UPGRADING STRM TO R1 PATCH

Similar documents
Upgrading STRM to

Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Patch Release Notes

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Juniper Secure Analytics Patch Release Notes

Release Notes Patch 1

Juniper Secure Analytics Patch Release Notes

Restore Data. Release Juniper Secure Analytics. Juniper Networks, Inc.

NSM Plug-In Users Guide

NSM Plug-In Users Guide

Partition Splitting. Release Juniper Secure Analytics. Juniper Networks, Inc.

NSM Plug-In Users Guide

SETTING UP A JSA SERVER

Setting Up an STRM Update Server

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Table 1 List of Common Ports Used by STRM Components. Port Direction Reason. components. your SMTP gateway

Deploying JSA in an IPV6 Environment

Installing JSA Using a Bootable USB Flash Drive

Juniper Secure Analytics Patch Release Notes

Deploying STRM in an IPV6 Environment

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Intrusion Detection and Prevention IDP 4.1r4 Release Notes

High Availability Guide

JSA Common Ports Lists

Reconfigure Offboard Storage During a JSA Upgrade

STRM Administration Guide

Wireless LAN. SmartPass Quick Start Guide. Release 9.0. Published: Copyright 2013, Juniper Networks, Inc.

Troubleshooting Guide

Customizing the Right-Click Menu

Intrusion Detection and Prevention Release Notes

STRM Log Manager Administration Guide

STRM Series to JSA Series

STRM Getting Started Guide. Release Security Threat Response Manager. Juniper Networks, Inc.

Juniper Secure Analytics Quick Start Guide

Managing User-Defined QID Map Entries

Forwarding Logs Using Tail2Syslog. Release Security Threat Response Manager. Juniper Networks, Inc.

Juniper Secure Analytics Release Notes

IBM Security QRadar SIEM Version 7.2. Installation Guide

WinCollect User Guide

Release Notes. Juniper Secure Analytics. Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA

Intrusion Detection and Prevention Release Notes

Reference Data Collections

Steel-Belted Radius Installation Instructions for EAP-FAST Security Patch

Network and Security Manager (NSM) Release Notes DMI Schema

Junos Pulse Access Control Service

Cisco Unified Serviceability

How to Set Up Your SRX320 Services Gateway

Juniper Secure Analytics

JUNOS SCOPE SOFTWARE IP SERVICE MANAGER

STRM Adaptive Log Exporter

Network and Security Manager (NSM) Release Notes DMI Schema

Upgrading the Cisco ONS CL to Release 7.0

Migration of Existing NSM Server from standalone to an Extended HA environment

IBM Security QRadar SIEM Version Getting Started Guide

How to Set Up Your SRX300 Services Gateway

Juniper Secure Analytics Virtual Appliance Installation Guide

Stealthwatch System Version 6.10.x to Update Guide

Web Device Manager Guide

Intrusion Detection and Prevention Release Notes

Log & Event Manager UPGRADE GUIDE. Version Last Updated: Thursday, May 25, 2017

Dell Storage Compellent Integration Tools for VMware

Juniper Secure Analytics

Network Configuration Example

Adaptive Log Exporter Users Guide

How to Set Up Your SRX340 Services Gateway

Network Configuration Example

CUSTOM EVENT PROPERTIES FOR IBM Z/OS

Dell Storage Integration Tools for VMware

Migrating vrealize Automation 6.2 to 7.1

QuickStart Guide for Managing Computers. Version

Network and Security Manager (NSM) Release Notes DMI Schema

Migrating vrealize Automation 6.2 to 7.2

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Perceptive Experience Web Scan

CONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS

CaliberRDM. Installation Guide

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Network and Security Manager (NSM) Release Notes DMI Schema

IBM Security QRadar Version Upgrade Guide IBM

Junos Pulse 2.1 Release Notes

Quick Setup Guide. 2 System requirements and licensing

Subscriber Traffic Redirection

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

Juniper Secure Analytics

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

QuickStart Guide for Managing Computers. Version 9.73

Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Network and Security Manager (NSM) Release Notes DMI Schema & NSM Schema

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

SuperLumin Nemesis. Getting Started Guide. February 2011

QuickStart Guide for Managing Computers. Version 9.32

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Juniper Networks CTPOS Release 7.0R1 Software Release Notes

How to Set Up Your SRX550 High Memory Services Gateway

IDP NetScreen-Security Manager Migration Guide

Junos Pulse Secure Access Service

Clearswift SECURE Gateway Installation & Getting Started Guide. Version 4.3 Document Revision 1.0

ADOBE DRIVE 4.2 USER GUIDE

Technical Configuration Example

Transcription:

