TIBCO LogLogic Log Management Intelligence (LMI) Configuration and Upgrade Guide

TIBCO LogLogic Log Management Intelligence (LMI) Configuration and Upgrade Guide Software Release 5.4.2 November 2013 Two-Second Advantage

Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE LICENSE FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, Two-Second Advantage, and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright 2002-2013 TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information

Contents Preface About This Guide Related Documents....................................................... 5 Technical Support........................................................6 Conventions............................................................. 7 Chapter 1 Appliance Software Configuration Setting Up the Appliance with a Browser...................................... 9 Step 1: Connecting the Appliance to a Network............................. 10 Step 2: Logging in to the Appliance....................................... 10 Step 3: Configuring Log Source Auto-Identification........................... 10 Step 4: Configuring Network Settings..................................... 10 Step 5: Setting the Time Zone and Time................................... 11 Setting Up the Appliance using the Console................................... 11 Using the Console to Set Up the Appliance................................. 12 Chapter 2: Appliance Software Upgrade IMPORTANT: Upgrade Warnings........................................... 15 Log Source Package (LSP) Support...................................... 16 Updating the Appliance................................................... 16 Using File Update.................................................... 17 Upgrading in a High Availability Environment.................................. 19 Prerequisites........................................................ 19 Starting the Upgrade Process........................................... 19 Running the Post Upgrade Script........................................... 23 Appendix A: LogLogic idrac Configuration Setting up idrac IP Using idrac Settings Utility.............................. 25 Disable idrac remote connectivity.......................................... 26 Logging in to the idrac console............................................ 27 Configuration and Upgrade Guide 3

CONTENTS 4 Configuration and Upgrade Guide

Preface: About This Guide The LogLogic Appliance-based solution enables you to capture and manage log data from all types of sources in your enterprise. LogLogic Appliances install within 10 minutes and begin collecting and aggregating data from connected log sources immediately. This document enables you to quickly set up your LogLogic Appliance, and provides Software Upgrade instructions and descriptions of the Appliance hardware configurations. Related Documents The LogLogic documentation is available on the Solutions CD and on the TIBCO LogLogic Technical Support website https://support.tibco.com/esupport/loglogic.htm. The documentation includes Portable Document Format (PDF) files and Online Help accessible from the LogLogic user interface. To read the PDF documentation, you need a PDF file viewer such as Adobe Acrobat Reader. You can download the Adobe Acrobat Reader at http:// www.adobe.com. The following documents contain information about the LogLogic Appliances: LogLogic Release Notes Provides information specific to the release including product information, new features and functionality, resolved issues, known issues and any late-breaking information. Check the LogLogic support web site periodically for possible further updates. LogLogic Hardware Installation Guide Describes how to get started with your LogLogic Appliance. In addition, the guide includes details about the Appliance hardware for all models. LogLogic Configuration and Upgrade Guide Describes how to configure and upgrade the LogLogic Appliance software. LogLogic User Guide Describes how to use the LogLogic solution, viewing dashboard, managing reports, managing alerts, and performing searches. LogLogic Administration Guide Describes how to administer the LogLogic solution including all Management and Administration menu options. Configuration and Upgrade Guide 5

Technical Support LogLogic Log Source Configuration Guide Describe how to support log data from various log sources. There is a separate manual for each supported log source. These documents include documentation on LogLogic Collectors as well as documentation on how to configure log sources to work with the LogLogic solution. LogLogic Collector Guides Describe how to implement support for using a LogLogic Collector for specific log sources such as IBM i5/os and ISS Site Protector. LogLogic Web Services API Implementation Guide Describes how to implement the LogLogic Web Services APIs to manage reports, manage alerts, perform searches, and administrate the system. LogLogic Syslog Alert Message Format Quick Reference Guide Describes the LogLogic Syslog alert message format. LogLogic Online Help Describes the Appliance user interface, including descriptions for each screen, tab, and element in the Appliance. Technical Support LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use and maintain, occasional assistance might be necessary. LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers who can help you maximize the performance of your LogLogic Appliances. To reach the TIBCO LogLogic Support team: Telephone: United States, Canada, Mexico Toll Free 1-800-957-LOGS Local -408-834-7480 Europe, Middle East, Africa (EMEA) or Asia Pacific (APAC) +44 01480 479391 or 00 800 0330 4444 Japan IDC 0061 800 0330 4444; Japan KDD 0010 800 0330 4444 Brazil 0021 800 0330 4444 Email: ll-support@tibco.com Support Website: https://support.tibco.com/esupport/loglogic.htm When contacting Customer Support, be prepared to provide the following information: Your name, e-mail address, phone number, and fax number Your company name and company address Your machine type and release version Serial number located on the back of the Appliance or the eth0 MAC address A description of the problem and the content of pertinent error messages (if any) 6 Configuration and Upgrade Guide

