Upgrade FAQ and Determining the Correct Upgrade Path
Where Is LogRhythm's Software and Hardware End of Life Policy?
Our EOL policy for hardware and software can be found on our Documents site. Here you will find details on the various LogRhythm versions.
You will notice a few key callouts in the document:
End of Sale (EoS). When a product release version reaches End of Sale, the version will no longer be available for sale.
End of Support Life (EoSL). When a product release version reaches End of Support Life, it will no longer be supported by LogRhythm’s technical support services.
This document also explains the differences between major and minor patches, which will help you in identifying the version you are running.
Importance of Keeping Up to Date
Like all software, it is important to keep up to date with versions. With each version release, there are often security updates, patches, defects resolved and, of course, new features. In order for our Support and Engineering teams to engage and assist, the deployment needs to be on a supported version of the product.
Where Can I Request an Upgrade License?
Please visit our website and fill in the license request form. You will need it before you upgrade. Our Fulfillment team will generate and send it to you by email.
Where Can I Find Upgrade Information, Documentation, and Files?
Customers with a current support contract are able to download upgrades from our Documents and Downloads section on the Community site. You can either upgrade yourself using the guides or engage our Professional Services team to perform the upgrade. More on this follows.
How Can I Upgrade?
You have a couple of options for upgrading your deployment:
- You can follow the lengthy upgrade documentation on our Community site to perform the upgrade yourself. Please pay particular attention to the upgrade paths. If you run into any challenges when upgrading, please log a support case though the Support Portal. Our global support team will be happy to help you.
- Our Professional Services team can perform the upgrade for you as a billable service.
- If you don't already have an open project with Professional Services, please contact your Customer Success Manager or your account representative to scope and purchase this service.
- If you have an open project, please work with your assigned Project Manager to determine if this upgrade can be worked into your existing scope and schedule. If you don't know your Project Manager, please use one of the following aliases.
Region | Email Address |
---|---|
North and South America | |
Europe, Middle East, and India | |
Asia and Australia |
How Do I Determine What Version of SIEM or Network Monitor I Am Running?
SIEM
- Log into the LogRhythm Console.
- At the top, click Help and About LogRhythm.
The About LogRhythm screen appears. The product version is shown in the red box.
NetMon
- Log into NetMon using your browser.
- At the top-right of the main page, click the question mark.
- In the menu, click About NetMon.
The System Details screen appears. The application version is shown in the red box.
Which Generation of LR Appliance or Software Equivalent Am I Running?
LogRhythm Appliance
Version | Original Release Date | End of Sale | End of Support Life | Appliances Included |
---|---|---|---|---|
Gen 6 | October 2023 | TBD | Five years from Date of Sale | The Gen6 Hardware generation is designated by the |
Gen5 | July 2018 | TBD | Five years from Date of Sale | The Gen5 Hardware generation is designated by the second number in the product code (e.g., XM4550, PM7500, DX5500). |
Gen4 | July 2014 | September 2018 | Five years from Date of Sale | The Gen4 Hardware generation is designated by the second number in the product code (e.g., XM4410, PM7410, DX5410). |
Gen3 | March 2013 | July 2016 | Five years from Date of Sale | The Gen3 Hardware generation is designated by the second number in the product code (e.g., XM4310, EM5350, LM7310). |
Gen2 (LRX) | August 2009 | April 2013 | Five years from Date of Sale | The Gen2 Hardware generation products are all prefixed with LRX (e.g., LRX1, LRX2, and LRX3) |
Gen1 (LR) | August 2006 | November 2009 | Five years from Date of Sale | The Gen1 Hardware generation includes the LR500, LR1000, and LR2000 product series. |
LogRhythm Software
In this scenario, the customer provides the hardware, virtual machine, or cloud infrastructure to install the LogRhythm software. For software installs, we have supported specification in our install guides. These align to the hardware models mentioned previously. Please ensure that the specifications support the latest versions.
How Do I Get to the Latest Version? What Are My Upgrade Paths?
- To find the version of the SIEM you are running, use the previous LogRhythm Appliance table.
- To find your SIEM version, use the following SIEM table.
To find the version you need, browse the Upgrade Path column in the SIEM table.
For older versions, you may need to perform a hop2 upgrade to a version before being able to proceed to the next/latest version.
