LogLogic

Upgrade Guide

Software Release: 5.1

Document Release: December 2010
Part No: LL30000-00E0510000

LogLogic, Inc. Proprietary and Confidential

© 2004 — 2010 LogLogic, Inc.

Proprietary Information
This document contains proprietary and confidential information of LogLogic, Inc. and its licensors.
In accordance with the license, this document may not be copied, disclosed, modified, transmitted,
or translated except as permitted in writing by LogLogic, Inc.
Trademarks
"LogLogic" and the LogLogic logo are trademarks of LogLogic, Inc. in the United States and/or
foreign countries. All other company product names are trademarks or registered trademarks of
their respective owners.
Notice
The information contained in this document is subject to change at any time without notice. All
warranties with respect to the software and accompanying documentation are set our exclusively
in the Software License Agreement or in the Product Purchase Agreement that covers the
documentation.

LogLogic, Inc.
110 Rose Orchard Way Suite 200
San Jose, CA 95134
Tel: +1 408 215 5900
Fax: +1 408 774 1752
U.S. Toll Free: 888 347 3883
Email: info@loglogic.com
www.loglogic.com

LogLogic, Inc. Proprietary and Confidential

 Contents

Preface: About This Guide

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Documentation Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 1: Appliance Software Upgrade

IMPORTANT: Upgrade Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Log Source Package (LSP) Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Updating the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Using File Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Upgrading in a High Availability Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Starting the Upgrade Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Running the Post Upgrade Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Upgrade Guide 3
CONTENTS

4 Upgrade Guide
 PREFACE:

About This Guide

The LogLogic™ Appliance-based solution enables you to capture and manage log data
from all types of sources in your enterprise. LogLogic Appliances install within 10
minutes and begin collecting and aggregating data from connected log sources
immediately.

The LogLogic Upgrade Guide is a usage guide for the LogLogic Appliances. It covers topics
related to upgrading the LogLogic Appliance.

Audience
This guide is intended for system administrators responsible for upgrading the LogLogic
Appliances.

Related Documents
The LogLogic documentation is available on the Solutions CD or on the LogLogic
Technical Support website — http://www.loglogic.com/services/support. The
documentation includes Portable Document Format (PDF) files and Online Help
accessible from the LogLogic user interface.

To read the PDF documentation, you need a PDF file viewer such as Adobe Acrobat
Reader. You can download the Adobe Acrobat Reader at http:// www.adobe.com.

The following documents contain additional information about the LogLogic Appliances:
 LogLogic Release Notes — Provides information specific to the release including product
information, new features and functionality, resolved issues, known issues and any
late-breaking information. Check the LogLogic support web site periodically for
further updates.
 LogLogic Quick Start Guide — Describes how to get started with your LogLogic
Appliance. In addition, the guide includes details about the Appliance hardware.
 LogLogic LX 2010N Quick Start Guide — Describes how to get started with the LogLogic
LX 2010N NEBS-compliant Appliance, and includes details about the Appliance
hardware.
 LogLogic Administration Guide — Describes how to administer the LogLogic solution
including managing users, managing log data storage, and managing new log sources
(devices).
 LogLogic Management Appliance Guide — Describes how to manage multiple distributed
Appliances using an MA 2010 Appliance.
 LogLogic Users Guide — Describes how to use the LogLogic solution, including for
managing reports, managing alerts, and performing searches.
 LogLogic Log Source Configuration Guides — Describe how to support log data from
various log sources. There is a separate manual for each supported log source. These
documents include documentation on LogLogic Collectors as well as documentation
on how to configure log sources to work with the LogLogic solution.

Upgrade Guide 5
About This Guide : Technical Support

 LogLogic Collector Guides — Describe how to implement support for using a LogLogic
Collector for specific log sources such as IBM i5/OS and ISS Site Protector.
 LogLogic Web Services API Implementation Guide — Describes how to implement the
LogLogic Web Services APIs to manage reports, manage alerts, perform searches, and
administrate the system.
 LogLogic Syslog Alert Message Format Quick Reference Guide — Describes the LogLogic
Syslog alert message format.
 LogLogic Online Help — Describes the Appliance user interface, including descriptions
for each screen, tab, and element in the Appliance.

Technical Support
LogLogic is committed to the success of our customers and to ensuring our products
improve customers' ability to maintain secure, reliable networks. Although LogLogic
products are easy to use and maintain, occasional assistance might be necessary. LogLogic
provides timely and comprehensive customer support and technical assistance from
highly knowledgeable, experienced engineers who can help you maximize the
performance of your LogLogic Appliances.

To reach the LogLogic Support team:

Telephone:

Toll Free — 1-800-957-LOGS

Local —1-408-834-7480

Europe, Middle East, Africa (EMEA) or Asia Pacific (APAC): + 44 (0) 207 1170075 or 
+44 (0) 8000 669970

Email: support@loglogic.com

Support Website: http://www.loglogic.com/services/support. When contacting

Customer Support, be prepared to provide the following information:
 Your name, e-mail address, phone number, and fax number
 Your company name and company address
 Your machine type and release version
 Serial number located on the back of the Appliance or the eth0 MAC address
 A description of the problem and the content of pertinent error messages (if any)

Documentation Support
Your feedback on LogLogic documentation is important to us. Send e-mail to
DocComments@loglogic.com if you have questions or comments. Your comments will be
reviewed and addressed by the LogLogic technical writing team.

In your e-mail message, please indicate the software name and version you are using, as
well as the title and document date of your documentation.

6 Upgrade Guide
 About This Guide : Documentation Support

Conventions
LogLogic documentation uses the following conventions:

Caution: Highlights important situations that could potentially damage data or cause system failure.

IMPORTANT! Highlights key considerations to keep in mind.

Note: Provides additional information that is useful but not always essential.

Tip: Highlights guidelines and helpful hints.

This guide also uses the following conventions to highlight code and command-line
elements:
 Monospace is used for programming elements (such as code fragments, objects,
methods, parameters, and HTML tags) and system elements (such as file names,
directories, paths, and URLs).
 Monospace bold is used to distinguish system prompts or screen output from user
responses, as in this example:
username: system
home directory: home\app
 Monospace italic is used for placeholders, which are general names that you
replace with names specific to your site, as in this example:
LogLogic_home_directory\upgrade\
 Straight brackets signal options in command-line syntax.
ls [-AabCcdFfgiLlmnopqRrstux1] [-X attr] [path ...]

Upgrade Guide 7
About This Guide : Documentation Support

8 Upgrade Guide
 CHAPTER 1:

Appliance Software Upgrade

You can upgrade from Release 4.9.1 and later to Release 5.1 on the ST, LX, and MX
Appliances, and from Release 4.9.1 for the NEBS Appliance. If you are running a prior
release, you must first upgrade to Release 4.9.1, run the Post Upgrade Script, and then
upgrade to Release 5.1. If you do not run the Post Upgrade script, you will loose all data.

After upgrading from 4.9.1 or 5.0 to 5.1, you must run the postupgrade script that is under
/loglogic/bin/. directory after the upgrade process. The postupgrade executable file
rundbm is under /loglogic/bin/. directory.

For information about a specific release, see the LogLogic Release Notes for that release.

Contents
 IMPORTANT: Upgrade Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

 Updating the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

 Upgrading in a High Availability Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

 Running the Post Upgrade Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

IMPORTANT: Upgrade Warnings

IMPORTANT: Please read all these warnings before upgrading to Release 5.1.

IMPORTANT: The user must wait at least 1 day after a software upgrade before doing a backup,
otherwise the backed up log data will be inconsistent with the platform software.

 LogLogic strongly recommends that you back up your data prior to performing an
upgrade.
 To properly forward Check Point data, you must update both your upstream and
downstream devices to the same release.
 If the source install is using an earlier version of LSP, it is required to upgrade first to
LSP 18.
 The 5.1 Post Upgrade Script MUST be run on LX, MX and ST Appliances after
upgrading.

Log Source Package (LSP) Support

 Table 1 indicates which LSPs are compatible with the LogLogic Appliance software
releases that are supported as of the shipment date of Release 5.1.

Upgrade Guide 9
Appliance Software Upgrade : Updating the Appliance
.
Table 1 LSP Compatibility with Supported Appliance Releases
Release LSP 13 LSP 14 LSP 15 LSP 16 LSP 17 LSP 17.1 LSP 18
4.6.x Yes † Yes † Yes † Yes † Yes † No No
4.7.x Yes Yes Yes Yes No No No
4.8.x Yes Yes Yes Yes Yes Yes No
4.9.0 – Yes Yes Yes Yes Yes Yes Yes
4.9.0.2
4.9.1 No Yes Yes Yes Yes Yes Yes
5.0 No No No No No Yes* Yes
5.1 No No No No No No Yes
† Upgrade to v4.7.x is not supported throughout the platform upgrade process.
* In order to upgrade to Release 5.1, you must upgrade to LSP 18 if you are running a previous LSP.

