-
Notifications
You must be signed in to change notification settings - Fork 287
SELKS 3.0RC1 to SELKS 3.0 upgrades
As a standard procedure please make sure you confirm everything in a test environment before doing it in production.
To upgrade from SELKS 3.0RC1 to SELKS 3.0 follow the sequence below:
Edit /etc/elasticsearch/elasticsearch.yml
Make sure you have commented out the line http.cors.enabled: true
(bottom of the config) like so:
#Enable Kibana logging #http.cors.enabled: true
First upgrade major components via the Debian distribution process:
systemctl stop kibana /usr/share/elasticsearch/bin/plugin remove delete-by-query apt-get update && apt-get -y dist-upgrade
then finalize upgrade of ELK stack and scirius: :
chown -R kibana /opt/kibana/optimize/ /usr/share/elasticsearch/bin/plugin install delete-by-query systemctl restart elasticsearch systemctl restart kibana
Now we need to update evebox interaction with systemd:
rm -f /etc/systemd/system/evebox.service systemctl daemon-reload systemctl restart evebox
and upgrade the python dependencies for scirius:
pip install --upgrade 'django<1.9' django-tables2 GitPython pyinotify flup six django-dbbackup django-bootstrap3 django-revproxy ipy /etc/init.d/scirius restart
Finally you can load the new dashboards. Due to a naming change, it is necessary to do a reset of user dashboards (resulting in data loss if you have specific ones) and a reload of Stamus Networks dashboards. You can follow the documentation on this page to do the modifications:
How to load or update dashboards.
Alternatively you can delete manually all unmodified dashboards and do a reload of Stamus Networks dashboards.
A last step, can be the upgrade of the kernel: