cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Upgrade to 9.5

Jump to solution

I just upgraded from 9.4.2 MR6 to 9.5.0 MR1 last night. It took ~3 hours for an ESM, an ACE, 4 Receivers, and 3 ELMs. The upgrade went smoothly, and so far, I haven't encountered any issues. The upgrade DID address our issue with Alarms not firing.

Re: Upgrade to 9.5

Jump to solution

All,

For those who upgraded:

I understand the FTI is "gone", with the functionality being embedded with the ELM itself, without the need for an additional storage allocation.

However, I had a chat with McAfee today and one of their guys mentioned some serious changes to the way the ELM backend stores files? Including rumour the files are no long the terrible binary blobs that could never be read from outside the ELM.

Can someone using the ELM with NFS storage confirm if the files (specially syslog data sources) can now be read from outside the ELM interface itself?

Cheers

aszotek
Level 10
Report Inappropriate Content
Message 13 of 24

Re: Upgrade to 9.5

Jump to solution

I can't read .elm files from command line , have they mentioned how to read them without UI?

rcavey
Level 9
Report Inappropriate Content
Message 14 of 24

Re: Upgrade to 9.5

Jump to solution

Sorry rhino  ... still in the same format.   I don't see how they are going to make them readable without the underlying tools from mcafee as you would not want just anyone accessing the data if they get a hold of it.

I know they use openssl in some fashion to encrypt the data so I'm sure you'd need to know where the key is to decrypt.   We have a weekly meeting and I remember them saying there is a way to get to the data underneath but I'm sure you'd have to escalate with fury to get that process.  I will also ask about what you mention this week and see what they say.

BTW --  we've upgraded all but one of our environments to 9.5.0 MR1. Yesterday upgrade we did was a pair of redundant ESM's, a pair of redundant ELM's, 3 HA receiver pairs, and two Ace's one being a spare for standby. Other than needed to crash cart the ESM's and ELM due to the flaky 3ware ( that is my guess ) it fails fsck check but a power cycles brings them back up without issue.

Highlighted
rcavey
Level 9
Report Inappropriate Content
Message 15 of 24

Re: Upgrade to 9.5

Jump to solution

Oh... yeah FTI has been replaced with "bloom" indexer(new and improved written from scratch) which is checked on by default now.  I have not had to time to exercise searches yet but I hope that is helps.  The initial indexing was consuming quite a bit of CPU on one machine which was a combo box that was getting spammed by the LDAP server.

ksudki
Level 10
Report Inappropriate Content
Message 16 of 24

Re: Upgrade to 9.5

Jump to solution

Dear all thank you for contributing to this post.

We recentyl upgraded to 9.5.0 20150305 we have 1 ESM / 1 ACE / 1 ELM / 1 ERC and so far everything went fine.on nearly all boxes.

Does anyone have an explanation or encounter such errors/notifications on the ELM:

McAfee elm: get_logfile - Exception = "Did not find log" - DSID = '5' or LogID = '<LOGID>'

McAfee elmftiinsd[3222]: Failed to get logfile for <ID of ...>-<LOGID>, marking as ignored for bloom purposes

I don't know what was the FTI but what I can see is that I have some binaries left on my system containing fti (might be related?):

  • elmftictl
  • elmftiinsd
  • elmftiinsdctl

From what I can see the .elm files are still unreadable blob file so far.

Best regards

ivio
Level 7
Report Inappropriate Content
Message 17 of 24

Re: Upgrade to 9.5

Jump to solution

Hi All,

Just finished upgrade to 9.5.0 on combo box yesterday with no issue , i do the following below

1. Check processor type (cat /proc/cpuinfo)

2. Check ngcp.dfl database with DBCheck

3. Perform Backup ELM config, ESM setting

4. Perform Fullbackup (2 days)

5. Upgrade from 9.4.2 to 9.5.0 (2 hours)

6. Update rule manually

7. ESM successfull upgrade to 9.5.0 Build 20150305183150, Database: OK, Policy: OK

penoffd
Level 10
Report Inappropriate Content
Message 18 of 24

Re: Upgrade to 9.5

Jump to solution

I see that there is a new release dated 30 March for v9.5.  Anyone tried this yet, or know if there are any significant differences between this and the 03 March release?

aszotek
Level 10
Report Inappropriate Content
Message 19 of 24

Re: Upgrade to 9.5

Jump to solution

Yes, I tried that (9.5.0 MR2) in my test/dev environment last week, no events since the upgrade, support is still scratching their heads...

penoffd
Level 10
Report Inappropriate Content
Message 20 of 24

Re: Upgrade to 9.5

Jump to solution

OK, sounds like I need to let this on percolate a while before deploying it..... thanks for taking one for the team!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community