Updating the Appliance

LogLogic provides Appliance software upgrades through the Appliance user interface:
 Healthcheck - Ensure that the Appliance is ready for upgrade by running the
Healthcheck package before the upgrade. Download the package from the LogLogic
Support website. Use the following command to uncompress the package:

> tar zxf <filepath_healthcheck_package> -C /loglogic/update

where, <filepath_healthcheck_package> is the correct file path. See Step 5 under Using
File Update on page 10.

IMPORTANT! Do not install the Healthcheck package under /loglogic/tmp folder.

 File Update - Update the Appliance using a .bz2 and .sig file that you download
from the LogLogic Support website. See Step 6 under Using File Update on page 10.

Use the web browser progress bar to monitor the update process. A message displays on
the dashboard letting you know that you must wait. When the process completes, you are
redirected to the Login page. The new software release number displays in the top right
corner of the System Status page.

Depending on the nature of the update, the Appliance might automatically reboot.

Using File Update

To use File Update, download and load a .bz2 and .sig files to the Appliance. The File
Update process requires that you first download the appropriate software release. Once
you successfully downloaded the software release, you must copy the update files to the
Appliance and then run the File Update process.

To complete the upgrade process using File Update, you must have:
 Software download access to http://www.loglogic.com/services/support (if you do
not have access, register at http://www.loglogic.com/services/support or contact
Technical Support by email or phone)

10 Upgrade Guide
 Appliance Software Upgrade : Updating the Appliance

 For the following partitions, the available disk space must be:
 /partition – 400MB
 /failsafe partition – 50MB
 /loglogic partition – 10GB
 Null modem cable (if connecting to the Appliance using a console)

To Update the LogLogic Appliance Using File Update:

1. Back up the data on the LogLogic Appliance. For more information on backing up
your data, see the LogLogic Administration Guide.
2. Log in to the LogLogic support website http://www.loglogic.com/services/support,
and then download the latest software update that you want to apply to the
Appliance.
3. Ensure the Appliance has sufficient available disk space to perform the upgrade (see
the disk space requirement for partitions on page 10). To verify the available disk
space:
a. Log in to the Appliance using the LogLogic user interface and view the System
Status screen.
b. Look at the Free column under Disk Usage.
4. Connect to the LogLogic Appliance from the CLI or shell login. Use the command line
through the serial port with a null modem cable or using SSH.
LogLogic recommends using the serial port; using SSH, the connection is lost after the
final reboot.
The default user is toor and the password is logapp.

IMPORTANT! If this is the first time logging in through the CLI or shell login, LogLogic
recommends that you change the default password. To change the password, type > system
passwd Usage > at the command prompt and follow the prompts.

5. Make sure that the system is ready for upgrade by running the healthcheck command
healthcheck.sh with the correct path.
For example: ./healthcheck/healthcheck.sh
or,
/loglogic/update/healthcheck/healthcheck.sh if the healthcheck.sh is
under /loglogic/update/healthcheck directory.

Note: During this process, if system finds any inconsistencies, the console displays the
message: Ignore the inconsistency?[yes/no]: 
Type no to stop the process and go back and fix the issue before you proceed. You can run the
healthcheck command multiple times until you fix all inconsistencies. If you type yes, all
inconsistencies will be ignored and you can proceed.

6. Copy the update files (.bz2 and .sig) to the /tmp/update directory on the
Appliance. If the directory does not already exist, you need to create a soft link /tmp/
update to the /loglogic/update directory.
The update files must be copied to the /tmp/update directory to be available for
selection in the File Update drop-down menu.

Upgrade Guide 11
Appliance Software Upgrade : Upgrading in a High Availability Environment

7. Log in to the LogLogic Appliance you want to upgrade. You must log in as a user with
Administrator privileges.
8. In the navigation menu, click Maintenance > File Update.
The File Update tab displays.
9. From the Select File drop-down menu, select the appropriate software update.
If you do not see any files in the list, verify that the update files are added to the /tmp/
update directory.
10. Click Update.
A status message appears at the top of the File Update tab after the update is complete.
You might need to reboot the Appliance.
11. After the Appliance reboots, run the Post Upgrade script. See Running the Post Upgrade
Script on page 15.