About This Guide Conventions LogLogic documentation uses the following conventions: CAUTION: Highlights important situations that could potentially damage data or cause system failure. IMPORTANT! Highlights key considerations to keep in mind. Note: Provides additional information that is useful but not always essential. Tip: Highlights guidelines and helpful hints. This guide also uses the following conventions to highlight code and command-line elements: Monospace is used for programming elements (such as code fragments, objects, methods, parameters, and HTML tags) and system elements (such as file names, directories, paths, and URLs). Monospace bold is used to distinguish user input from system prompts or screen output, as in this example: username: system home directory: home\app Monospace italic is used for placeholders, which are general names that you replace with names specific to your site, as in this example: LogLogic_home_directory\upgrade\ Straight brackets signal options in command-line syntax. ls [-AabCcdFfgiLlmnopqRrstux1] [-X attr] [path...] Configuration and Upgrade Guide 7

Conventions 8 Configuration and Upgrade Guide

CHAPTER 1: Appliance Software Configuration After you install the new LogLogic Appliance in its rack and it has power, set it up as described in this chapter. You can set up the Appliance either using the user interface via a web browser, or using the command line interface via a console connection. Contents Setting Up the Appliance with a Browser.................................... 9 Setting Up the Appliance using the Console................................ 11 Once the Appliance is running, you want to configure it for your specific needs. For more information, see the LogLogic User Guide or LogLogic Administration Guide. To upgrade an existing Appliance, see Appliance Software Upgrade on page 15. TIBCO LogLogic new (H4) Appliances come with an embedded SD card that contains an image of the Appliance software. This new feature facilitates reimaging the Appliance in case of critical hardware or software failure. For instructions on how to use the backup image for recovery, please contact TIBCO LogLogic support through the online support portal at: https://support.tibco.com/esupport/loglogic.htm or through email: ll-support@tibco.com Note: By default on H4 LogLogic appliances, the labeled idrac network interface will have an assigned static IPv4 address of 192.168.0.120/24. By connecting the idrac network interface to a network infrastructure, the idrac web interface will become available via HTTPS, at https:// 192.168.0.120 as well as telnet and SSH to the same default IP. To change the network connectivity from the local console see, LogLogic idrac Configuration on page 25. Setting Up the Appliance with a Browser To set up a LogLogic Appliance using the browser: Step 1: Connecting the Appliance to a Network on page 10 Step 2: Logging in to the Appliance on page 10 Step 3: Configuring Log Source Auto-Identification on page 10 Step 4: Configuring Network Settings on page 10 Step 5: Setting the Time Zone and Time on page 11 Configuration and Upgrade Guide 9

Setting Up the Appliance with a Browser Step 1: Connecting the Appliance to a Network Connect the Appliance to a network where you can access a 10.0.0.x network address using a class C subnet mask (255.255.255.0). Note: The Appliance s Default IP Address is 10.0.0.x, which is assigned to the Eth0 port. Step 2: Logging in to the Appliance To log in to the Appliance 1. Open Internet browser on your workstation and connect to the Appliance by entering https://10.0.0.11 in the browser address line. 2. Accept the certificate. A login screen appears. 3. Enter the default user name (admin) and password (admin). The Appliance displays the End User License Agreement (EULA). 4. Accept the EULA. The Appliance asks you to enter a new password, which must be at least six characters long and contain at least one number. 5. Enter a new password. Note: A warning message may be displayed indicating the time on the appliance is not set or synchronized. You can ignore this warning. For more information, see Step 5: Setting the Time Zone and Time on page 11. LogLogic recommends that you also create a secondary administrative account. You can do this now or later. To add more user accounts, see the Managing Users chapter in the LogLogic Administration Guide. To change the admin password later, see the Setting User Preferences chapter in the LogLogic User Guide. Step 3: Configuring Log Source Auto-Identification 1. From Administration > System Settings, opens the General tab. 2. Next to Auto-identify Log Sources, click Yes. 3. Click Update. Step 4: Configuring Network Settings 1. Select the Administration > Network Settings menu. 10 Configuration and Upgrade Guide

