Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Upgrading JSA to 7.5.0 UP8

SUMMARY You must upgrade all of the JSA products in your deployment to the same version.

Determine the minimum JSA version that is required for the version of JSA to which you want to update.

  • Click Help > About to check your current version of JSA.

To ensure that JSA upgrades without errors, verify that you use only the supported versions of JSA software.

Important:

  • Software versions for all JSA appliances in a deployment must be the same version and fix level. Deployments that use different JSA versions of software are not supported.

  • Custom DSMs are not removed during the upgrade.

  • After you upgrade to JSA Update Package 8, WinCollect 7.3.1 managed agents do not receive updates from encrypted JSA managed hosts.

Upgrade your JSA Console first, and then upgrade each managed host. In high availablity (HA) deployments, when you upgrade the HA primary host, the HA secondary host is automatically upgraded.

The following JSA systems can be upgraded concurrently:

  • Event processors

  • Event collectors

  • Flow processors

  • Data nodes

  • App hosts

  1. Download the 7.5.0.20240405183541.sfs from the Juniper Customer Support website.

    https://support.juniper.net/support/downloads/

  2. Using SSH, log into your system as the root user.
  3. Copy the SFS file to the /storetmp or /var/log directory or to another location that has sufficient disk space. Verify that the /storetmp directory has at minimum 10 GB of space available on all hosts, including secondary hosts, for the upgrade.
    Note:

    If the SFS file is in the /storetmp directory and you do not upgrade, when the overnight diskmaintd.pl utility runs, the SFS file is deleted.
  4. To verify you have enough space (10 GB) in /store/tmp for the JSA Console, type the following command:
    df -h /storetmp /var/log | tee diskchecks.txt

    • Best directory option: /storetmp

      It is available on all appliance types at all versions. In JSA 7.5.0 versions /store/tmp is a symlink to the /storetmp partition.

    Note:

    Don't copy the file to an existing JSA system directory such as the /store directory.
  5. To create the /media/updates directory, type the following command:

    mkdir -p /media/updates

  6. Use the command cd to change to the directory where you copied the SFS file.
  7. Using SCP, copy the files to the JSA Console to the /storetmp directory or a location with 10 GB of disk space.
  8. Change to the directory where you copied the patch file.

    For example, cd /storetmp

  9. Unzip the file in the /storetmp directory using the bunzip utility:

    bunzip2 7.5.0.20240405183541.sfs.bz2

  10. To mount the SFS file to the /media/updates directory, type the following command:

    mount -o loop /7.5.0.20240405183541.sfs /media/updates

  11. You must run the Leapp pretest to verify your system before the upgrade. To run the Leapp pretest, type the following command:

    /media/updates/installer --leapp-only

    Note:

    If the Leapp pretest is unsuccessful, you must resolve the issues in the pretest output, and then run the test again. The upgrade is blocked until the Leapp pretest runs successfully.
  12. Optional: Pretest the installation by typing the following command:

    /media/updates/installer -t

    Note:

    The web server and hostcontext services are stopped while the tests are running. After the test is complete, they are started back automatically.
  13. To run the patch installer, type the following command:

    /media/updates/installer

What to do next:

  1. Unmount /media/updates by typing the following command:

    umount /media/updates

  2. Delete the SFS file.

  3. Perform an automatic update to ensure that your configuration files contain the latest network security information. For more information, see Checking for New Updates.

  4. Delete the patch file to free up space on the partition.

  5. Clear your web browser cache.

  6. FIPS mode only To verify that the FIPS mode is enabled, run the following command.

    fips-mode-setup --check

    If the FIPS mode is disabled, run the following command, and then reboot your system to enable the

    FIPS mode.

    /opt/qradar/bin/qradar_fips_toggle.sh enable

  7. If you have custom syslog-ng configuration files, update your files to ensure compatibility with the new

    syslog-ng syntax in version 3.23.

  8. Determine whether there are changes that must be deployed. For more information see “Deploying Changes” in Juniper Secure Analytics Administration Guide.