Upgrading in a High Availability Environment

If you have a High Availability (HA) Appliance environment, either an LX-to-LX or ST-to-
ST configuration, you must use the following procedure to upgrade the Appliances.

HA is not supported on MX or MA Appliances.

Prerequisites
The following prerequisites must be met prior to starting the Upgrade Process on your
HA Appliances.
 The Active and Standby Appliances must be in sync. Ensure that there are no warning
messages that appear on the Dashboard > System Status page.

Note: The terms “Active” and “Standby” might suggest that these Appliances are not equivalent in
every respect. In fact they must have identical capabilities in order for High Availability pairing to
work. Therefore, for clarity during the of the upgrade process below, the original active Appliance will
always be referred to as “Appliance A” and the original standby Appliance will always be referred to
as “Appliance B” (even though their roles will reverse and then revert back).

At Step 6 in the upgrade process, Appliance B will become the active Appliance temporarily, and
Appliance A will become the standby Appliance temporarily. At the conclusion of the upgrade
process, the roles of the two Appliances will revert back to their original assignments, although that
is not necessary for successful HA operation.

Starting the Upgrade Process

This HA upgrade procedure uses the following example Appliance information:
 Appliance A: HA Active, IP address 10.20.0.44
 Appliance B: HA Standby, IP address 10.20.0.45
 Public: HA Public, IP address 10.20.0.46
 Network Mask, IP address 255.255.255.0
 Network Broadcast, IP address 10.20.0.255
 File update server, IP address 10.1.1.190
12 Upgrade Guide
 Appliance Software Upgrade : Upgrading in a High Availability Environment

To upgrade your HA environment:

1. Ensure that your HA environment is synchronized.
2. On the Appliance B, disable the HA configuration.
a. Open a command prompt and log in using username: root and password: logapp.
b. Run the following command:
set failover disable
The prompt returns “CHANGES HAVE NOT BEEN SAVED!”
c. Type save and then press enter.
save
3. Make sure that the system is ready for upgrade by running the healthcheck command
healthcheck.sh with the correct path.
For example: ./healthcheck/helathcheck.sh
or,
/loglogic/update/healthcheck/healthcheck.sh if the healthcheck.sh is
under /loglogic/update/healthcheck directory.
4. Copy the .bz2 and .sig files for the software upgrade to Appliance B’s 
/tmp/update directory.
The following files are examples of the update files you need to copy:
 update-200703291751-full.tar.bz2
 update-200703291751-full.tar.bz2.sig
5. Log in to Appliance B and complete the update.
a. Open a web browser and log in to the Appliance B.
b. In the navigation menu, click Maintenance > File Update.
The update-200703291751-full.tar.bz2 is displayed in the Select File box.
c. Click the Update button. You might need to wait about 30 - 40 minutes for the
update to complete.
6. On the Appliance A, disable the HA configuration.
a. Open a command prompt and log in using username: root and password: logapp.
b. Run the following command:
set failover disable
The prompt returns “CHANGES HAVE NOT BEEN SAVED!”
c. Type save and then press enter.
save
7. On Appliance B, set up the HA configuration.
a. Open a command prompt and log in using username: root and password: logapp.
b. Run the following command:
set failover configure

Upgrade Guide 13
Appliance Software Upgrade : Upgrading in a High Availability Environment

c. Follow the prompts. Make sure you type save when prompted.
The following example IP addresses are as noted at the beginning of this section:

 Public IP address of the cluster: 

10.20.0.46 255.255.255.0 10.20.0.255 bond0

 When prompted about this Appliance being the destination of automatic

migration, enter N.

 IP address of the peer Appliance: 

10.20.0.44

Note: At this point Appliance B has become the active Appliance. Appliance A is no longer part
of the HA pair, and thus is reported “missing” by Appliance B.

8. Make sure that the system is ready for upgrade by running the healthcheck command
healthcheck.sh with the correct path.
For example: ./healthcheck/healthcheck.sh
or,
/loglogic/update/healthcheck/healthcheck.sh if the healthcheck.sh is
under /loglogic/update/healthcheck directory.

