Breadcrumbs

Disaster Recovery Upgrade Overview

This page is meant to be used as a high-level guide outlining the steps required to upgrade a LogRhythm Disaster Recovery (DR) deployment. For more complete instructions, use the individual pages outlined in the Contents section of Upgrade a LogRhythm Disaster Recovery Deployment.

Prepare for the Upgrade

  • Download the latest version of the LogRhythm DR Upgrade Guide.

  • Review DR requirements (Domain accounts, DNS, IP addresses, firewall ports).

  • Review upgrade requirements and considerations:

    • Schedule upgrade and plan downtime.

    • Verify FIPS Mode support (not supported on combined HA+DR).

    • Check Core services and Client Console compatibility.

    • Review SQL Server security hardening impacts.

    • Verify System Monitor Agent considerations.

    • Check OS requirements (Windows Server 2016, 2019, or 2022).

    • Verify Microsoft .NET Framework 4.7.2 requirements.

    • Review Web Console prerequisites.

  • Ensure Administrator credentials are available:

    • Local Administrator privileges for LogRhythm servers.

    • SQL Server password for LogRhythmAdmin account.

    • SQL Server sa password for LogRhythm Databases.

    • LogRhythm Service accounts credentials.

  • Download required software:

    • Disaster Recovery Upgrade Tool

    • LogRhythm Database Upgrade Tool

    • LogRhythm Install Wizard

    • Linux Data Indexer Installer (if applicable)

    • Optional: System Monitor Packages, Threat Intelligence Service, TrueIdentity Sync Client

  • Verify all required databases are in Synchronized or Synchronizing status in DR Control

  • Record service credentials for:

    • SQL Server

    • SQL Server Agent

    • LogRhythm Service Registry

  • Request the LogRhythm license file at least one business day prior to upgrade.

  • Record Platform Manager IP, LogRhythm Web UI password, and login warning banner.

  • Synchronize stored Knowledge Base (if applicable).

  • Configure System Monitor service to “Startup Type = Automatic.”

  • Verify deployment status in the LogRhythm Infrastructure Installer.

  • Shut down antivirus and endpoint protection software.

  • Exit all LogRhythm Client Consoles.

Upgrade the LogRhythm Deployment

Stop LogRhythm Services

  • Stop LogRhythm core services on all Windows appliances:

    • Platform Manager Servers

    • Alarming and Response Manager (Job Manager, AI Engine Cache Drilldown)

    • Data Processor Servers (Mediator Server Service)

    • AI Engine Servers (AI Engine, AI Engine Communication Manager)

    • Web Console Servers (Web Services Host API, Web Indexer, Web Console UI, Web Console API, Case API)

    • Optional: Kibana

  • Exit all LogRhythm Client Consoles.

System Monitor Agents can remain running during the upgrade.

Database and DR Upgrade

  • Run the LogRhythm Database Upgrade Tool on the primary PM/XM.

  • Run the DR Upgrade script on both servers:

    1. Unzip the DR Upgrade.zip.

    2. Run the DR_Upgrade.ps1 script as an administrator.

    3. Provide sysadmin credentials when prompted.

Upgrade LogRhythm Appliances

  • Run the LogRhythm Install Wizard on primary PM/XM.

  • Configure remaining hosts with LogRhythm Infrastructure Installer:

    • Platform Managers (run on secondary PM/XM with /dr-secondary flag)

    • Data Processors

    • AI Engine Servers

    • Web Console Servers

    • Data Indexers (including Linux Data Indexers if applicable)

  • Run the LogRhythm Install Wizard on remaining Windows appliances.

  • When prompted on the secondary PM/XM, click Exit when the LogRhythm Infrastructure Installer opens.

Post-Upgrade Procedures

  • Restart upgraded systems.

  • Import the LogRhythm license file.

  • Start LogRhythm components:

    • On Windows Data Indexers, run start-allservices.bat.

    • Start all LogRhythm services in the Services Control Panel.

    • On Linux Data Indexers, run start-all-services-linux.sh.

Verify the Upgrade

  • Confirm all LogRhythm services started successfully.

    • Verify only services with “Startup Type = Automatic” are started on secondary PM/XM.

  • Verify “All Services Up” appears in the Configuration Manager (may take up to 5 minutes).

  • Confirm all required databases show Synchronized or Synchronizing status in DR Control.

  • Check that Data Processors are processing logs (Platform Manager web interface, port 3000).

  • Verify DX cluster status is green or yellow (may initially be red after upgrade).

  • Confirm logs are being indexed into the DX cluster.

  • Verify AIE servers are receiving and processing data.

  • Test Web Console:

    • Verify data appears on key dashboards.

    • Conduct a search with 30-minute timeframe to test core functionality.

    • Generate a test AIE alarm and verify it appears in Web Console.

  • Optionally, complete a failover to verify functionality on the new version.

Additional Post-Upgrade Tasks

  • Configure or verify communication ports.

  • Add realtime antivirus exclusions for LogRhythm directories.

  • Verify Web Console processes are running.

  • Set Knowledge Base downloads to automatic.

  • Remove FIM state file (if applicable).

  • Upgrade System Monitor Agents on other collectors and aggregators.