CHAPTER 1 Appliance Software Configuration 2. Type in the appropriate network information, and then click Save. For more information on network settings, see the Network Settings chapter in the LogLogic Administration Guide. Step 5: Setting the Time Zone and Time 1. From Administration > System Settings, select the Time tab. 2. Select the appropriate Time Zone from the Time Zone drop-down menu. IMPORTANT! You must set the time zone for your Appliance. If not, the system will not function correctly. 3. Select Update Time to define how to synchronize your local time. 4. Select how to update the Appliance time: (Recommended) Select NTP Server to enter a Hostname or IP address for your NTP server. This is the time server with which you want to synchronize your local time. If you have multiple Appliances connected together, you must set up a common external NTP server for all Appliances to ensure that the time on all Appliances is synchronized. Ideally, this is the same NTP server used by the entire data center. If you have no access to an external NTP server, you can use the Appliance running as a Management Station as the common NTP server. All Appliances must have their time settings in sync. It is important to have an NTP server set up for a single Appliance as well. Select Specify Time and manually enter the system time (MMDDhhmmYY.ss). IMPORTANT! You must set the time for your Appliance. If not, the system will not function correctly. 5. Click Update to save your changes. The Appliance prompts you that an immediate reboot is required. 6. Click OK to let the Appliance reboot for changes to take effect. IMPORTANT! New settings do not go into effect until the Appliance is restarted. Setting Up the Appliance using the Console To set up a LogLogic Appliance using the console, you will need the NULL modem cable shipped with the Appliance, and compatible terminal software. Note: For more information on CLI commands, see the LogLogic Administration Guide or type help at the command prompt. Configuration and Upgrade Guide 11

Setting Up the Appliance using the Console Using the Console to Set Up the Appliance 1. Using a laptop or other terminal device, connect the NULL modem cable to the serial port (COM1) located at the back of the Appliance. 2. Open your terminal software. Use the following communication settings: 9600 baud, Null, 8 bit, 1 parity 3. In the terminal program, log in as user root with password logapp. Note: The next two steps are only necessary when you are setting up the Appliance for the first time, if not then continue on to step 6. 4. When prompted enter a new root password, then at the confirmation prompt re-enter the same password. It is recommended to choose a suitable password based on the standard guidelines for strong password security, however the system will accept both weak and strong passwords. 5. When prompted enter a new toor password, then confirm your password. IMPORTANT! Please ensure that you make a note of your root and toor passwords and store them in a safe location. Lost passwords can not be recovered. At this point the toor account will become available. 6. Configure the network settings: a. Set the Appliance IP address and interface network settings: > set ip <ip address> <netmask> <gateway> <ifdev> [defaultgw] If you are bonding two interfaces together, use interface-name to indicate bond0 or bond1. Example: > set ip 10.9.3.250 255.255.255.0 10.9.3.1 eth0 defaultgw b. Set the DNS server IP address: > set dns <ip address> Example: > set dns 10.1.1.5 7. Set the local time zone. > set timezone <Enter> From the displayed menu, select the time zone where this Appliance is located. 8. Verify your settings: > show changes 9. Save your changes: > save This updates the necessary files so that the network setting changes are permanent. 12 Configuration and Upgrade Guide

CHAPTER 1 Appliance Software Configuration IMPORTANT! New settings do not go into effect until the Appliance is restarted. 10. Select the IP address to use to generate the BlueCoat certificate: > 0 This will generate the BlueCoat certificate for the interface configured above. 11. View the new network settings to verify they are correct: > show current 12. Restart the network interface: > network restart 13. Check the network settings using the command: > show current 14. (Highly recommended) Set up an NTP server, using the IP address or DNS name of the NTP server: > set ntpserver <ip address> 15. Either reboot or halt the Appliance. To reboot the Appliance type: > system reboot To halt the Appliance type: > system halt Note: Wait approximately 2 minutes for the Appliance to cease operation before removing power. CAUTION: When powering down the appliance it is important to follow a proper shutdown procedure. Failure to comply could cause a corrupted file system, loss of data or a failure to boot the Appliance. Configuration and Upgrade Guide 13

