- Run the command below to check the latest available update version in the output file /tmp/contentInfo.
ssh to Super
su admin
content-update.sh check <running_siem_version> <running_content_update_version> -o /tmp/contentInfo
Example:
su admin
content-update.sh check 7.4.2 901 -o /tmp/contentInfo
Latest version: 904
- Remove old content update files if there are any:
rm -rvf /opt/phoenix/ContentUpgrade/*
- Install the latest content update:
su - admin
$ content-update.sh apply <running_siem_version> <running_content_update_version> --pkg /opt/phoenix/ContentUpgrade/fullContentPkg.tgz
Example: Updating from the current running content updates version 901:
su - admin
content-update.sh apply 7.4.2 901 --pkg /opt/phoenix/ContentUpgrade/fullContentPkg.tgz
5% Downloading data packages.
10% Downloading GeoDB packages.
20% Importing device types
30% Importing event types
40% Importing event attributes
50% Importing rules
60% Importing reports
70% Importing parsers
80% Importing dashboards
100% newContentVersion: 904; imported: deviceType,eventType,eventAttribute,rule,report,parser,dashboard
- Update the CMDB with the content version installed on the system:
psql -U phoenix -d phoenixdb -c "update ph_sys_conf set value='<lastest_content_update_version>' where property = 'Content_Update_Version';"
Update 1 should be seen as the output.
Example:
psql -U phoenix -d phoenixdb -c "update ph_sys_conf set value='904' where property = 'Content_Update_Version';"
- Remove the cache and restart the application server:
rm -rf /opt/phoenix/cache/content/
rm -rf /opt/glassfish/domains/domain1/generated/
rm -rf /opt/glassfish/domains/domain1/osgi-cache/
killall -9 java
- Once the GUI is available again, navigate to ADMIN -> Content Update and select the 'Check Now' button: output should be 'No available updates'.
Troubleshooting:
If the new content update does not show from the GUI:
Check the version from the backend:
psql -U phoenix phoenixdb -c "select property,value from ph_sys_conf where property ilike '%content%';"
property | value
--------------------------+---------------
Content_Update_Version | 901 <--- Old Version
Original_Content_Version | 901
Content_Last_Check | 1760997604743
(3 rows)
If it shows the old version:
- Check that the VERSION file is present on the server and that it contains the correct version:
ls -lrth /opt/phoenix/ContentUpgrade/
if not present, create it:
touch /opt/phoenix/ContentUpgrade/VERSION
check the VERSION content:
cat /opt/phoenix/ContentUpgrade/VERSION
- The output should show the installed version, in this case '904'.
If not, then add it manually to the file:
# cd /opt/phoenix/ContentUpgrade/
# vi VERSION
904
:wq!
Now update and check the version from the backend again:
psql -U phoenix phoenixdb -c "update ph_sys_conf set value=904 where property='Content_Update_Version';"
psql -U phoenix phoenixdb -c "select property,value from ph_sys_conf where property ilike '%content%';"
property | value
--------------------------+---------------
Content_Update_Version | 904 <---
Original_Content_Version | 901
Content_Last_Check | 1760997604743
(3 rows)
|
