Upgrade and start other agents (Windows and Linux System Monitors)

System Verification

  • [ ] Confirm all LogRhythm services started successfully

    • [ ] Only services set to Startup Type = Automatic should be started on secondary PM/XM

  • [ ] Verify "All Services Up" appears in Configuration Manager (may take up to 5 minutes)

  • [ ] Check databases status in DR Control application (should be Synchronized or Synchronizing)

  • [ ] Verify Data Processors are processing logs (localhost:3000 > Pipeline > Mediator)

  • [ ] Confirm DX cluster is green or yellow (localhost:3000 > Data Indexer > Maintenance)

  • [ ] Verify logs are being indexed into DX cluster (localhost:3000 > Data Indexer > Logs Indexing)

  • [ ] Confirm AIE servers are receiving and processing data (localhost:3000 > AIE > AIE Metrics)

  • [ ] Test Web Console functionality:

    • [ ] Check data on key dashboards

    • [ ] Run search with Last 30 minutes timeframe

    • [ ] Verify AIE correlation rules trigger alarms correctly

  • [ ] Complete a failover to confirm functionality on the new version

Additional Post-Upgrade Tasks

  • [ ] Configure or verify communication ports

    • [ ] Remote Console access (TCP 13130, 13132)

    • [ ] Linux Data Indexer ports

    • [ ] Windows Data Indexer ports

  • [ ] Add realtime antivirus exclusions for LogRhythm directories

  • [ ] Verify Web Console processes are running

  • [ ] Set Knowledge Base downloads to automatic

  • [ ] Remove FIM state file (if applicable)

XM Environment Additional Considerations

  • [ ] Verify Data Processor record in Deployment Manager

  • [ ] Confirm Data Indexer cluster name configuration

  • [ ] Validate AI Engine server configuration