Setting Up the Appliance using the Console 14 Configuration and Upgrade Guide

CHAPTER 2: Appliance Software Upgrade You can upgrade from Release 5.3, 5.3.1, 5.4, or 5.4.1 to Release 5.4.2 on the ST, LX, and MX Appliances. If you are running a release prior to 5.3, you must first upgrade to Release 5.3, 5.3.1, 5.4, or 5.4.1, run the Post Upgrade Script, and then upgrade to Release 5.4.2. If you do not run the Post Upgrade Script, you will lose some of the reports data. After upgrading from 5.3, 5.3.1 5.4, 5.4.1 or 5.4.2, you must run the Post Upgrade Script rundbm which is under /loglogic/bin/. directory. For information about a specific release, see the LogLogic Release Notes for that release. Contents IMPORTANT: Upgrade Warnings......................................... 15 Updating the Appliance................................................. 16 Upgrading in a High Availability Environment................................ 19 Running the Post Upgrade Script......................................... 23 IMPORTANT: Upgrade Warnings IMPORTANT! Please read all these warnings before upgrading to Release 5.4.2. IMPORTANT! The user must wait at least 1 day after a software upgrade before doing a backup, otherwise the backed up log data will be inconsistent with the platform software. LogLogic strongly recommends that you back up your data prior to performing an upgrade. To properly forward Check Point data, you must update both your inbound and outbound devices to the same release. If the source install is using an earlier version of LSP, it is required to upgrade first to LSP 27. The 5.4.2 Post Upgrade Script MUST be run on LX, MX, and ST Appliances after upgrading. Configuration and Upgrade Guide 15

Appliance Software Upgrade : Updating the Appliance If upgrading from version 5.3, the message routing rules will have the following changes: Authentication and Encryption cannot be selected separately starting from version 5.3.1. If either Authentication or Encryption was set, the Enable Authentication and Encryption setting will be set after upgrade. The Authentication and Encryption option is not available when forwarding messages with the UDP protocol starting from version 5.3.1. For details, refer to the Chapter 12 - Forwarding Logs to Other Appliances (Routing) in the LogLogic Administration Guide. For encrypted forwarding to be possible, the authentication is now performed using the SSH protocol. The toor user of the upstream appliance must be authorized to login via SSH to the downstream appliance without entering a password. For details, refer to the Chapter 12 - Forwarding Logs to Other Appliances (Routing) in the LogLogic Administration Guide. Starting from version 5.3.1, when scheduling a replay, if you select Authentication and Encryption options, type the CLI command system keycopy on the ST Appliance and follow the instructions displayed on the screen to add the public key to the LX Appliance. Starting from version 5.4, the Show Triggered Alerts page may not display the original alert message even after you disable the Data Privacy mode using the lock icon for the current user session. However, if you turn off the Data Privacy option using the Administration > System Settings > General tab, the original alert message will be displayed in the Show Triggered Alerts page. Log Source Package (LSP) Support Table 1 indicates which LSPs are compatible with the LogLogic Appliance software releases that are supported as of the shipment date of Release 5.4.2. Table 1 LSP Compatibility with Supported Appliance Releases Release LSP 23 LSP 24 LSP 25 LSP 26 LSP 27 5.3.0 Yes Yes Yes Yes Yes 5.3.1 Yes Yes Yes Yes Yes 5.4.0 No No Yes Yes Yes 5.4.1 No No No Yes Yes 5.4.2 No No No No Yes * In order to upgrade to Release 5.4.2, you must upgrade to LSP 27 if you are running a previous LSP. Updating the Appliance LogLogic provides Appliance software upgrades through the Appliance user interface: File Update Download the update package (in.tar format) from the TIBCO Software Product Download Site or LogLogic Support website and use the following command to extract all files into the destination directory /loglogic/update on the Appliance: 16 Configuration and Upgrade Guide