UPGRADING STRM TO 2012.1.R1 PATCH RELEASE 2012.1 MARCH 2013 This Upgrade Guide provides information on the following: Before You Upgrade Clearing the Cache After You Upgrade Before You Upgrade Upgrade Requirements Before you upgrade, review each of the following sections: Upgrade Requirements Preparing to Upgrade Upgrading to STRM 2012.1r1 Before you upgrade, you must verify your deployment meets the following requirements: To upgrade to STRM 2012.1r1 patch, you must be running a minimum of STRM 2010.0.r2, including the latest patch. In the STRM user interface, click Help > About to view your current STRM version information. Close all open STRM sessions to avoid access errors in your log file. Appliances cannot be upgraded if they do not meet the minimum memory requirements, as specified in the following table: Table 1-1 Appliance Memory Requirements Appliance QFlow 500 QFC QFlow STRM-QFC-BSE; JN-LG-STRM-QFC-BSE QFlow 1202 QFlow 1301 Minimum Memory Requirement 2 GB

2 Table 1-1 Appliance Memory Requirements (continued) Appliance QFlow 1302 QFlow 1310 STRM 500 QFC STRM 1605 STRM 2500 FP STRM 2500 EP/FP Combo STRM 2000 STRM 2500 STRM 5000 STRM 3105 Minimum Memory Requirement Regardless of appliance type, we recommend that all systems running an Event Collector or Event Processor include a minimum memory of. We recommend that you upgrade all of the systems in your deployment from STRM 2010 to STRM 2012.1r1 patch. If a QFlow Collector does not meet the minimum memory requirements or is unable to be upgraded, you must add the QFlow Collector as a Pre-2012.1r1 Off-site Flow Source. For more information on adding flow sources, see the STRM Administration Guide. The Java Runtime Environment must be installed on the desktop system you use to view STRM. You can download Java version 1.6.0_u24 at the following website: http://www.java.com. Adobe Flash 10.x must be installed on the desktop system you use to view STRM. The upgrade process validates the disk space required for your STRM configuration and determines if enough disk space is available. If your system does not have enough free disk space, the upgrade process stops and a message is displayed warning you that additional disk space is required to perform the upgrade. The STRM 2012.1r1 patch upgrade requires the following minimum free disk space: - / partition must have at least 3 GB free space. - /store partition must have at least 4 GB free space. - /var/log partition must have at least 500 MB free space. - /store/tmp partition must have at least 800 MB free space. Preparing to Upgrade You must complete the upgrade process on your STRM Console first and you must be able to access the STRM user interface on your desktop system before upgrading your secondary Console and other systems in your deployment.

Before You Upgrade 3 Any QFlow appliance with less than a 80 GB hard drive must use a fresh installation to use the latest software. For more information, see the STRM Installation Guide. STRM 2012.1r1 patch introduced a new flow communication protocol, changing the way components communicate. We recommend that you upgrade all systems in your deployment to STRM 2012.1r1 patch. However, if you do not upgrade systems in your deployment hosting off-site flow sources, additional configuration is required. For more information, see the Configuring Flow Forwarding From Pre-2012.1r1 Off-Site Flow Sources appendix in the STRM Administration Guide. If your deployment consists of a software-based (non-appliance) installation and you have questions concerning your deployment, contact Juniper Customer Support for assistance. For information on STRM appliances and hardware, see the STRM Hardware Installation Guide. You must upgrade your STRM systems in the following order: 1 Console 2 The following systems can be upgraded concurrently: Event Processors Event Collectors Flow Processors QFlow Collectors If you are upgrading STRM systems in an HA deployment, you must upgrade in the primary system before upgrading the associated secondary system. The primary host must be the active system in your deployment. If the secondary host displays active, the upgrade of the primary host to STRM 2012.1r1 patch cancels. For more information on system and license management, see the STRM Administration Guide. CAUTION Disk replication and failovers are disabled until the primary and secondary hosts synchronize and the needs upgrade or failed status is cleared from the secondary host. During the upgrade of any secondary host, the System and License Management screen changes the status of the secondary host to upgrading. After the upgrade of the secondary host is complete, you must restore the configuration of the secondary host. For more information on restoring a failed host, see the STRM Administration Guide. Upgrading to STRM 2012.1r1 This procedure applies if you are upgrading to STRM 2012.1r1, on your current system. If you are installing STRM 2012.1r1 as a fresh installation, see the STRM Installation Guide.

4 If you use Secure Shell (SSH) to upgrade your STRM system and your SSH session is disconnected while the installation is in progress, the upgrade process continues to install on your system. When you reopen your SSH session and rerun the installer, the installation does not restart. To install STRM 2012.1r1 using SSH or serial-based Console: Step 1 Step 2 Step 3 Step 4 Download the STRM2012.1.r1.301503.sfs from the Juniper Customer Support website. www.juniper.net/support/products/strm/ Using SSH, log in to your system as the root user. User name: root Password: <password> Copy the file to the /tmp directory. Unzip the file in the /tmp directory using the bunzip utility: bunzip2 STRM2012.1.r1.301503.sfs.bz2 If space in /tmp is limited, copy the file to another location with sufficient space. Step 5 Step 6 Step 7 Step 8 Create the /media/updates directory: mkdir -p /media/updates Change to the directory where you copied the file. cd <directory> For example, cd /tmp Type the following command to mount the file to the /media/updates directory: mount -o loop -t squashfs STRM2012.1.r1.301503.sfs /media/updates/ Type the following command to run the installer: /media/updates/installer If you have logged in through serial-based Console, run the following command to install the patch automatically: /media/updates/installer --no-screen The first time you use the installer script, expect a delay before the first installer menu is displayed. This delay only occurs the first time you use the installer script.