SIEM
SIEM Version | Upgrade Path | Description | Supported Hardware |
---|---|---|---|
5.x | 6.2.5 | If you are on a version prior to 6.3, please contact your CSM at csm@logrhythm.com to determine your upgrade path. | Gen 1 and Gen 2 |
6.0.x to 6.3.3 | 6.3.9 | If you are on a version prior to 6.3, please contact your CSM at csm@logrhythm.com to determine your upgrade path. | Gen 2 and Gen 3 |
6.3.4 to 6.3.9 | 7.4.10 | Due to switching from SQL to Elasticsearch, you will not be able to keep your current online data. | Gen 3 and Gen 4 |
7.1.x | 7.2.7 | Due to upgrading the version of Elasticsearch between these versions, you will need to wait for the duration of your current TTL (30-90 days) for all 7.1 (ES 1) indices to TTL out (ES 1 indices will work on ES 2.3 /7.2). If you do not wish to keep your Elasticsearch indices, you may upgrade just the databases to 7.4.10, then continue to 7.8.0 | Gen 3 and Gen 4 |
7.2.x | 7.4.10 | Due to upgrading the version of Elasticsearch between these versions, you will need to wait for all 7.2. (ES 2.3) indices to TTL out (ES 2.3 indices will work on ES 5.5.6 /7.4). If you do not wish to keep your Elasticsearch indices, you may upgrade the database only to 7.4.10, then continue to 7.8.0. | Gen 3, Gen 4, and Gen 5 |
7.3.x | 7.4.10 | You do not need to upgrade anything other than the databases prior to upgrading to 7.8.0. | Gen 3, Gen 4 and Gen 5 |
7.4.10 to 7.12.x | 7.13.0 | Fully supported upgrade path. | Gen 4 and Gen 5 |
7.4.10 to 7.13.x | 7.14.0 | Fully supported upgrade path. | Gen 4, Gen 5, and Gen 6 |
7.8.0 to 7.17.x | 7.18.0 | Due to upgrading the version of Elasticsearch, you will need to wait for all 7.7.x or older (ES 5) indices to TTL out or they will be deleted on upgrade. If you do not wish to keep your Elasticsearch indices, you may upgrade the database only to 7.4.10, then continue to 7.18.0. | Gen 4, Gen 5, and Gen 6 |
Following is a visual of the SIEM table. To determine the versions you need to upgrade to get to the latest SIEM version, find the version of LogRhythm SIEM you are running and follow the arrows.
SIEM Elasticsearch Compatibility Matrix
Upgrading between LogRhythm versions can impact the ability of your Elasticsearch cluster to read/search data currently stored in the cluster. This includes Hot, Warm, and Archive Restoration Indexes.
From/To | 7.1 (ES1) | 7.2 (ES2) | 7.4 (ES5) | 7.8 (ES6) | 7.18 (ES7) | Future (OpenSearch) |
---|---|---|---|---|---|---|
7.1 (ES1) | X | X | ||||
7.2 (ES2) | X | X | ||||
7.4 (ES5) | X | X | ||||
7.8 (ES6) | X | X | ||||
7.18 (ES7) | X | X | ||||
Future (OpenSearch) | X | X | X |
NetMon
For NetMon, we have a table that details the paths.
- To find the version of the SIEM you are running, use the previous SIEM table.
- To find your NetMon version, use the following NetMon table.
To find the version you need to go to next, browse the Upgrade Path column in the NetMon table.
For older versions, you may need to perform a hop2 upgrade to a version before being able to proceed to the next/latest version.
NetMon Version | Upgrade Path | Description |
---|---|---|
Versions earlier than 2.6.1 | Not supported | An upgrade path for versions earlier than 2.6.1 is not recommended. To upgrade, perform a new installation with version 4.0.3. |
Versions 2.6.1 to 2.8.1 | Upgrade to 2.8.2 | A CentOS dependency requires you to upgrade to 2.8.2 before continuing the upgrade process. |
Versions 2.8.2 to 3.2.1 | Upgrade to 3.2.2 | A CentOS 7.2 upgrade requires you to upgrade to 3.2.2 before continuing the upgrade process. |
Version 3.2.2 | Upgrade to 3.2.3 | A user interface change requires to upgrade to 3.2.3 before continuing the upgrade process. |
Version 3.2.3 | Upgrade to 3.6.1 | In previous versions of NetMon, upgrading to the newest version could reset your custom engine configuration settings to the NetMon defaults. Starting in NetMon 3.6.1 and in all future releases, upgrades will not change your custom settings back to the default values NetMon 3.6.2 was a critical security update, and all users running older versions of NetMon should upgrade to 3.6.2 or later as soon as possible. |
Versions 3.6.1 to 3.9.3 | Upgrade to 4.0.1 | If upgrading from a pre-3.9.1 release, a new security certificate is included with the install. In this case, the upgrade page does not automatically refresh after the system reboots. The upgrade usually takes about 15 minutes, after which you must manually refresh your browser and log in to NetMon again, The upgrade to NetMon 4.0.1 is a best-effort migration of existing Elasticsearch 1.7 data into Elasticsearch 7.2. Re-indexing Elasticsearch 1.7 data to Elasticsearch 7.2 takes significant time up to several hours per 10 GB of metadata, depending on the size of the indices. |
Versions 4.0.1 to 4.0.4 | Upgrade to 4.0.5 | If you are upgrading from NetMon 3.6.1 - 3.9.3 and performed the intermediate upgrade step to NetMon 4.0.1, you must wait until the 4.0.1 nm-reindexer process finishes before upgrading to 4.0.5. The 4.0.1 nm-reindexer process migrates the previous Elasticsearch 1.7 indices to the Elasticsearch 7.2 index format. |
Version 4.0.5 to 4.06 | Upgrade to 4.0.7 | If you are running version 4.0.1 - 4.0.4, upgrade directly to 4.0.5 before upgrading to 4.0.7. If you are running NetMon 3.6.1 - 3.9.3, you must first upgrade to version 4.0.1 before continuing the upgrade to 4.0.5, then upgrade to 4.0.7. |