Appliance Software Upgrade : Updating the Appliance > tar xf <filepath_update_package> -C /loglogic/update The extracted files are described below: Table 2 Update Package Details Files bz2 bz2.sig healthcheck.tar.gz mc-metadata Description The update file. The signature file for the upgrade file. The healthcheck utility tool. Files related to the TIBCO LogLogic Management Center (MC) software (required for upgrading LMI versions using the MC software). Healthcheck Ensure that the Appliance is ready for upgrade by running the Healthcheck package before the upgrade. Use the following command to uncompress the package: > tar zxf <filepath_healthcheck_package> -C /loglogic/update where, <filepath_healthcheck_package> is the correct file path. See Step 5 on page 18. IMPORTANT! Do not install the Healthcheck package under /loglogic/tmp folder. Use the web browser progress bar to monitor the update process. A message displayed on the dashboard informs you to wait. When the process completes, you are redirected to the Login page. The new software release number will be displayed on the top right corner of the System Status page. Depending on the nature of the update, the Appliance might automatically reboot. Using File Update The bz2 and bz2.sig files are required to perform file update process. To extract these files, follow the process explained in the File Update section above. To complete the upgrade process using File Update, you must have: Software download access to the TIBCO Software Product Download Site or https:// support.tibco.com/esupport/loglogic.htm (if you do not have access, register at https://support.tibco.com/esupport/loglogic.htm or contact Technical Support by email or phone) For the following partitions, the available disk space must be: / partition 300MB /loglogic partition 5GB Null modem cable (if connecting to the Appliance using a console) To Update the LogLogic Appliance Using File Update: 1. Back up the data on the LogLogic Appliance. For more information on backing up your data, see the LogLogic Administration Guide. Configuration and Upgrade Guide 17

Appliance Software Upgrade : Updating the Appliance 2. Log in to the TIBCO LogLogic support website https://support.tibco.com/esupport/loglogic.htm, and then download the latest software update that you want to apply to the Appliance. 3. Ensure the Appliance has sufficient available disk space to perform the upgrade (see the disk space requirement for partitions above). To verify the available disk space: a. Log in to the Appliance using SSH and type the command: df -h. b. Look at the available space under the Available column. 4. Connect to the LogLogic Appliance from the CLI or shell login. Use the command line through the serial port with a null modem cable or using SSH. LogLogic recommends using the serial port; using SSH, the connection is lost after the final reboot. The default user is toor, login using the toor password which was created during Using the Console to Set Up the Appliance on page 12. 5. Make sure that the system is ready for upgrade by running the healthcheck command healthcheck.sh with the correct path. For example:./healthcheck/healthcheck.sh or, /loglogic/update/healthcheck/healthcheck.sh Notes: 1. During this process, if system finds any inconsistencies, the console displays the message: Ignore the inconsistency?[yes/no]: Type no to stop the process and go back and fix the issue before you proceed. You can run the healthcheck command multiple times until you fix all inconsistencies. If you type yes, all inconsistencies will be ignored and you can proceed. 2. During this process, the console may prompt the following message to warn you about unconverted report data from previous upgrade process: There is report data on the system that was not converted after the last upgrade. Do you want to convert this data now? [yes/no]: Type yes to exit the healthcheck command at this point and run the rundbm command to complete the post-upgrade process from the previous upgrade. Otherwise, type no to ignore this warning and proceed. During the upgrade process, prior to 5.1, some unused files are left that misleads the healthcheck command to show this prompt. If the post-upgrade process has been run through and this prompt still shows, you should type no to ignore the warning and proceed. 6. Make sure that the update files (bz2 and bz2.sig) are in the /tmp/update directory on the Appliance. If the directory does not already exist, you need to create a soft link /tmp/update to the /loglogic/update directory. To create a soft link, the command is: ln -s /loglogic/update /tmp/update The update files must be copied to the /tmp/update directory to be available for selection in the File Update drop-down menu. 7. Log in to the LogLogic Appliance you want to upgrade. You must log in as a user with Administrator privileges. 8. In the navigation menu, click Administration > File Update. The File Update tab displays. 18 Configuration and Upgrade Guide

