Skip to content

SELKS 2.0 to SELKS 2.1 upgrades

Jump to bottom
Peter Manev edited this page Sep 2, 2015 · 6 revisions

For new features in SELKS 2.1 you can further read here

This is a major SELKS upgrade.

As a standard best practice - please make sure that you test the upgrade in your test/QA environment first before doing it on your production systems.

Please follow this guide to upgrade from SELKS 2.0 to SELKS 2.1

1)

Make sure you do the following changes in your sources list:

root@SELKS:~# cat /etc/apt/sources.list.d/elasticsearch.list
deb http://packages.elasticsearch.org/elasticsearch/1.7/debian stable main
deb http://packages.elasticsearch.org/logstash/1.5/debian stable main

2)

root@SELKS:~# mkdir -p /var/cache/logstash/sincedbs/
root@SELKS:~# chown logstash:logstash /var/cache/logstash/sincedbs/

3)

Make the following change inside /etc/logstash/conf.d/logstash.conf:

#sincedb_path => ["/var/lib/logstash/"]
sincedb_path => ["/var/cache/logstash/sincedbs/since.db"]

4)

apt-get update && apt-get dist-upgrade

Answer yes to everything except:

Setting up elasticsearch (1.7.1) ...

Configuration file '/etc/default/elasticsearch'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** elasticsearch (Y/I/N/O/D/Z) [default=N] ? N
Installing new version of config file /etc/elasticsearch/logging.yml ...
Installing new version of config file /etc/init.d/elasticsearch ...
Installing new version of config file /usr/lib/systemd/system/elasticsearch.service ...
Restarting elasticsearch service... OK
Setting up gstreamer1.0-libav:amd64 (1.4.4-2) ...
Setting up iceweasel (38.2.0esr-1~deb8u1) ...
Installing new version of config file /etc/iceweasel/pref/iceweasel.js ...

Configuration file '/etc/iceweasel/profile/bookmarks.html'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** bookmarks.html (Y/I/N/O/D/Z) [default=N] ? N

5)

root@SELKS:~# /etc/init.d/scirius restart

6)

Check the services:

root@SELKS:~# service elasticsearch status
root@SELKS:~# service suricata status
root@SELKS:~# service logstash status

If something is not running - restart, for example:

root@SELKS:~# service suricata restart

Basically the upgrade will take you from here:

root@SELKS:~# dpkg -l |grep logstash
ii  logstash                             1.4.2-1-2c0f5a1                   all          An extensible logging pipeline
root@SELKS:~# dpkg -l |grep suricata
ii  suricata                             2.1~beta3-0stamus0                amd64        Suricata open source multi-thread IDS/IPS/NSM system.
root@SELKS:~# dpkg -l |grep elasticsearch
ii  elasticsearch                        1.5.2                             all          Open Source, Distributed, RESTful Search Engine
root@SELKS:~#
root@SELKS:~# dpkg -l |grep selks
ii  selks-scripts-stamus                 2015022601                        amd64        SELKS Scritps by StamusN.
root@SELKS:~#

To here:

root@SELKS:~#
root@SELKS:~# dpkg -l |grep logstash
ii  logstash                             1:1.5.3-1                         all          An extensible logging pipeline
root@SELKS:~# dpkg -l |grep suricata
ii  suricata                             2.1~beta4.8-0stamus1              amd64        Suricata open source multi-thread IDS/IPS/NSM system.
root@SELKS:~# dpkg -l |grep elasticsearch
ii  elasticsearch                        1.7.1                             all          Open Source, Distributed, RESTful Search Engine
root@SELKS:~# dpkg -l |grep selks
ii  selks-scripts-stamus                 2015080901                        amd64        SELKS Scritps by StamusN.
root@SELKS:~#

NOTE: Standard configs are distributed and present here:

root@SELKS:~# tree /opt/selks/Scripts/Configs/
/opt/selks/Scripts/Configs/
├── Conky
│   └── etc
│       └── conky
│           └── conky.conf
├── Elasticsearch
│   └── etc
│       └── elasticsearch
│           └── elasticsearch.yml
└── Logstash
    └── etc
        └── logstash
            └── conf.d
                └── logstash.conf

10 directories, 3 files
root@SELKS:~#

7)

Copy over the standard distributed config files for SELKS:

root@SELKS:~# cp /opt/selks/Scripts/Configs/Elasticsearch/etc/elasticsearch/elasticsearch.yml  /etc/elasticsearch/
root@SELKS:~# cp /opt/selks/Scripts/Configs/Logstash/etc/logstash/conf.d/logstash.conf /etc/logstash/conf.d/logstash.conf

and restart elasticsearch and logstash:

root@SELKS:~# service elasticsearch restart
root@SELKS:~# service logstash restart

That is it!

Clone this wiki locally