How to upgrade to syslog-ng Store Box 2 F1

Copyright © 1996-2011 BalaBit IT Security Ltd.

July 08, 2011

Table of Contents

1. Preface
2. Prerequisites to upgrading to SSB
2.1. Notes and warnings about the upgrade
2.2. Updating to the latest release of your current version
3. Upgrading to SSB 2 F1
3.1. Upgrading to SSB 2 F1
4. Upgrading SSB clusters
4.1. Upgrading an SSB cluster to 2 F1

List of Procedures

3.1. Upgrading to SSB 2 F1
4.1. Upgrading an SSB cluster to 2 F1

1. Preface

Welcome to syslog-ng Store Box (SSB) version 2 F1 and thank you for choosing our product. This document describes the process to upgrade existing SSB installations to SSB 2 F1. The main aim of this paper is to aid system administrators in planning the migration to the new version of SSB.

[Warning] Warning

Read the entire document thoroughly before starting the upgrade.

This document covers the syslog-ng Store Box 2 F1 product.

2. Prerequisites to upgrading to SSB

This section describes the requirements and steps to perform before starting the SSB upgrade process.

  • You must have a valid software subscription to be able to download the new version of SSB, and also the new license file.

  • You will need a MyBalaBit account to download the required firmware files and the license. If you have not done so yet, sign up for a MyBalaBit account at http://www.balabit.com/mybalabit/. Note that the registration is not automatic, and might require up to two working days to process.

2.1. Notes and warnings about the upgrade

The following is a list of important notes and warnings about the upgrade process and changes in SSB 2 F1.

[Warning] Warning

It is possible to import a configuration exported from SSB 1.1 or 1.0 into SSB 2 F1, but it is not possible to restore an 1.1 or 1.0 backup into 2 F1.

[Note] Note

It is strongly recommended to have IPMI (ILOM) or console access to the SSB appliance during the upgrade process. During the upgrade, SSB displays information about the progress of the upgrade and any possible problems to the console.

2.2. Updating to the latest release of your current version

Upgrading to SSB 2 F1 is supported from versions 2.0.1 and later. If you are using version SSB 2.0.0 or earlier, you need to upgrade to 2.0.1. To perform the upgrade to 2.0.1, complete the following steps:

  1. Download the latest SSB core firmware from http://www.balabit.com/network-security/syslog-ng/log-server-appliance/

  2. Update the firmware of your SSB. For details, see Section 4.5.3.1, Updating the SSB firmware in The syslog-ng Store Box 2 F1 Administrator Guide.

3. Upgrading to SSB 2 F1

Complete the following steps:

[Warning] Warning

After performing the upgrade, it is not possible to downgrade. Upgrading to SSB 2 F1 is an irreversible process.

[Tip] Tip

It is recommended to test the upgrade process first in VMware. To do this, download a VMware image of the latest SSB version, import the configuration of your SSB into this VMware version, and perform the upgrade. If everything is working, perform the upgrade on the production system.

[Warning] Warning

When upgrading to SSB 2 F1 within a 32bit VMware environment, it might cause problems at startup. It is recommended to upgrade the processor/system type first to 64bit or upgrade the hardware system with a 64bit capable CPU before performing the upgrade to SSB 2 F1.

[Warning] Warning

If you have a Sun Fire x4140 hardware (SSB5000, SSB10000, or SANControl), and intend to upgrade to SSB 2 F1, first, update the BIOS and the service processor firmware before upgrading to SSB 2 F1. Failing to do so might result in malfunctioning interfaces. For details, see Sun Fire™ X4140 Server Installation Guide.

3.1. Procedure – Upgrading to SSB 2 F1

  1. Download the SSB 2 F1 core firmware from http://www.balabit.com/network-security/syslog-ng/log-server-appliance/

  2. Download the SSB 2 F1 boot firmware from http://www.balabit.com/network-security/syslog-ng/log-server-appliance/

  3. Update the firmware of your SSB. Upload and activate both the 2 F1 boot and core firmwares. For details, see Section 4.5.3.1, Updating the SSB firmware in The syslog-ng Store Box 2 F1 Administrator Guide.

  4. Navigate to Basic Settings > System > System control > This node > Reboot to reboot the machine. SSB will start with the new firmwares and upgrade its configuration, database, and other system components. During the upgrade process, SSB displays status information and other data to the local console.

    [Warning] Warning

    If the number of statistics files used to display information on the dashboard is large, the upgrade process can take 15-20 minutes or more. You can check this number before the upgrade on the Log > Options page in the Dashboard statistics section. The default limit for the number of these files is 20.000. If this number is reached, the upgrade will take around 20-30 minutes.

    During the upgrade process, SSB is unable to receive logs, and information about the status of the upgrade is displayed on the console.

    If you do not need these statistics and the length of the upgrade is too long for you, remove the statistics files before the upgrade by clicking Clear all statistics in Log > Options. This will make the upgrade process significantly faster, however, all statistics information will be lost from before the upgrade.

  5. Login to the SSB web interface.

    [Warning] Warning

    In case the SSB web interface is not available within 30 minutes of rebooting SSB, check the information displayed on the local console and contact the BalaBit Support Team.

    If you experience any strange behavior of the web interface, first try to reload the page by holding the SHIFT key while clicking the Reload button of your browser to remove any cached version of the page.

    [Note] Note

    In the unlikely case that SSB encounters a problem during the upgrade process and cannot revert to its original state, SSB performs the following actions:

    • Initializes the network interfaces using the already configured IP addresses.

    • Enables SSH-access to SSB, unless SSB is running in sealed mode. That way it is possible to access the logs of the upgrade process that helps the BalaBit Support Team to diagnose and solve the problem. Note that SSH access will be enabled on every active interface, even if management access has not been enabled for the interface.

  6. Navigate to Basic Settings > System > Version details and verify that SSB is running version 2 F1 of the core and boot firmware. If not, it means that the upgrade process did not complete properly and SSB performed a rollback to revert to the earlier firmware version. In this case complete the following steps:

    1. Navigate to Basic Settings > Troubleshooting > System debug and click Collect and save current system state info.

    2. Save the resulting ZIP file.

    3. Contact the BalaBit Support Team and send them the file. They will analyze its contents to determine why the upgrade was not completed and assist you in solving the problem.

4. Upgrading SSB clusters

If you are running an SSB high-availability cluster, complete the following steps:

4.1. Procedure – Upgrading an SSB cluster to 2 F1

  1. Complete the prerequisites described in Section 2, Prerequisites to upgrading to SSB and upgrade the cluster to SSB version 2.0.1. or later.

  2. Upload the SSB 2 F1 boot and core firmware, and set them to be active After reboot.

    [Warning] Warning

    Do NOT reboot any of the SSB nodes at this point.

  3. Navigate to Basic Settings > System > High availability & Nodes > Other node and click Shutdown to power off the slave node.

    [Warning] Warning

    Do not power on the slave node.

  4. Select This node > Reboot to reboot the master node.

  5. Power on the slave node.

  6. Login to the SSB web interface.

  7. Test SSB to see if it is functioning properly after the upgrade. If you encounter any problems, contact your support team.

© 2007-2011 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com