Appliance Software Upgrade : Upgrading in a High Availability Environment 9. From the Select File drop-down menu, select the appropriate software update. If you do not see any files in the list, verify that the update files are added to the /tmp/ update directory. 10. Click Update. A status message appears at the top of the File Update tab after the update is complete. You might need to reboot the Appliance. 11. After the Appliance reboots, run the Post Upgrade script. See Running the Post Upgrade Script on page 23. Upgrading in a High Availability Environment If you have a High Availability (HA) Appliance environment, either an LX-to-LX or ST-to- ST configuration, you must use the following procedure to upgrade the Appliances. HA is supported on MX3020, MX4020, and MXVirtual (when HA is enabled by default). Prerequisites The following prerequisites must be met prior to starting the Upgrade Process on your HA Appliances. Both HA appliances must have the same hardware model and software version for them to function correctly. The Active and Standby Appliances must be in sync. Ensure that there are no warning messages that appear on the Dashboards > System Status page. Note: The terms Active and Standby might suggest that these Appliances are not equivalent in every respect. In fact they must have identical capabilities in order for High Availability pairing to work. Therefore, for clarity during the of the upgrade process below, the original active Appliance will always be referred to as Appliance A and the original standby Appliance will always be referred to as Appliance B (even though their roles will reverse and then revert back). At Step 6 in the upgrade process, Appliance B will become the active Appliance temporarily, and Appliance A will become the standby Appliance temporarily. At the conclusion of the upgrade process, the roles of the two Appliances will revert back to their original assignments, although that is not necessary for successful HA operation. Starting the Upgrade Process This HA upgrade procedure uses the following example Appliance information: Appliance A: HA Active, IP address 10.20.0.44 Appliance B: HA Standby, IP address 10.20.0.45 Public: HA Public, IP address 10.20.0.46 Network Mask, IP address 255.255.255.0 Network Broadcast, IP address 10.20.0.255 File update server, IP address 10.1.1.190 Configuration and Upgrade Guide 19

Appliance Software Upgrade : Upgrading in a High Availability Environment To upgrade your HA environment: 1. Ensure that your HA environment is synchronized. 2. On the Appliance B, disable the HA configuration. a. Open a command prompt and log in using username: root and password: logapp. b. Run the following command: set failover disable The prompt returns CHANGES HAVE NOT BEEN SAVED! c. Type save and then press enter. save 3. Make sure that the system is ready for upgrade by running the healthcheck command healthcheck.sh with the correct path. For example:./healthcheck/helathcheck.sh or, /loglogic/update/healthcheck/healthcheck.sh 4. Make sure that the update files (bz2 and bz2.sig) are downloaded and are available in the /tmp/update directory on the Appliance B. For details, see Updating the Appliance on page 16. The following files are examples of the update files you need to copy: update-201210111812-full.tar.bz2 update-201210111812-full.tar.bz2.sig 5. Log in to Appliance B and complete the update. a. Open a web browser and log in to the Appliance B. b. In the navigation menu, click Administration > File Update. The update-201210111812-full.tar.bz2 is displayed in the Select File box. c. Click the Update button. You might need to wait about 30-40 minutes for the update to complete. 6. On the Appliance A, disable the HA configuration. a. Open a command prompt and log in using username: root and password: logapp. b. Run the following command: set failover disable The prompt returns CHANGES HAVE NOT BEEN SAVED! c. Type save and then press enter. save 7. On Appliance B, set up the HA configuration. a. Open a command prompt and log in using username: root and password: logapp. b. Run the following command: set failover configure 20 Configuration and Upgrade Guide

Appliance Software Upgrade : Upgrading in a High Availability Environment c. Follow the prompts. Make sure you type save when prompted. The following example IP addresses are as noted at the beginning of this section: Public IP address of the cluster: 10.20.0.46 255.255.255.0 10.20.0.255 bond0 When prompted about this Appliance being the destination of automatic migration, enter N. IP address of the peer Appliance: 10.20.0.44 Note: At this point Appliance B has become the active Appliance. Appliance A is no longer part of the HA pair, and thus is reported missing by Appliance B. 8. Make sure that the system is ready for upgrade by running the healthcheck command healthcheck.sh with the correct path. For example:./healthcheck/healthcheck.sh or, /loglogic/update/healthcheck/healthcheck.sh Notes: 1. During this process, if system finds any inconsistencies, the console displays the message: Ignore the inconsistency?[yes/no]: Type no to stop the process and go back and fix the issue before you proceed. You can run the healthcheck command multiple times until you fix all inconsistencies. If you type yes, all inconsistencies will be ignored and you can proceed. 2. During this process, the console may prompt the following message to warn you about unconverted report data from previous upgrade process: There is report data on the system that was not converted after the last upgrade. Do you want to convert this data now? [yes/no]: Type yes to exit the healthcheck command at this point and run the rundbm command to complete the post-upgrade process from the previous upgrade. Otherwise, type no to ignore this warning and proceed. During the upgrade process, prior to 5.1, some unused files are left that misleads the healthcheck command to show this prompt. If the post-upgrade process has been run through and this prompt still shows, you should type no to ignore the warning and proceed. 9. Make sure that the update files (bz2 and bz2.sig) are downloaded and are available in the /tmp/update directory on the Appliance A. For details, see Updating the Appliance on page 16. The following files are examples of the update files that you need to copy: update-201210111812-full.tar.bz2 update-201210111812-full.tar.bz2.sig 10. Log in to Appliance A and complete the update. a. Open a web browser and log in to Appliance A. b. In the navigation menu, click Administration > File Update. The update-201210111812-full.tar.bz2 is displayed in the Select File box. Configuration and Upgrade Guide 21

Appliance Software Upgrade : Upgrading in a High Availability Environment c. Click Update. You might need to wait 30-40 minutes for the update to complete. IMPORTANT! You must let Appliance A complete the upgrade process before syncing up to Appliance B. 11. On the Appliance A, set up the HA configuration. a. Open a command prompt and log in using username: root and password: logapp. b. Run the following command: set failover configure c. Follow the prompts. Make sure you type save when prompted. The following example IP addresses are as noted at the beginning of this section: Public IP address of the cluster: 10.20.0.46 255.255.255.0 10.20.0.255 bond0 When prompted about this Appliance being the destination of automatic migration, enter Y. IP address of the peer Appliance: 10.20.0.45 The upgrade is complete. Appliance B is active, and Appliance A is standby. IMPORTANT! Forcing fail-overs for the purpose of keeping one particular Appliance active is not recommended as it has no particular benefit and any fail-over event has the potential to cause some loss of data. 22 Configuration and Upgrade Guide

Appliance Software Upgrade : Running the Post Upgrade Script Running the Post Upgrade Script After you upgrade an Appliance to a new software release and the Appliance reboots, you must run the Post Upgrade Script. Note: Post Upgrade in an HA pair should be performed only on the Appliance in the active role. 1. Log in to the Appliance CLI via SSH. 2. Go to the CLI scripts directory: > cd /loglogic/bin 3. Run the Post Upgrade Script: >./rundbm The Configuration Menu appears, as follows: Configuration Menu: 1) Modify the above configuration 2) Start the Post Upgrade Process 3) Help 4) Exit the Post Upgrade Process Enter choice: 4. The modify configuration menu appears. The example menu that follows is typical; your menu items will depend on your Appliance configuration. 1) module_5410000_wwwlog 2) module_5410000_i5osaudit 3) module_5410000_stats 4) module_5410000_ids 5) Return to Configuration Menu 6) Help Enter 1-6: 5. Change the number of days to preserve for any of these logs that should not be set to seven days. For example, for MS Exchange: a. Type 1. b. Type 1. c. Specify if you want to change the default value. If you type y, then enter the amount of pre-existing MS Exchange/authentication data, in days, that you want accessible on the Appliance after the upgrade. For example, if you want access to the past month s MS Exchange data, enter 31. The default setting is 7, which converts the previous week. The higher number of days you enter, the longer the post-upgrade process takes to complete. To preserve the ability to search on all log data collected from MS Exchange log sources, input a number of days to include the first collection of MS Exchange log information. After entering the number of days, the module configuration menu appears again. 6. Repeat step 5 for each option necessary. 7. Type 5 to go back to Configuration Menu. Configuration and Upgrade Guide 23

Appliance Software Upgrade : Running the Post Upgrade Script 8. Type 2 to start the Post Upgrade Process. The conversion time for the Post Upgrade Process depends on the amount of data to be migrated. 9. After typing 2 to start the Post Upgrade Process, the Appliance returns you to the configuration menu immediately, with the additional option to Monitor the Post Upgrade Process choice 5) below. 10. Type 5 to monitor the Post Upgrade Process. The Configuration Menu appears: 1) Modify the above configuration 2) Start the Post Upgrade Process 3) Help 4) Exit the Post Upgrade Process 5) Monitor the Post Upgrade Process By typing 5, the user can monitor the Post Upgrade Process. Hit Ctrl-c to exit. The screen returns to the Configuration Menu listed above. When the user sees the following message during monitoring, the Post Upgrade Process is complete. 2012-10-11 20:10:37,818 - dbmlogger - INFO: ** All migrations complete! 11. Type 4 to exit the post-upgrade script. 24 Configuration and Upgrade Guide

