Once all subordinate SIEM devices have been keyed to the ESM, consider the requirement to perform any updates to the platform codebase. Refer to the Product Download pages on the McAfee website to determine the latest code version available for the SIEM.
NOTE: Important information relating to the SIEM update process can always be found in the version release notes. Make certain to carefully read the published documentation prior to initiating the update process.
Code updates are made available as a single compressed TAR file (.tgz, sometimes called a tarball), along with a corresponding hash file that can be used to confirm the validity and consistency of the file downloaded and each discreet platform in the McAfee SIEM suite has a unique code update path. Since ALL appliances connecting to the SIEM solution must be running the same version of code, it is important to obtain any/all .tgz files necessary to perform an update to each of the appliances used in your environment.
NOTE: Update files MUST have a .tgz extension to install properly. Some browsers have a nasty habit of re-writing the .tgz extension to .gz. If this happens, simply rename the file to have a .tgz extension before uploading the file to your ESM.
The following table describes the SIEM appliance and corresponding upgrade file requirements.
Platform |
Update Filename |
Recommended Order |
ESM |
ESS_Update_X.x.x.signed.tgz |
1 |
ESM/REC/ELM |
ESSREC_Update_X.x.x.signed.tgz |
1 |
REC |
RECEIVER_Update_X.x.x.signed.tgz |
2 |
ELM |
RECEIVER_Update_X.x.x.signed.tgz |
2 |
ACE |
RECEIVER_Update_X.x.x.signed.tgz |
2 |
ADM |
APM_Update_X.x.x.signed.tgz |
3 |
DEM |
DBM_Update_X.x.x.signed.tgz |
3 |
The McAfee ESM maintains a file repository into which all code update .tgz files can be uploaded. Once uploaded, each .tgz update can be applied to the appropriate device from within the SIEM user interface either individually or, in the case of multiple devices of the same type, en masse.
The order in which SIEM appliances are updated must be determined by reviewing the release notes published with each update. In most circumstances, when multiple appliances in a SIEM hierarchy are to be updated, it will be necessary to start with the ESM (or ESM/REC/ELM). Once complete, any Event Receiver appliances should be updated to the new version including any ELM or ACE appliances since they share the same Receiver codebase. Lastly, any additional subordinate appliances such as ADM or DEM should be updated.
During most major (and some minor) updates, it will be necessary for the master ESM database to be rebuilt as part of the automated code update process. Depending upon the amount of data residing in the ESM database, this process can take anywhere from 30 minutes to several hours. In POC environments where the event volume will likely be minimal, the database rebuild process should complete in under an hour.
The following steps must be completed to perform a code update on one or more SIEM appliance.
The following steps must be performed to update any subordinate SIEM appliances.
Repeat these steps to apply all necessary update files to remaining subordinate devices.
Easy update.
Hi, I'm getting this message: the version could not be determined for the selected update file and after reboot it remains in 9.4.0
i´m trying to upgrade from 9.4.0 to 9.5.0
sha256sum it's ok
all of the ESMUpgradeChecklist-RevB.pdf checkings done and ok
Thanks in advance
downloaded 9.5.1 and the same mesaage about the version or the update path path remains
will download tonight the esm 9.5.1 and wil try tomorrow
We face the same issue and e followed the below knowledge base to fix.
Run the following command to check the version from the command line
dmidecode | less
Please refer the
https://kc.mcafee.com/corporate/index?page=content&id=KB77140&actp=LIST
Thank you Maria, but in our case
System Information
Manufacturer: McAfee, Inc.
Product Name: ENM6000
Version: ENMELM-6000
---------------------------------------------------
it's a little bit confusing we know EnterpriseLogManager but haven't found what ENM stands for
we have tried
McAfee Enterprise Security Manager 9.51 and then McAfee Event Receiver 9.51
today we shall try
d- McAfee Enterprise Security Manager, Event Receiver & Log Manager 9.51
we'll share results 🙂
vbueno,
Before running the update, open an ssh session and watch messages:
1. Open Putty
2. ssh root@ipaddressofdevice
3.type :tailf /var/log/messages Look for obvious errors.
Side note:
I've had this a couple of times and fixed it differently each time. If you can inbox me your message log.
I just upgraded to 9.51 an on one of my VM receivers I actually had to change the extension of my update file. The error log will usually tell you everything. The caveat is, its hard to decipher at times.
I will update a combo box from 9.5mr7 to 9.51 and see what I come up with.
I have been able to successfully recreate your issue.
Solution:
1. Download update
2. Change extension from *.gz to *.tgz
3. Reboot device
4. Update, then verify.
Let me know if you run into any problems.
Physically shutdown then wait for 5 mins. Then run the command dmidecode | less. If you find the correct Product Name & Version in both(cmd & GUI) then start the upgrade.
Hi friends,
today to upgrade our ENMELM-6000
McAfee Enterprise Security Manager, Event Receiver & Log Manager to 9.51 we downloaded ESSREC_Update_9.5.1.signed.gz
and uploaded to our appliance
physical Display >> Properties >> File Maintenance >> combo box software update files >> upload
and navigate to find the folder where we downloaded
below it is on the appliance now
then Physical Display>>Properies>> ESM Management >> update ESM and selected it
and received a warning about the required reboot
the ssh connection is closed
we were impatient but have to wait
we were welcomed with this message and fortunately have downloaded the 9.5.1 release notes
and it was upgraded to 9.5.1
every body was happy until this message
and tomorrow will try to add local storage device
McAfee-ENMELM-6000 ~ # df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sdb3 1.9T 13G 1.8T 1% /
/dev/sdb1 976M 67M 859M 8% /boot
/dev/sdc1 13T 115M 13T 1% /data_hd
shm 48G 0 48G 0% /dev/shm
/dev/sda 445G 448M 445G 1% /index_hd
--------------------
-----------------
McAfee-ENMELM-6000 ~ # checkraid
Ok
/etc/iscsi/initiatorname.iscsi = InitiatorName=iqn.2005-03.org.open-iscsi:1fb482e89b4
InitiatorName=iqn.2005-03.org.open-iscsi:1fb482e89b4
-------------------------------
McAfee-ENMELM-6000 ~ # lsscsi -t
[0:0:0:0] disk sata: /dev/sda
[6:2:0:0] disk /dev/sdb
[6:2:1:0] disk /dev/sdc
--------------
kind regards mariajohn14 and pepelepuu
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA