6. Upgrade¶

6.1 Upgrade RSE core¶

To upgrade the RSE core, run:

rseinstaller

Select the following options to upgrade the correct core:

Option 1 => RSE Core installation
Option 3 => Core upgrade

The upgrade for RSE core is now completed.

6.2 Upgrade RSC core¶

To upgrade the RSC core, run:

rseinstaller

Select the following options to upgrade the correct core:

Option 2 => RSC Core installation
Option 3 => Core upgrade

The upgrade for RSC core is now completed.

6.3 Upgrade RSE webinterface¶

To upgrade the RSE webinterface, run:

rseinstaller

Select the following options to upgrade the correct webinterface:

Option 4 => RSE webinterface installation
Option 1 => Upgrade RSE WEB

The upgrade for RSE webinterface is now completed.

6.4 Upgrade RSC webinterface¶

Required core = RSE core

To upgrade the RSC webinterface, run:

rseinstaller

Select the following options to upgrade the correct webinterface:

Option 3 => RSC webinterface installation
Option 1 => Upgrade RSC WEB

The upgrade for RSC webinterface is now completed.

6.5 Upgrade RSX webinterface¶

Required core = RSE core

To upgrade the RSX webinterface, run:

rseinstaller

Select the following options to upgrade the correct webinterface:

Option 5 => RSX webinterface installation
Option 1 => Upgrade RSX WEB

The upgrade for RSX webinterface is now completed.

6.6 Upgrade RSL webinterface (Any project)¶

Required core = RSE core

Remote Syslog RSL clean allows you to upgrade a clean Laravel project for Remote Syslog.

To upgrade the RSL webinterface, run:

rseinstaller

Select the following options to remove the correct webinterface:

Option 6 => RSL devkit
Option 3 => RSL Removal

Reinstall a project from backup, run:

rseinstaller

Select the following options to install the correct webinterface:

Option 6 => RSL devkit
Option 1 => RSL Backup

The upgrade for RSL webinterface is now completed.

6.7 Upgrade from legacy Remote Syslog¶

Manual remove Remote Syslog 1.x with the following bash script:

echo "File is only present if local syslog is activated"
rm -rf /etc/syslog-ng/conf.d/99-remote-local.conf
echo "Remove configuration files"
rm -rf /etc/syslog-ng/conf.d/99-remote.conf
rm -rf /etc/logrotate.d/remotelog
rm -rf /etc/colortail/conf.colortail
rm -rf /opt/remotesyslog
echo "Remove binary files"
rm -rf /usr/bin/rsview
rm -rf /usr/bin/rsinstaller
echo "Removing legacy GUI website …"
rm -rf /var/www/html/favicon.ico
rm -rf /var/www/html/index.php
rm -rf /var/www/html/indexs.php
rm -rf /var/www/html/jquery-latest.js
rm -rf /var/www/html/loaddata.php
echo "Remove packages …"
apt -y purge apache2 apache2-utils php libapache2-mod-php syslog-ng colortail
apt -y autoremove
echo "Reinstall rsyslog"
apt -y install rsyslog

After the removal of Remote Syslog 1.x, install the new RSX or RSC. The old syslog data is still available within the log folder /var/log/remote_syslog/.

More information over Remote Syslog 1.x: https://github.com/tslenter/Remote_Syslog

6.8 Upgrade to new distrobution¶

Example: Upgrade from Ubuntu 18.04 to 20.04

This holds a upgrade to a new Ubuntu version and some known issues from that time. Those are fixed now.

Upgrade commands:

apt update && sudo apt upgrade

You probably run in a syslog-ng rdkafka error. This will stop the installation. Therefore we added “apt install -f”. This only effects version 3.27.1 and was fixed in 3.27.1-2.

apt install -f
reboot
apt install update-manager-core
do-release-upgrade -d

It appears that the package “syslog-ng-mod-rdkafka” has some conflics with the core configuration, If you run in this error, try to uninstall this package:

#This only effects version 3.27.1 and was fixed in 3.27.1-2.
apt remove syslog-ng-mod-rdkafka

After the upgrade there is a issue with the Apache2 configuration: Edit the following file: /etc/apache2/mods-enabled/php7.2.load and change:

-LoadModule php7_module /usr/lib/apache2/modules/libphp7.2.so
+LoadModule php7_module /usr/lib/apache2/modules/libphp7.4.so

