WebsiteLoginKostenloser TestzugangCommunity

Update

As soon as a new on-premises version is available, you will receive an e-mail from us. In the email, you can get the current version numbers. You will also get the latest versions from Github.

Make sure to also keep the installed software components Pulsar Agent, Watchdog, Hacktor and Observer up to date. You can execute the updates directly in the platform. Click here for instructions.

Enginsight Application

Automatic update (recommended)

We recommend to use our update script to automatically install the latest version of Enginsight.

All of the following commands require root privileges. You can either execute each command with sudo (as shown below), or alternatively log in as superuser once:

su - root In this case, sudo can be omitted from the following commands.

  1. Navigate to the directory of your installation and run the update script.

cd /opt/enginsight/enterprise
sudo chmod +x update.sh && ./update.sh

If the update.sh file does not exist, it can be downloaded and executed using the following commands.

cd /opt/enginsight/enterprise
wget -O update.sh https://raw.githubusercontent.com/enginsight/enterprise/master/update.sh
chmod +x update.sh
./update.sh

Creating a cronjob

Alternatively, you can have the update executed automatically via a cronjob.

  1. Execute the following command to add a cronjob.

su - root
sudo chmod +x /opt/enginsight/enterprise/update.sh
sudo crontab -e

  1. Copy the following line into the document, edit the execution time according to your needs and save the document.

0 04 * * 0 cd /opt/enginsight/enterprise && ./update.sh

In this example, the update is performed weekly on every Sunday 4:00 AM.

Manual update

If you want to manually update software modules to special versions, use the following procedure.

All of the following commands require root privileges. You can either execute each command with sudo (as shown below), or alternatively log in as superuser once:

su - root In this case, sudo can be omitted from the following commands.

  1. Navigate to /opt/enginsight/enterprise

cd /opt/enginsight/enterprise

  1. Adjust the image versions of the various Docker services.

sudo nano docker-compose.yml

Example of services, ui-m1:

ui-m1:
    image: enginsightonpremise/ui-m1:<version>
    ...

Save the docker-compose.yml

  1. Execute the setup script and confirm all prompts.

sudo ./setup.sh

The configurations for database, Redis, APP and API are cached and therefore you do not need to adjust them.

Loggernaut Update

For Loggernaut installations prior to 2.0.0, a one-time manual update is required to enable updating within the UI. To do this, execute the following code:

// sudo /opt/enginsight/loggernaut/ngs-loggernaut -update

Software Components

You can update our four software components directly in the Enginsight platform.

Pulsar Agent

The best way is to update the Pulsar agent on all hosts at the same time.

  1. Go to Hosts → Overview.

  2. Click on the "Update Agents" button. You will find it above the list of your hosts.

  3. Click Refresh. If all agents are up to date, you will receive a message.

Observer

  1. Go to Endpoints → Observers and check if all version numbers are up to date.

  2. If an observer does not have the current version number, click the update icon in the right column at Actions.

Watchdog

  1. Go to Discoveries → Watchdogs and check if all version numbers are up to date.

  2. If a watchdog does not have the current version number, click the update icon in the right column at Actions.

Hacktor

  1. Go to Penetration Testing → Hacktors and check if all version numbers are up to date.

  2. If a hacktor does not have the current version number, click the update icon in the right column at Actions.

SIEM Update

In any case, perform a backup before updating your SIEM to secure your data!

The following instructions explain the procedure for updating the Docker containers for Zookeeper, Solr and Traicer. It is imperative that you follow the instructions to prevent errors!

Be sure to follow the order described below, especially for Zookeeper and Solr:

  1. Zookeeper Update Avoid automatic updates for Zookeeper, or make sure that Zookeeper is fully started before the Solr update starts.

  2. Solr Update Solr requires a running Zookeeper instance to start. If Solr is started before Zookeeper, connection problems may occur that can only be resolved by manually restarting Solr.

  3. Traicer Update The Traicer container can be updated independently without any special dependencies.

  1. Log in to the management server.

  2. Change to the correct directory using cd /opt/enginsight/enterprise/.

  3. First run the central update script.

    curl -sSL https://get.enginsight.com/siem/scripts/update.sh | sudo -E bash -s update

  4. Follow the instructions in the script.

  5. Then wait until the script has been executed completely.

  6. Next, log in to your index server.

  7. Repeat steps 2-4 on the index server.

Please note that the script provided must be executed on every server and that all Solr instances must have the same version.

Part Offline and Pulsar updates

These instructions describe how to carry out updates in a partially offline scenario, in which the app server temporarily receives an internet connection in order to download updates. The downloaded data can then be transferred to other hosts without an internet connection. The focus here is on updates to the Enginsight components, in particular the Pulsar component.

Update-Prozess bei eingeschränkter Konnektivität

  1. Activate the internet Activate the internet connection on the app server to be able to download the updates.

  2. executeupdate.sh Execute the update script update.sh on the app server. To do this, follow the steps in the update instructions above.

  3. Checking and updating the software components

    After completing the update, check all relevant components, including Pulsar, Watchdog, Observer and Hacktor. To ensure that the updates are cached correctly, update at least one installation of each component. Further details can be found in the instructions under Software components.