LogLogic idrac Configuration : Setting up idrac IP Using idrac Settings Utility APPENDIX A: LogLogic idrac Configuration This appendix describes how to configure the idrac network connectivity. Setting up idrac IP Using idrac Settings Utility............................ 25 Disable idrac remote connectivity....................................... 26 Logging in to the idrac console......................................... 27 Beginning with H4 gear, LogLogic appliances include the Dell idrac utility for a more convenient low-level LogLogic appliance administration. The idrac interface is available by local console, and web interface. The web interface is enabled by default on all LogLogic appliances, and relies on the idrac designated interface being connected to the network infrastructure. If this interface is left disconnected, the idrac interface will not be accessible remotely, but will still be accessible in the local console. By default on LogLogic appliances, the labeled idrac network interface will have an assigned static IPv4 address of 192.168.0.120/24. By connecting the idrac network interface to a network infrastructure, the idrac web interface will become available via HTTPS, at https://192.168.0.120 as well as telnet and SSH to the same default IP. Use the following instructions to change the network connectivity from the local console. Setting up idrac IP Using idrac Settings Utility To set up the idrac7 IP address: 1. Turn on the managed system. 2. Press <F2> during Power-on Self-test (POST). 3. In the System Setup Main Menu page, Select idrac Settings, using Down arrow key and press Enter key. The idrac Settings page is displayed. 4. Select Network and press Enter key. 5. The Network page is displayed. Configuration and Upgrade Guide 25

LogLogic idrac Configuration : Disable idrac remote connectivity 6. Specify the following settings: Network Settings Common Settings IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings 7. Go back to the idrac settings page and press Esc key. A pop up window is displayed with message Settings have changed. Do you want to save the changes? 8. Using the arrow keys select Yes and press the Enter key. 9. Press the Esc key to go back to System Setup Main Menu and press the Esc key to exit A pop up window is displayed with message Are you sure you want to exit and reboot? 10. Using the arrow keys select Yes and press the Enter key. The network information is saved and the system reboots. It is also possible to configure idrac7 IP information remotely using the idrac web interface. Disable idrac remote connectivity The idrac remote connectivity feature can be disabled from the local console so it will not respond even if connected to a network interface. To disable the idrac7 network interface: 1. Turn on the managed system. 2. Press <F2> during Power-on Self-test (POST). 3. In the System Setup Main Menu page, Select idrac Settings, using Down arrow key and press Enter key. The idrac Settings page is displayed. 4. Select Network and press Enter key. The Network page is displayed. 5. Specify the following settings: Network Settings 6. Select Enable NIC using arrow keys and press the Enter key. Two options are displayed Using the arrow keys select Disabled and press the Enter key. 26 Configuration and Upgrade Guide

LogLogic idrac Configuration : Logging in to the idrac console 7. Go back to the idrac settings page and press the Esc key. A pop up window is displayed with message Settings have changed. Do you want to save the changes? 8. Using the arrow keys select Yes and press the Enter key. 9. Press the Esc key to go back to System Setup Main Menu and press the Esc key to exit. A pop up window is displayed with message Are you sure you want to exit and reboot? 10. Using the arrow keys select Yes and press the Enter key. The network information is saved and the system reboots. It is also possible to disable idrac7 network connectivity information remotely using the idrac web interface. Logging in to the idrac console The idrac console supports several variations for logging in Local User, Active Directory, and LDAP. Active Directory and LDAP authentication will not be discussed, as those methods are documented by Dell. It is important to know that by default, LogLogic appliances will have a Local User account with the user name root and password calvin. It is advisable to change those credentials if idrac will be used over the network. Users accessing idrac locally at the console do not use the credentials. To configure local users in the idrac7 local console: 1. Turn on the managed system. 2. Press <F2> during Power-on Self-test (POST). 3. In the System Setup Main Menu page, using the Down arrow key select idrac Settings and press the Enter key. The idrac Settings page is displayed. 4. Using the arrow keys go to User Configuration and press the Enter key A page with all User configuration fields is displayed 5. Configure the following fields: User Name Lan User Privilege Serial Port User Privilege Change Password 6. Go back to the idrac settings page and press the Esc key. A pop up window is displayed with message Settings have changed. Do you want to save the changes? 7. Using the arrow keys select Yes and press the Enter key. Configuration and Upgrade Guide 27

LogLogic idrac Configuration : Logging in to the idrac console 8. Press the Esc key to go back to System Setup Main Menu and press the Esc key to exit. A pop up window is displayed with message Are you sure you want to exit and reboot? 9. Using the arrow keys select Yes and press the Enter key. The network information is saved and the system reboots. It is also possible to configure users and change information using the idrac web interface. 28 Configuration and Upgrade Guide