SELKS 3.0RC1 to SELKS 3.0 upgrades

Eric Leblond edited this page Aug 11, 2016 · 8 revisions

As a standard procedure please make sure you confirm everything in a test environment before doing it in production.

To upgrade from SELKS 3.0RC1 to SELKS 3.0 follow the sequence below:

Edit /etc/elasticsearch/elasticsearch.yml Make sure you have commented out the line http.cors.enabled: true (bottom of the config) like so:

#Enable Kibana logging
#http.cors.enabled: true

First upgrade major components via the Debian distribution process:

systemctl stop kibana
/usr/share/elasticsearch/bin/plugin remove delete-by-query
apt-get update && apt-get -y dist-upgrade

then finalize upgrade of ELK stack and scirius: :

chown -R kibana /opt/kibana/optimize/
/usr/share/elasticsearch/bin/plugin install delete-by-query
systemctl restart elasticsearch
systemctl restart kibana

Now we need to update evebox interaction with systemd:

rm -f /etc/systemd/system/evebox.service
systemctl daemon-reload
systemctl restart evebox

and upgrade the python dependencies for scirius:

pip install --upgrade 'django<1.9' django-tables2 GitPython pyinotify flup six django-dbbackup django-bootstrap3 django-revproxy ipy
/etc/init.d/scirius restart

Finally you can load the new dashboards. Due to a naming change, it is necessary to do a reset of user dashboards (resulting in data loss if you have specific ones) and a reload of Stamus Networks dashboards. You can follow the documentation on this page to do the modifications:

How to load or update dashboards.

Alternatively you can delete manually all unmodified dashboards and do a reload of Stamus Networks dashboards.

A last step, can be the upgrade of the kernel:

How to upgrade kernel

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.