Check to /var/log/syslog for errors. We found 2 errors and this depends on which platform you run the server. Error 1 || DNS message:

Apr 30 20:56:22 lusysl003 systemd-resolved[923]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP

Recreate symlink will fix this issue:

ln -sfn /run/systemd/resolve/resolv.conf /etc/resolv.conf

or

rm /etc/resolv.conf
ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

Error 2 || If you run the server on ESXi you get the following error:

Apr 30 12:47:53 plisx001.lan.local multipathd[856]: sdb: add missing path
Apr 30 12:47:53 plisx001.lan.local multipathd[856]: sdb: failed to get udev uid: Invalid argument
Apr 30 12:47:53 plisx001.lan.local multipathd[856]: sdb: failed to get sysfs uid: Invalid argument
Apr 30 12:47:53 plisx001.lan.local multipathd[856]: sdb: failed to get sgio uid: No such file or directory

Edit the following file /etc/multipath.conf to fix this issue:

+blacklist {
+    device {
+        vendor "VMware"
+        product "Virtual disk"
+    }
+}

After that restart the deamon:

systemctl restart multipath-tools

Reactivate repo:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
apt-get install apt-transport-https -y
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-7.x.list
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-7.x.list

wget -qO - https://cloud.remotesyslog.com/xUbuntu_18.04/Release.key | /usr/bin/apt-key add -
echo deb https://cloud.remotesyslog.com/xUbuntu_18.04 ./ > /etc/apt/sources.list.d/syslog-ng.list
apt update
apt install syslog-ng-mod-snmp syslog-ng-mod-freetds syslog-ng-mod-json syslog-ng-mod-mysql syslog-ng-mod-pacctformat syslog-ng-mod-pgsql syslog-ng-mod-snmptrapd-parser syslog-ng-mod-sqlite3
sudo apt autoremove

6.9 Preparations for Elastic 8.x¶

Preparing for Elastic 8.x we have the following additional configuration. As we currently testing and validating the config, we provide the following configuration:

Create selfsinged certificate:

/usr/share/elasticsearch/bin/elasticsearch-certutil ca
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

Generate passwords for all Elastic users:

/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

Edit xpack security option within Elastic. The configuration below is tested for a cluster.

Master node:

xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
cluster.name: syslog
node.name: syslog01
node.roles: [ master, data ]
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts:
    - 10.10.10.99

Data node:

xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
cluster.name: syslog
node.name: syslog02
#node.master: false
#node.data: true
node.roles: [ data ]
network.host: 0.0.0.0
http.port: 9200
#transport.tcp.port: 9300
transport.port: 9300
#discovery.zen.ping.unicast.hosts: ["10.10.10.99"]
#discovery.zen.minimum_master_nodes: 2
discovery.seed_hosts:
   - 10.10.10.99

Update Kibana configuration:

elasticsearch.username: "kibana_system"
elasticsearch.password: "MY_PASSWORD"
server.rewriteBasePath: true
server.basePath: "/kibana"

Update Syslog-NG configuration with username and password in the URL:

#Update RSE configuration
destination d_http {
 elasticsearch-http(
  frac_digits(3)
  index("rsx-routingandswitching")
  type("production")
  url("http://my_username:my_password@localhost:9200/_bulk")
  persist-name("Default RSE log")
  template("$(format-json --scope rfc5424 --scope dot-nv-pairs --scope nv-pairs --key R_ISODATE @timestamp=${R_ISODATE})"));
};

Change the Apache2 reverse configuration for port 80 and 443:

<Location /kibana>
    Define CREDENTIALS my_username:my_password
    RequestHeader set Authorization "expr=Basic %{base64:${CREDENTIALS}}"
</Location>

6.10 Ubuntu upgrade policy¶

For Ubuntu we only test the latest LTS version. At the time of writing this is 20.04 LTS. The next release will be 22.04 LTS.

6. Upgrade¶

6.1 Upgrade RSE core¶

6.2 Upgrade RSC core¶

6.3 Upgrade RSE webinterface¶

6.4 Upgrade RSC webinterface¶

6.5 Upgrade RSX webinterface¶

6.6 Upgrade RSL webinterface (Any project)¶

6.7 Upgrade from legacy Remote Syslog¶

6.8 Upgrade to new distrobution¶

6.9 Preparations for Elastic 8.x¶

6.10 Ubuntu upgrade policy¶

Python

Navigation

Related Topics