Skip to main content
Skip table of contents

Disaster Recovery Upgrade Overview

This page is meant to be used as a high-level guide outlining the steps required to upgrade a LogRhythm Disaster Recovery (DR) deployment. For more complete instructions, use the individual pages outlined in the Contents section of Upgrade a LogRhythm Disaster Recovery Deployment.

Prepare for the Upgrade

  • Download the latest version of the LogRhythm DR Upgrade Guide.

  • Review DR requirements (Domain accounts, DNS, IP addresses, firewall ports).

  • Review upgrade requirements and considerations:

    • Schedule upgrade and plan downtime.

    • Verify FIPS Mode support (not supported on combined HA+DR).

    • Check Core services and Client Console compatibility.

    • Review SQL Server security hardening impacts.

    • Verify System Monitor Agent considerations.

    • Check OS requirements (Windows Server 2016, 2019, or 2022).

    • Verify Microsoft .NET Framework 4.7.2 requirements.

    • Review Web Console prerequisites.

  • Ensure Administrator credentials are available:

    • Local Administrator privileges for LogRhythm servers.

    • SQL Server password for LogRhythmAdmin account.

    • SQL Server sa password for LogRhythm Databases.

    • LogRhythm Service accounts credentials.

  • Download required software:

    • Disaster Recovery Upgrade Tool

    • LogRhythm Database Upgrade Tool

    • LogRhythm Install Wizard

    • Linux Data Indexer Installer (if applicable)

    • Optional: System Monitor Packages, Threat Intelligence Service, TrueIdentity Sync Client

  • Verify all required databases are in Synchronized or Synchronizing status in DR Control

  • Record service credentials for:

    • SQL Server

    • SQL Server Agent

    • LogRhythm Service Registry

  • Request the LogRhythm license file at least one business day prior to upgrade.

  • Record Platform Manager IP, LogRhythm Web UI password, and login warning banner.

  • Synchronize stored Knowledge Base (if applicable).

  • Configure System Monitor service to “Startup Type = Automatic.”

  • Verify deployment status in the LogRhythm Infrastructure Installer.

  • Shut down antivirus and endpoint protection software.

  • Exit all LogRhythm Client Consoles.

Upgrade the LogRhythm Deployment

Stop LogRhythm Services

  • Stop LogRhythm core services on all Windows appliances:

    • Platform Manager Servers

    • Alarming and Response Manager (Job Manager, AI Engine Cache Drilldown)

    • Data Processor Servers (Mediator Server Service)

    • AI Engine Servers (AI Engine, AI Engine Communication Manager)

    • Web Console Servers (Web Services Host API, Web Indexer, Web Console UI, Web Console API, Case API)

    • Optional: Kibana

  • Exit all LogRhythm Client Consoles.

System Monitor Agents can remain running during the upgrade.

Database and DR Upgrade

  • Run the LogRhythm Database Upgrade Tool on the primary PM/XM.

  • Run the DR Upgrade script on both servers:

    1. Unzip the DR Upgrade.zip.

    2. Run the DR_Upgrade.ps1 script as an administrator.

    3. Provide sysadmin credentials when prompted.

Upgrade LogRhythm Appliances

  • Run the LogRhythm Install Wizard on primary PM/XM.

  • Configure remaining hosts with LogRhythm Infrastructure Installer:

    • Platform Managers (run on secondary PM/XM with /dr-secondary flag)

    • Data Processors

    • AI Engine Servers

    • Web Console Servers

    • Data Indexers (including Linux Data Indexers if applicable)

  • Run the LogRhythm Install Wizard on remaining Windows appliances.

  • When prompted on the secondary PM/XM, click Exit when the LogRhythm Infrastructure Installer opens.

Post-Upgrade Procedures

  • Restart upgraded systems.

  • Import the LogRhythm license file.

  • Start LogRhythm components:

    • On Windows Data Indexers, run start-allservices.bat.

    • Start all LogRhythm services in the Services Control Panel.

    • On Linux Data Indexers, run start-all-services-linux.sh.

Verify the Upgrade

  • Confirm all LogRhythm services started successfully.

    • Verify only services with “Startup Type = Automatic” are started on secondary PM/XM.

  • Verify “All Services Up” appears in the Configuration Manager (may take up to 5 minutes).

  • Confirm all required databases show Synchronized or Synchronizing status in DR Control.

  • Check that Data Processors are processing logs (Platform Manager web interface, port 3000).

  • Verify DX cluster status is green or yellow (may initially be red after upgrade).

  • Confirm logs are being indexed into the DX cluster.

  • Verify AIE servers are receiving and processing data.

  • Test Web Console:

    • Verify data appears on key dashboards.

    • Conduct a search with 30-minute timeframe to test core functionality.

    • Generate a test AIE alarm and verify it appears in Web Console.

  • Optionally, complete a failover to verify functionality on the new version.

Additional Post-Upgrade Tasks

  • Configure or verify communication ports.

  • Add realtime antivirus exclusions for LogRhythm directories.

  • Verify Web Console processes are running.

  • Set Knowledge Base downloads to automatic.

  • Remove FIM state file (if applicable).

  • Upgrade System Monitor Agents on other collectors and aggregators.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close