  4. Deactivating the Internet connection Once the updates are complete, disconnect the app server from the Internet.

Pulsar-Download-Script

If an update is required for the Pulsar component, proceed as follows:

  1. Zum Enterprise-Verzeichnis wechseln Navigate to the directory /opt/enginsight/enterprise:

    sudo cd /opt/enginsight/enterprise

  2. Download new script

    Download the latest Pulsar update script from the official repository:

    sudo wget https://raw.githubusercontent.com/enginsight/enterprise/master/scripts/fixed/pulsar.sh

  3. Make script executable Grant the downloaded script the necessary execution rights:

    sudo chmod +x pulsar.sh

  4. Execute script Execute the script to download the current version of the Pulsar in all variants:

    sudo ./pulsar.sh

  5. Finalize setup Start the setup script to finalize the changes:

    sudo ./setup.sh

Adjustment in the docker-compose.yml

Adjust the configuration of the docker-compose.yml for the server-m2 service to mount the Pulsar directory correctly:

server-m2:
    ...
    - "./pulsar:/opt/enginsight/server-m2/pulsar"

After the adjustment, restart the affected service to apply the changes:

sudo docker-compose up -d server-m2

After completing the steps described above, all relevant components should be updated to the latest version. Make sure that all services are running properly and that the system is stable.

External Components

Mongo DB Upgrade

All the following executions are carried out as root:

  1. Backup of the MongoDB-configuration The Configuration in /etc/mongod.conf gets deleted during the upgrade. It must therefore be backed up beforehand.

The OnPrem environment must be stopped before the dump is created in the following! To do this, navigate to the installation directory and stop the Enginsight environment:

cd /opt/enginsight/enterprise
sudo docker compose down

This step ensures that all running services are stopped properly before the upgrade.

  1. Creation of a database dump Basic command: mongodump --host "rs0/<ipOfTheDBAsUsedByTheApi>:27017" --db enginsight

    1. With RBAC (user name/password) Add the following parameters:

      --username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight"

    2. With TLS Add the following parameters:

      --ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem

      A complete dump command with an example IP for a database without TLS and RBAC looks like this:

      mongodump --host "rs0/192.168.180.38:27017" --db enginsight

      A complete dump command with an example IP for a database with TLS and RBAC looks like this:

      mongodump --host "rs0/192.168.180.38:27017" --username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight" --ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem --db enginsight

The dump is located in the dump subfolder of the current working directory. Additional external backup is strongly recommended.

  1. Deinstallation of MongoDB 5

systemctl stop mongod
apt remove mongodb-org
apt autoremove

Please note that all data without a dump will be lost before you start the next step.

  1. Deleting database remnants 

    sudo rm -rf /var/lib/mongodb

  2. Upgrade of the Debian-system Perform the upgrade with the plugin listed here. The MongoDB repository is automatically updated to version 8.0. A restart of the system is mandatory.

  3. MongoDB reinstallation After a system restart:

    sudo apt install mongodb-org

  4. MongoDB setup

    1. Restoring the configuration Now restore the backup of the /etc/mongod.conf file.

    2. Updating the configuration syntax Due to a change in the configuration syntax, an adjustment is required. The storage section previously looked like this:

      # Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

      The journal key is no longer supported and must be removed along with its suboptions. The section should then look like this:

      # Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
#  engine:
#  mmapv1:
#  wiredTiger:

    3. Temporarily deactivating authentication Temporarily comment out the security: section in the /etc/mongod.conf file if it exists. This applies to the entire section including sub-items, i.e. the indented options under security:!

    4. Start the Mongo DB

      sudo systemctl enable --now mongod

    5. Setting up the replica set Basic command:

      mongosh --host "<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017" \
		--eval "rs.initiate({
	    _id: \"rs0\", 
	    members: [{
	      _id: 0,
	      host: \"<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017\"
	    }]
	})"

      1. With TLS The following parameters must be added after the --host parameter:

        --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem

        Complete command with exemplary IP without TLS:

      mongosh --host "192.168.180.38:27017" \
		--eval "rs.initiate({
	    _id: \"rs0\", 
	    members: [{
	      _id: 0,
	      host: \"192.168.180.38:27017\"
	    }]
	})"
	
      mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \
		--eval "rs.initiate({
	    _id: \"rs0\", 
	    members: [{
	      _id: 0,
	      host: \"192.168.180.38:27017\"
	    }]
	})"

    6. Restore user (if previously available) Basic commands:

      mongosh --host "<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017" \
		--eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin
mongosh --host "<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017" \
		--eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight

      1. With TLS The following parameters must be added after the --host parameter:

        --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem

        Complete commands with exemplary IP without TLS:

        mongosh --host "192.168.180.38:27017" \
		--eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin
mongosh --host "192.168.180.38:27017" \
		--eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight

        Complete commands with exemplary IP with TLS:

        mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \
		--eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin
mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \
		--eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight

    7. Reactivation of the authentication The lines commented out in step 7.3. must now be commented in again. MongoDB must then be restarted:

      sudo systemctl restart mongod

  5. Importing the dump Basic command:

    mongorestore --host "rs0/<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017"

    1. With RBAC (Username/Password)

      Add these parameters:

      --username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight"

    2. With TLS

      Add these parameters:

      --ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem

      A complete dump command with an example IP for a database without TLS and RBAC looks like this:

      mongorestore --host "rs0/192.168.180.38:27017"

      A complete dump command with an example IP for a database with TLS and RBAC looks like this:

      mongorestore --host "rs0/192.168.180.38:27017" --username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight" --ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem

Once the upgrade is complete, restart the Enginsight environment:

cd /opt/enginsight/enterprise
sudo docker compose up -d

This step ensures that all services run properly again after the upgrade.

PreviousDeinstallationNextConfiguration

Last updated

Was this helpful?