Skip to main content
Skip table of contents

Review the Requirements to Upgrade a DR Deployment

Disaster Recovery Requirements

Microsoft has deprecated Database Mirroring in SQL 2016, which was previously leveraged to achieve Disaster Recovery. In its place, Microsoft recommends the use of AlwaysOn Availability Groups. Microsoft’s AlwaysOn Availability Groups comprise Windows Failover Clustering and SQL Availability Groups. The introduction of AlwaysOn has introduced a number of new requirements for proper Disaster Recovery functionality:

  • Both servers participating in Disaster Recovery must be bound to an Active Directory Domain.
  • The servers must have access to a DNS server within the Active Directory Domain.
  • The user performing the Install or Upgrade of Disaster Recovery should be an Active Directory account with administrative privileges on both servers.
  • The SQL Server and SQL Server Agent Services should be configured with an Active Directory account with local administrative privileges on both servers.
  • In a multi-subnet scenario, each system will require an additional IP address to use for Windows Server Failover Clustering operation. In a single subnet scenario, only one additional IP address is required and this will be shared between servers.
  • Windows Server Failover Clustering will be enabled during DR installation--note that some systems may require a reboot to enable this feature. Windows Server Failover Clustering requires the following firewall ports/protocols to be allowed through the Windows firewall and will be enabled during DR installation. If network firewalls or Group Policy settings prevent this communication, DR installation will fail.

    Cluster ServiceUDP3343
    Cluster ServiceTCP3343
    Cluster AdministratorUDP137
    Windows Host (Windows Event Logs)TCP445
    Ephemeral PortsUDP1024-65535
    Ephemeral PortsTCP49152-65535
    SQL ReplicationTCP5022 (default)

    For additional information on the ports used by LogRhythm, see the Networking and Communication topic in the SIEM Help.

Scheduling the Upgrade

The LogRhythm core services – the Mediator, Job Manager, Alarming and Response Manager, and AI Engine (if applicable) – are offline during the upgrade process. LogRhythm recommends that you schedule the upgrade during a period when this downtime is acceptable. The LogRhythm database upgrades must be complete before the core services can be brought back online.

You should reserve one to three hours for the following upgrade tasks. The more recent your deployment is, the less time you will need.

  • Synchronize any pending Knowledge Base updates, which takes approximately 30 minutes.
  • Back up and upgrade your existing LogRhythm databases. The backup could take as little as 30 minutes or up to several hours, depending on the size and number of your databases.
  • Run the Install Wizard, which is a quick process for each appliance.
  • (Optional) Install or upgrade the Linux Data Indexer.
  • Upgrade additional Agents (besides the ones installed on LogRhythm appliances), which is recommended, but not required at the same time as the main upgrade.


FIPS certification for LogRhythm SIEM v7.8+ is in progress. The LogRhythm SIEM v7.8 submission covers two specific deployment configurations: XM and DPAWC + DX. For more information, see Federal Information Processing Standards (FIPS).

FIPS mode is not supported on HA/DR deployment configurations.

Core Service and Client Console Compatibility

Current-version LogRhythm SIEM core services – the Mediator, Job Manager, Alarming and Response Manager, and the Client Console – are not compatible with previous-version databases or previous-version LogRhythm software, except for System Monitor Agents. All Client Consoles in your environment must be upgraded to the current version of LogRhythm SIEM to be compatible with LogRhythm SIEM core services.

The Client Console is only supported on 64-bit operating systems. For more information, see the LogRhythm Component Compatibility section.

SQL Server Security Hardening Impacts

If your deployment utilizes SQL Server security hardening, this could cause problems during the upgrade or when services attempt to connect to LogRhythm databases after the upgrade.

System Monitor Agent Considerations

  • System Requirements. Some System Monitor Agents can only be run on 64-bit systems. For a list of all restrictions, see the System Monitor Operating System Support table in the System Monitor Documentation.
  • System Monitor Agent and Core Service Versions. System Monitor Agent versions can be less than or equal to the versions of the core services, but never higher than the versions of the core services. Therefore, if you are upgrading Agents to the current version of LogRhythm SIEM, do so after the core services have been upgraded and restarted.
  • System Monitor Agent Collection during Upgrade. It is best to leave all System Monitor Agents running during the upgrade, especially if they are configured to receive Syslog or NetFlow messages. These Agents continue to collect log messages that would otherwise be lost and store them locally until the core services are restarted after the upgrade.

Windows Server 2016, 2019, or 2022 Required for Windows-Based Appliances

In this version of LogRhythm, Windows Server 2016, 2019, or 2022 is required for Windows-based appliances. 

If you are running Windows Server 2016 on your appliance, there is no requirement to upgrade to Windows Server 2019 or 2022 for your system to be supported.

LogRhythm appliances typically ship with the latest Operating System license version available at the time of purchase however the Operating System installed on the appliance may be an older version. If you wish to upgrade your appliance to Windows Server 2019 or 2022 you can verify if your appliance is licensed for a newer version by checking the service tag on the Dell Warranty page here. Open Device Details, then "View Product Specs" and the OS version that your appliance was shipped with will be listed in the itemized inventory. 

