1 2 Previous Next 14 Replies Latest reply on Jun 26, 2013 12:53 PM by wedge

    Upgrading ESM to 9.2.0

    haroot

      Hi All,

       

      Has anyone upgraded the ESM to 9.2.0 version ? Please share how much time it has taken for the compete Database rebuilding process. For me the Database rebuilding is still in progress on for the past 5 days considering that my database size is around 18 TB.

        • 1. Re: Upgrading ESM to 9.2.0
          haroot

          Small correction Database size is 1.8 TB

          • 2. Re: Upgrading ESM to 9.2.0
            Chris Boldiston

            Hi Haroot

             

             

            As mentioned in your related support ticket there maybe some other issues going on with your upgrade that we will need to check.

             

            As a general note for others who are looking at upgrading to 9.2, there is a major change in the database in 9.2.  As a result, after the first 2 partitions are rebuilt you can log into the ESM but there will still be a lengthy background rebuild time of the older data.

             

            The attached document and other information is available on the McAfee Download site and will assist others with the planning and process of the upgrade.

             

             

             

            Regards

             

             

             

            Chris

            • 3. Re: Upgrading ESM to 9.2.0
              kcole

              The amount of time to complete the upgrade varies depending on the appliance type or vm as well as the amount of data to convert.  The ESM will convert the first two partitions and resume operations while the rest of the partitions are upgraded.  So you will be able to continue to use your SIEM once the first 2 partitions become available which should be a few hours maximum (again - depending on the appliance and/or vm).  I believe the release notes for 9.2 also has some notes around this too. 

              • 4. Re: Upgrading ESM to 9.2.0
                esher72

                I can see you are already in good hands but here are my two cents. My database is small compared to yours. Maybe 500Mb or so. It was about 24 hours before I was able to log back in and it finally had all tables rebuilt on about day 3. It was a long process. That said, after the update was done, everything has been running flawlessly.

                • 5. Re: Upgrading ESM to 9.2.0
                  eM Ka

                  ***************

                  Hi Haroot

                  As mentioned in your related support ticket there maybe some other issues going on with your upgrade that we will need to check.

                  As a general note for others who are looking at upgrading to 9.2, there is a major change in the database in 9.2.  As a result, after the first 2 partitions are rebuilt you can log into the ESM but there will still be a lengthy background rebuild time of the older data.

                  The attached document and other information is available on the McAfee Download site and will assist others with the planning and process of the upgrade.

                  Regards

                  Chris

                  ***************

                   

                  Hi Chris,

                   

                  Currently we 're after apgrade our ESM to 9.2.1 (ETM 5600, 2xERC 2600 (HA), ACE 2600, ELM 4600)  - all of these modules are in 9.2.1 Version.

                  As you said, after rebuilt 2 first partision we could log into ESMi - unfortunetelly we 've some problem: when we try to get events/flows from ERC to ESM we get info that there is no events/flows (0 events, 0 flows) - ERC work fine, HA status is ok, evnts/flows are seeing using tcpdump on shared IP... everything looks fine.

                  At this time we 've 68% complete of rebuilding ESM database and I'm wondering if it the cause of this problem.

                  (When exactly the ESM should work normally after upgrade??)

                   

                  Thank you in advance

                  • 6. Re: Upgrading ESM to 9.2.0
                    haroot

                    Hi Proxima,

                     

                     

                    I would suggest you open a Support Ticket parallely .Have you upgraded the ERC to 9.2.1 version as well ?

                     

                    Haroot

                    • 7. Re: Upgrading ESM to 9.2.0
                      eM Ka

                      Hi Haroot,

                       

                       

                      Yes, all modules are currently in 9.2.1 version (from 9.1.3) - and all seems to work fine (besides the problem with collecting data from ERC to ESM)

                      Size of primary ERC partition are decreasing - so I suspect that it buffering data and when ESM will end rebuild, all data will be send to ESM (I hope...)

                      I already opened a support request.....

                       

                       

                      Thanks

                      • 8. Re: Upgrading ESM to 9.2.0
                        haroot

                        Are you able to view the data/events on ESM GUI for the current day/last hour ?I would suggest have a look at the /var/log/messages file as it will indicate what might be wrong.Also check the NitroError.log file.

                         

                        Secondly sometimes re-keying the ERC helps in re-establishing the communication between ESM & ERC but I am not sure how this is done on an HA setup.

                         

                        Hope the above logs files are able to identofy the issue if any exists.

                         

                         

                        Haroot

                        • 9. Re: Upgrading ESM to 9.2.0
                          siemple

                          When upgrading to 9.2, we encountered a similar issue with a database rebuild that seemed extraordinarily long.  After consulting with support they found that there was indeed an issue with the rebuild and the process had indeed gotten hung up.  They were able to manually fix the database, but it did take about a day.  Just throwing this out there as an experience. 

                          1 2 Previous Next