Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Upgrading JSA to 7.4.1

 

You must upgrade all of the JSA products in your deployment to the same version.

To ensure that JSA upgrades without errors, ensure that you use only the supported versions of JSA software:

  • Ensure that JSA 7.3.0 or later is installed.

  • Check the software version in the software by clicking Help > About.

Note

Software versions for all JSA appliances in a deployment must be the same version and fix level. Deployments that use different JSA versions of software are not supported.

Upgrade your JSA Console first, and then upgrade each managed host. In high availablity (HA) deployments, when you upgrade the HA primary host, the HA secondary host is automatically upgraded.

The following JSA systems can be upgraded concurrently:

  • Event Processors

  • JSA Event Collectors

  • Flow Processors

  • Data Nodes

  • App Hosts

JSA 7.4.1 includes stricter rules for Ariel queries, to address APARIJ13437. You must run the aqlValidator script to determine whether any Ariel queries must be updated before you upgrade to JSA 7.4.1.

  1. Run the aqlValidator script to determine whether any Ariel queries must be updated before you upgrade JSA:

    • If auto-updates are enabled, run aqlValidator by typing the following command:

      /opt/qradar/support/apar/aqlValidator

    • If auto-updates are not enabled:

      1. Download the latest autoupdates bundle from https://support.juniper.net/support/downloads/.

      2. Install the autoupdates bundle by following the instructions in JSA. See Juniper Secure Analytics Administration Guide/Set Up JSA/Automatic update.

      3. Run aqlValidator by typing the following command:

        /opt/qradar/support/apar/aqlValidator

  2. Download the <qradar>.sfs file from https://support.juniper.net/support/downloads/.
  3. Use SSH to log in to your system as the root user.
  4. Copy the SFS file to the /storetmp or /var/log directory or to another location that has sufficient disk space.

    To verify you have enough space (5GB) in the JSA Console, type the following command:

    df -h /storetmp /var/log | tee diskchecks.txt

    Note

    Do not copy the file to an existing JSA system directory such as the /store directory.

  5. To create the /media/updates directory, type the following command:

    mkdir -p /media/updates

  6. Use the cd command to change to the directory where you copied the SFS file.
  7. Unzip the patch file using the bunzip utility:

    bunzip2 <patchfilename>.bz2

  8. To mount the SFS file to the /media/updates directory, type the following command:

    mount -o loop <qradar>.sfs /media/updates/

  9. To run the patch installer, type the following command:

    /media/updates/installer

What to do next:

  1. Unmount /media/updates by typing the following command:

    umount /media/updates

  2. Delete the SFS file.

  3. Perform an automatic update to ensure that your configuration files contain the latest network security information. For more information, see the Juniper Secure Analytics Administration Guide.

  4. Delete the patch file to free up space on the partition.

  5. Clear your web browser cache. After you upgrade JSA, the Vulnerabilities tab might not be displayed. To use JSA Vulnerability Manager after you upgrade, you must upload and allocate a valid license key. For more information, see the Juniper Secure Analytics Administration Guide for your product.

  6. Determine if there are changes that must be deployed. For more information see “Deploying Changes” in Juniper Secure Analytics Administration Guide.