If your appliance was not shipped with a license for the newer operating system you with to upgrade to, you can still upgrade but you must provide your own license to upgrade.*

Windows License Appliance Dates

Appliance GenerationLaunch OSLast Shipped Licensed OSApproximate Date License Updated
Gen4 (ie. LR-XMx4xx)Server 2012R2Server 2016Q4 2017
Gen5 (ie. LR-XMx5xx)Server 2016Server 2019Q4 2020
Gen6 (ie. LR-XMx6xx)Server 2022N/A - ActiveTBD

*Customer-provided Windows Server licenses fall outside the scope of LogRhythm Support. LogRhythm will no longer be able to work with Microsoft or Dell on behalf of the customer should there be any operating system issues. Customers will need to work directly with Microsoft.

See the LogRhythm Component Compatibility section for operating system support.

SQL Server 2016 or SQL Server 2019 Standard Required on Platform Manager

All Platform Manager databases in this version of LogRhythm require Microsoft SQL Server 2016 (version 13.0.4001.0) or Microsoft SQL Server 2019 (version 15.0.2000.5) standard edition. Higher cumulative updates and service packs within these versions are also supported. 

If you are running Microsoft SQL Server 2016 Standard on your appliance, there is no requirement to upgrade to Microsoft SQL Server 2019

If you do wish to upgrade to Microsoft SQL Server 2019, you can do so under your own entitlement or verify if the entitlement shipped with your appliance or purchased from LogRhythm entitles you to an upgrade. Typically LogRhythm appliances are shipped with the latest purchasable version of SQL however there can be a significant lag between a SQL version being released and the licenses being purchasable through OEM or ISV retailers. Its recommended you verify your entitlement prior to planning an upgrade to SQL server. SQL Server installations use an embedded MAK, you do NOT need a key to perform an upgrade of SQL Server.  

Software-only SQL Server 2019 Licensing

Software-only purchases allow customers to either bring their own SQL license or purchase one through LogRhythm. See the table below to determine whether your software purchase includes a SQL 2019 license.

SQL Purchase DateLogRhythm SKUSQL LicenseCustomer Action
On or after February 1, 2022 LR-ACC-MSSQL-PSQL 2019If you wish to upgrade SQL, you can download the Microsoft SQL 2019 Standard installer and upgrade
Prior to February 1, 2022LR-ACC-MSSQL-PSQL 2016If you wish to upgrade SQL, you must provide your own SQL 2019 license.*
*Customer-provided SQL licenses fall outside the scope of LogRhythm Support. LogRhythm will no longer be able to work with Microsoft on behalf of the customer should there be any application issues with SQL Server. Customers will need to work directly with Microsoft.

See the LogRhythm Component Compatibility section for SQL Server support documentation.

Microsoft .NET Framework 4.7.2

Microsoft .NET Framework 4.7.2 is required on the LogRhythm Platform Manager and other core components. When you update LogRhythm components with the LogRhythm Install Wizard, .NET 4.7.2 is installed when required. Before upgrading LogRhythm components, however, the Database Upgrade Tool also checks for .NET 4.7.2. If you are not already running this version of the .NET Framework, you should upgrade before you continue.

If .NET has not been updated on any host running a System Monitor Agent and you push out an update with the System Monitor Package Manager, the Agent host will restart as part of the .NET install. If your Windows host does not have .NET Framework 4.7.2 installed, we do not recommend using the System Monitor Package Manager automatic update option. Since installing .NET Framework 4.7.2 requires a system reboot, the automatic update process will be disrupted and the Package Manager will not complete the installation process.

You can download the Microsoft .NET Framework 4.7.2 standalone installer from the Microsoft website. The .NET Framework installation requires 4.5 GB of free disk space. If your LogRhythm instance is deployed in a dark site, download the necessary standalone .NET installers from Microsoft Support before beginning the upgrade. Otherwise, the Web Services Installer will attempt to download it during the upgrade and the upgrade will fail without internet connectivity.

Administrator Credentials

To reduce downtime, ensure the following items are available before you begin the upgrade process:

  • Local administrator privileges for the LogRhythm servers.

    For Disaster Recovery deployments, this must be a domain account, which has administrative privileges on both boxes. This account is used to set up the failover cluster and is used as a service account for SQL Server, SQL Agent, and LogRhythm Service Registry services.

  • The SQL Server password for the LogRhythmAdmin account.
  • The SQL Server sa password for the LogRhythm databases.
  • The following user permissions must be assigned to the user executing the SQL Server upgrade.
  • The Database Upgrade Tool verifies that you have the following permissions:
    • Back up/restore files and directories
    • Manage auditing and security log
    • Take ownership of files or other objects
    • Shut down the system and debug programs
  • Sufficient time to perform the upgrade. Generally, the upgrade process can be completed in under two hours, but it may take much longer for very large databases.

The LogRhythm Infrastructure Installer

The LogRhythm Deployment Tool, also called the Infrastructure Installer, coordinates the installation and configuration of the LogRhythm Common Components (LR Common) across a set of machines.

LRCommon currently contains:

  • LogRhythm API Gateway
  • LogRhythm Service Registry
  • LogRhythm Metrics Collection

Note the following requirements of the Infrastructure Installer:

  • User Access. The user needs to be able to log on to each host in the deployment in order to run the Host Infrastructure Installer.
  • Elevated Execution. The tool executes local commands under an elevated context. The user running the tool must have permission to elevate the execution.
  • Network Time. The times on the hosts must be synchronized. This is a requirement for SSL certificates that are shared among the hosts in the deployment. If times are not synchronized, this tool will likely report that consul is unable to elect a leader.

    If this prerequisite is not met, the deployment may not function properly after installation is complete.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.