Note: During this process, if system finds any inconsistencies, the console displays the
message: Ignore the inconsistency?[yes/no]: 
Type no to stop the process and go back and fix the issue before you proceed. You can run the
healthcheck command multiple times until you fix all inconsistencies. If you type yes, all
inconsistencies will be ignored and you can proceed.

9. Copy the .tar and .sig files from the LogLogic technical support release server
(10.1.1.190) to Appliance A. Copy the files to directory /tmp/update.
The following file are examples of the update files you need to copy:
 update-200703291751-full.tar.bz2
 update-200703291751-full.tar.bz2.sig
10. Log in to Appliance A and complete the update.
a. Open a web browser and log in to Appliance A.
b. In the navigation menu, click Maintenance > File Update.
The update-200703291751-full.tar.bz2 is displayed in the Select File box.
c. Click Update.
You might need to wait 30 - 40 minutes for the update to complete.

IMPORTANT! You must let Appliance A complete the upgrade process before syncing up to
Appliance B.

11. On the Appliance A, set up the HA configuration.

a. Open a command prompt and log in using username: root and password: logapp.
b. Run the following command:
set failover configure

14 Upgrade Guide
 Appliance Software Upgrade : Running the Post Upgrade Script

c. Follow the prompts. Make sure you type save when prompted.
The following example IP addresses are as noted at the beginning of this section:

 Public IP address of the cluster: 

10.20.0.46 255.255.255.0 10.20.0.255 bond0

 When prompted about this Appliance being the destination of automatic

migration, enter Y.

 IP address of the peer Appliance:

10.20.0.45

The upgrade is complete. Appliance B is active, and Appliance A is standby.

IMPORTANT! Forcing fail-overs for the purpose of keeping one particular Appliance “active” is not
recommended as it has no particular benefit and any fail-over event has the potential to cause some
loss of data.

Running the Post Upgrade Script

After you upgrade an Appliance to a new software release and the Appliance reboots, you
must run the Post Upgrade Script.

Note: Post Upgrade in an HA pair should be performed only on the Appliance in the “active” role.

1. Log in to the Appliance CLI via SSH.

2. Go to the CLI scripts directory:
> cd /loglogic/bin
3. Run the Post Upgrade Script:
> ./rundbm
The Configuration Menu appears, as follows:
Configuration Menu:
1) Modify the above configuration
2) Start the Post Upgrade Process
3) Help
4) Exit the Post Upgrade Process
Enter choice:
4. The modify configuration menu appears. The example menu that follows is typical;
your menu items will depend on your Appliance configuration.
1) module_4800000_exchange
2) module_4800000_auth
3) Return to Configuration Menu
4) Help
Enter 1-4:

Upgrade Guide 15
Appliance Software Upgrade : Running the Post Upgrade Script

5. Change the number of days to preserve for any of these logs that should not be set to
seven days. For example, for MS Exchange:
a. Type 1.
b. Enter the amount of pre-existing MS Exchange/authentication data, in days, that
you want accessible on the Appliance after the upgrade. For example, if you want
access to the past month’s MS Exchange data, enter 31.
The default setting is 7, which converts the previous week. The higher number of
days you enter, the longer the post-upgrade process takes to complete.
To preserve the ability to search on all log data collected from MS Exchange log
sources, input a number of days to include the first collection of MS Exchange log
information.
After entering the number of days, the module configuration menu appears again.
6. Repeat step 5 for each option necessary.
7. Type 2 to start the Post Upgrade Process.
The conversion time for the Post Upgrade Process depends on the amount of data to be
migrated.
8. After typing 2 to start the Post Upgrade Process, the Appliance returns you to the
configuration menu immediately, with the additional option to "Monitor the Post
Upgrade Process" — choice 5) below.
9. Type 5 to monitor the Post Upgrade Process.
The Configuration Menu appears:
1) Modify the above configuration
2) Start the Post Upgrade Process
3) Help
4) Exit the Post Upgrade Process
5) Monitor the Post Upgrade Process
By typing "5", the user can monitor the Post Upgrade Process. Hit Ctrl-c to exit. The
screen returns to the Configuration Menu listed above. When the user sees the
following message during monitoring, the Post Upgrade Process is complete.
2009-11-18 17:10:37,818 - dbmLogger - INFO : ** All migrations complete!
10. Type 4 to exit the post-upgrade script.

16 Upgrade Guide