Apply System Updates to a Data Indexer
- LogRhythm DX servers must be patched with CentOS base repositories only. Other repositories should not be created or enabled on DX servers. Other packages, including Elasticsearch, must only be updated as part of a LogRhythm upgrade. If you detect any vulnerabilities after following these instructions, please contact LogRhythm Support.
- For information on disabling repositories before updating, follow the update instructions in the Operating System Patch Management topic.
- Currently, LogRhythm only supports CentOS version 7. DXs should not be upgraded to CentOS version 8.
- Before patching using CentOS repositories, LogRhythm 7.1.x must be upgraded to 7.2.x or later.
Apply Linux System Updates
Linux system updates should generally be applied as they are available. To apply Linux system updates:
To update your Linux Data Indexer:
sudo yum update
Multi-Node Cluster
Disable Elasticsearch cluster routing before updating CentOS:
curl -XPUT localhost:9200/_cluster/settings -d '{ "persistent":{"cluster.routing.allocation.enabled": "none"}}'
Restart the Data Indexer nodes one at a time and let the nodes rejoin the cluster before updating the next.
Enable Elasticsearch cluster routing:
curl -XPUT localhost:9200/_cluster/settings -d '{ "persistent":{"cluster.routing.allocation.enabled": " all"}}'
Apply Windows System Updates
Windows system updates may be applied as needed.