Skip to main content
Skip table of contents

Apply System Updates to a Data Indexer

  • LogRhythm DX servers must be patched with CentOS base repositories only. Other repositories should not be created or enabled on DX servers. Other packages, including Elasticsearch, must only be updated as part of a LogRhythm upgrade. If you detect any vulnerabilities after following these instructions, please contact LogRhythm Support
  • For information on disabling repositories before updating, follow the update instructions in the Operating System Patch Management topic.
  • Currently, LogRhythm only supports CentOS version 7. DXs should not be upgraded to CentOS version 8.
  • Before patching using CentOS repositories, LogRhythm 7.1.x must be upgraded to 7.2.x or later.

Apply Linux System Updates

Linux system updates should generally be applied as they are available. To apply Linux system updates:

To update your Linux Data Indexer:

CODE
sudo yum update

Multi-Node Cluster

Disable Elasticsearch cluster routing before updating CentOS:

CODE
curl -XPUT localhost:9200/_cluster/settings -d '{ "persistent":{"cluster.routing.allocation.enabled": "none"}}'

Restart the Data Indexer nodes one at a time and let the nodes rejoin the cluster before updating the next.

Enable Elasticsearch cluster routing:

CODE
curl -XPUT localhost:9200/_cluster/settings -d '{ "persistent":{"cluster.routing.allocation.enabled": " all"}}'

Apply Windows System Updates

Windows system updates may be applied as needed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.