Clearing the Cache 5 Step 9 Using the installer, install on all systems in your deployment except secondary HA host(s). Install on systems in your deployment in the following order: 1 Console 2 Event ProcessorsEvent Collectors 3 Flow Processors 4 Flow Collectors Clearing the Cache If you have trouble accessing the STRM user interface after you upgrade to STRM 2012.1r1 patch, we recommend that you clear your Java cache. Before you clear the cache, ensure you have only one instance of your browser open. If you have multiple versions of your browser open, the cache fails to clear. The Java Runtime Environment must be installed on the desktop system you use to view STRM. You can download Java version 1.6.0_u24 at the following website: http://java.com/. Step 1 To clear your cache and access the STRM user interface: Clear your Java cache: a On your desktop, select Start > Control Panel. The Control Panel is displayed. b Double-click the Java icon. The Java Control Panel is displayed. If you are using Microsoft Windows 7 as your operating system, the Java icon is typically located under the Programs pane, depending on how your Control Panel is configured to display features. Step 2 c In the Temporary Internet Files pane, click View. The Java Cache Viewer is displayed. d Select all STRM Deployment Editor entries. e Click the Delete icon. f Click Close. g Click OK. Open your web browser.

6 Step 3 Clear the cache of your web browser: a b c If you are using Internet Explorer 7.0 or 8.0, select Tools > Delete Browsing History. If you are using Internet Explorer 9.0, click the gear icon in the right corner of the browser window, select Internet Options > General, and then click Delete in the Browsing History pane. If you are using Mozilla Firefox 3.6.x and above, select Tools > Clear Recent History > Clear Now. If you are using Mozilla Firefox, you must clear the cache in Internet Explorer and Mozilla Firefox. Step 4 Log in to STRM https://<ip Address> Where <IP Address> is the IP address of the STRM system. The default values are: Username: admin Password: <password> Where <password> is the password assigned to STRM during the STRM installation process. For more information on accessing and using STRM, see the STRM Users Guide or the STRM Administration Guide. After You Upgrade After you upgrade, make sure you have completed the following: Reconnect any off-site components using the deployment editor to maintain forwarded event and flow data between deployments. For more information on using the deployment editor, see the STRM Administration Guide. Connect your QFlow Collectors to the correct Event Collector using the deployment editor. For more information on using the deployment editor, see the STRMAdministration Guide. Update your DSMs, scanners, protocols and Juniper NSM plug-in to STRM 2012.1r1 versions. If your deployment includes DSMs or scanners installed using an.rpm file, the following error is displayed in the log files after you upgrade your system to STRM 2012.1r1 patch: ErrorStream ExecuteAutoUpdate-Deploy: Can't load '/opt/qradar/perl5libs/lib/site_perl/5.6.1/i686-linux-threadmulti/auto/xml/parser/expat/expat.so' for module XML::Parser ::Expat:/opt/qradar/perl5libs/lib/site_perl/5.6.1/i686-linuxthread-multi/auto/XML/Parser/Expat/Expat.so: wrong ELF class: ELFCLASS32 at/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /DynaLoader.pm line 230

After You Upgrade 7 This error does not affect the upgrade process or system functionality and can be ignored. For more information, go to the Juniper Customer Support website. Validate your system to determine if any of the following rules or reports are required. If any of the following reports are required for your system, you must enable the associated rule: Rules Required for Default Reports Rule Number Rule Description Report Name 1279 Compliance: Compliance Events Become Offenses 1296 System: Device Stopped Sending Events 1296 System: Device Stopped Sending Events 1296 System: Device Stopped Sending Events 1302 Vulnerabilities: Vulnerability Reported by Scanner 1346 Compliance: Excessive Failed Logins to Compliance IS PCI 10 - Audit of Data PCI 10 - Audit of Data (Weekly) PCI 10 - Audit of Data (Monthly) 1427 Authentication: Login Failure to Disabled Account 1428 Authentication: Login Failure to Expired Account 1553 Compliance: Multiple Failed Logins to a Compliance Asset 1559 Compliance: Traffic from Untrusted Network to Trusted Network 1560 Compliance: Traffic from DMZ to Internal Network 1562 Compliance: Configuration Change Made to Device in Compliance network 1564 Compliance: Auditing Services Changed on Compliance Host Weekly Login Failures to Disabled or Enabled Accounts Weekly Login Failures to Disabled or Enabled Accounts For more information on enabling rules or reports, see the STRM Administration Guide.

8

Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback