Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Upgrading Security Director Log Collector

    You can upgrade the Log Collector VM or the JA2500 appliance and integrated Log Collector to a later release.

    Before You Begin

    • You must delete all the Log Collector nodes from Security Director > Administration > Logging Management > Logging Nodes.

    • Upgrade to a supported version of Junos Space Network Management Platform Release and then upgrade the Security Director application.

    See the following topics for information about upgrading Log Collector.

    Table 1 shows the topology difference for the Log Collector Release 15.2R2, 16.1R1, and later.

    Table 1: Topology Difference

    Node Type

    Release 15.2R2

    Release 16.1R1 and later

    All-in-One Node

    Yes

    Yes

    Log Receiver Node

    Yes

    Yes

    Log Storage Node

    Yes (Log indexer node, Log data node)

    Yes

    Query node, Client node

    Yes (20K eps)

    No

    Master node, Cluster Manager node

    Yes (20K eps)

    No

    Integrated

    No

    Yes

    Upgrading Log Collector from 15.2R1 to 15.2R2

    Note: The supported upgrade path is Log Collector 15.2R1 > Log Collector 15.2R2.

    To upgrade from Log Collector 15.2R1 to Log Collector 15.2R2:

    1. Download the Log Collector upgrade image for VM from the download site.
    2. Copy the rpm file nwscripts-1-2.noarch.12.rpm to each Log Receiver node, Log Indexer, or Log Receiver and Indexer node.
    3. Upgrade each Log Receiver node, Log Indexer node, or Log Receiver and Indexer node using the rpm –Uvh nwscripts-1-2.noarch.12.rpm command.

    Note: Upgrading Log Collector from 15.1 to Log Collector 15.2R1 is not supported.

    Upgrading Log Collector VM or JA2500 Appliance from 15.2R2 or Later Releases

    Note: Create a back up of Log Collector Release 15.2R2.

    Note:

    The supported upgrade path to Log Collector 16.1R1, 16.2R1, 17.1R1, 17.2R1, and 17.2R2 are:

    • The upgrade path to Log Collector 17.2R2:

      • Log Collector 17.2R1 > Log Collector 17.2R2

      • Log Collector 17.1R2 > Log Collector 17.2R2

    • The upgrade path to Log Collector 17.2R1:

      • Log Collector 17.1R2 > Log Collector 17.2R1

    • The upgrade path to Log Collector 17.1R1:

      • Log Collector 15.2R2 > Log Collector 16.1R1/16.2R2 > Log Collector 17.1R1

    • The upgrade path to Log Collector 16.2R1:

      • Log Collector 15.2R2 > Log Collector 16.1R1 > Log Collector 16.2R1

      • Log Collector 15.2R2 > Log Collector 16.2R1

    • The upgrade path to Log Collector 16.1R1:

      • Log Collector 15.2R2 > Log Collector 16.1R1

    1. If you had changed the log database password for the logging nodes in Log Collector Release 15.2R2, perform the following steps. Otherwise, continue with Step 2.

      Note: This step is applicable from Release 15.2R2 to 16.1R1.

      1. Use the ssh command to log in to the node.
      2. Open the elasticsearch.yml file located at /etc/elasticsearch/ in a text editor.
      3. In the elasticsearch.yml file, search for http.basic.password and replace the changed password with 58dd311734e74638f99c93265713b03c391561c6ce626f8a745d1c7ece7675fa
      4. Save the changes.
    2. Download the Log Collector upgrade script from the download site.
    3. Copy the upgrade script to the /root directory of all the nodes that you want to upgrade.
    4. Change the file permission using the following command:

      chmod +x Log-Collector-Upgrade-xx.xxx.xxx.sh

      For example, chmod +x Log-Collector-Upgrade-17.2R2.xxx.sh

    5. Run the upgrade script using the ./Log-Collector-Upgrade-xx.xxx.xxx.sh command.

      For example, ./Log-Collector-Upgrade-17.2R2.XXX.sh

      The status of the upgrade is shown on the console.

      Note:

      • From release 16.2R1, the Logstash process no longer runs on the Log Receiver node. Instead, the jingest process will run.

      • You must ensure that the jingest and elasticsearch processes are running.

    6. Add the logging nodes back to Security Director from Security Director > Administration > Logging Management > Logging Nodes.

      See Adding Log Collector to Security Director.

    Note: For upgrading from 15.2R2 to 16.1R1:

    • Multiple-node deployment is a combination of Log Receiver and Log Storage nodes. You can add a maximum of one Log Receiver node and three Log Storage nodes.

    • Only one Log Receiver node is supported for all levels of deployment. If you have multiple Log Receivers in the Release 15.2R2 setup, upgrade only one Log Receiver to Release 16.2R1 and delete the other Log Receivers.

    • Log Query node and Master node are not supported. So you can delete them.

    • You must run the upgrade script on each node to upgrade it to the corresponding release.

    Upgrading Log Collector VM or JA2500 Appliance from 17.2R1 to 17.2R2

    Upgrading Log Collector All-In-One node

    1. Download the Log Collector upgrade script Log-Collector-Upgrade-17.2R2.X.sh from the download site.
    2. Copy the Log Collector upgrade script to the Log Collector All-In-One node.
    3. Connect to the CLI Log Collector All-In-One node.
    4. Navigate to the location where you have copied Log Collector upgrade script.
    5. Run Log Collector upgrade script.

      sh Log-Collector-Upgrade-17.2R2.X.sh

    6. Select from the below options and continue.

      1) Upgrade WITHOUT Recovering current log data

      [This will PERMANENTLY DELETE THE CURRENT LOG DATA]

      2) Upgrade and Recover the current log data

      3) Exit

      Is this running on SSD? [Y/N]

      Wait for the upgrade to complete.

    Upgrading Distributed Log Collector

    Prerequisites:

    • For upgrade process, you should be able to ping both Log Receiver and Log Storage nodes.

    • Download the Log Collector upgrade script Log-Collector-Upgrade-17.2R2.X.sh from the download site.

    • Copy the Log Collector upgrade script to Log Receiver and Log Storage nodes of the distributed deployment.

    Upgrade on Log Receiver Node

    1. Connect to the Log-Receiver Node CLI.
    2. Navigate to the location where you have Log Collector upgrade script.
    3. Run Log Collector upgrade script:

      sh Log-Collector-Upgrade-17.2R2.X.sh

    4. Select from the below options and continue.

      Please choose how you want to upgrade Log Collector:

      1) Upgrade WITHOUT Recovering current log data.

      [This will PERMANENTLY DELETE THE CURRENT LOG DATA]

      2) Upgrade and Recover the current log data

      3) Exit

    Upgrade on Log Storage Node

    1. Run Log Collector upgrade script:

      sh Log-Collector-Upgrade-17.2R2.X.sh

    2. Enter the Log Receiver Node IP.
    3. Select from the below options and continue

      Please choose how you want to upgrade Log Collector:

      1) Upgrade WITHOUT Recovering current log data.

      [This will PERMANENTLY DELETE THE CURRENT LOG DATA]

      2) Upgrade and Recover the current log data

      3) Exit

    Upgrading Integrated Log Collector

    To upgrade an integrated Log Collector to a latest release:

    Note: Integrated Log Collector is supported from 16.1R1 Release onwards.

    1. Download the integrated Log Collector script from the download site.
    2. Copy the integrated Log Collector script to a JA2500 appliance or virtual appliance.
    3. Connect to the CLI of a JA2500 appliance or virtual appliance with admin privileges.
    4. Navigate to the location where you have copied the integrated Log Collector script.
    5. Change the file permission using the following command:

      chmod +x Integrated-Log-Collector-xx.xxx.xxx.sh

      For example, chmod +x Integrated-Log-Collector-17.2R2.xxx.sh

    6. Run the integrated Log Collector script using the following command:

      ./Integrated-Log-Collector-xx.xxx.xxx.sh

      For example, ./Integrated-Log-Collector-17.2R2.xxx.sh

    Note:

    • The integrated Log Collector does not support high availability (HA) even if it is installed in a Junos Space HA cluster. The integrated Log Collector must be installed only on one of the Junos Space cluster nodes.

    • 500 eps is supported for the integrated Log Collector.

    Upgrading Integrated Log Collector from 17.2R1 to 17.2R2

    1. Copy Integrated-Log-Collector-17.2R2.x.sh to the space node.
    2. Run the script: sh Integrated-Log-Collector-17.2R2.x.sh
    3. Select from following options and continue:

      Please choose how you want to upgrade Log Collector:

      1) Upgrade WITHOUT Recovering current log data.

      [This will PERMANENTLY DELETE THE CURRENT LOG DATA]

      2) Upgrade and Recover the current log data.

      3) Exit

    Note: After upgrading the log collector, add the log collector node. See Adding Log Collector to Security Director.

    For Security Director log collector, provide the default credentials as admin/juniper123. Change the default password.

    For JSA, provide the admin credentials used to log in to the JSA console.

    Modified: 2018-04-12