Technical Tip: How to apply a content update manually through the CLI

1. Run the command below to check the latest available update version in the output file /tmp/contentInfo.

ssh to Super

su admin

content-update.sh check <running_siem_version> <running_content_update_version> -o /tmp/contentInfo

Example:
      

su admin
content-update.sh check 7.4.2 904 -o /tmp/contentInfo
Latest version: 906

2. Remove old content update files if there are any:

rm -rvf /opt/phoenix/ContentUpgrade/*

3. Install the latest content update:

su - admin
$ content-update.sh apply <running_siem_version> <running_content_update_version> --pkg /opt/phoenix/ContentUpgrade/fullContentPkg.tgz

Example: FortiSIEM version 7.4.2 in version 904, updating from the current running content update version 904:

su - admin

content-update.sh apply 7.4.2 904 --pkg /opt/phoenix/ContentUpgrade/fullContentPkg.tgz
5% Downloading data packages.
10% Downloading GeoDB packages.
20% Importing device types
30% Importing event types
40% Importing event attributes
50% Importing rules
60% Importing reports
70% Importing parsers
80% Importing dashboards
100% newContentVersion: 906; imported: deviceType,eventType,eventAttribute,rule,report,parser,dashboard

4. Update the CMDB with the content version installed on the system:

psql -U phoenix -d phoenixdb -c "update ph_sys_conf set value='<lastest_content_update_version>' where property = 'Content_Update_Version';"

Update 1 should be seen as the output below.

Example: 

psql -U phoenix -d phoenixdb -c "update ph_sys_conf set value='906' where property = 'Content_Update_Version';" 

UPDATE 1

5. Once the GUI is available again, navigate to ADMIN -> Content Update and select the 'Check Now' button: output should be 'No available updates'.

Troubleshooting:

If the new content update does not show from the GUI:

Check the version from the backend:

psql -U phoenix phoenixdb -c "select property,value from ph_sys_conf where property ilike '%content%';"

property | value
--------------------------+---------------
Content_Update_Version | 904 <----- Old version.
Original_Content_Version | 904  
Content_Last_Check | 1760997604743
(3 rows)

If it shows the old version:

• Check that the VERSION file is present on the server and that it contains the correct version:

ls -lrth /opt/phoenix/ContentUpgrade/

if not present, create it:

touch /opt/phoenix/ContentUpgrade/VERSION

check the VERSION content:

cat /opt/phoenix/ContentUpgrade/VERSION

• The output should show the installed version. In this case, it is '906'.
  

If not, then add it manually to the file:

cd /opt/phoenix/ContentUpgrade/
vi VERSION
 906
:wq!

Now update and check the version from the backend again:

psql -U phoenix phoenixdb -c "update ph_sys_conf set value=906 where property='Content_Update_Version';"

psql -U phoenix phoenixdb -c "select property,value from ph_sys_conf where property ilike '%content%';"
property | value
--------------------------+---------------
Content_Update_Version | 906 <----- New updated version.
Original_Content_Version | 904 
Content_Last_Check | 1760997604743
(3 rows)