Plan Your Upgrade
As general rule all devices need to have 55GB free space before upgrading.
ELM, ELMREC and ENMELM do require 150GB free space each.
Virtual machines will need 55GB free space before upgrading.
Commonly yellow flags mean inactivity. May also indicate alarms to be sync'd or a Write action pending.
Red flags usually indicate more serious conditions and usually lead you to the System log.
Best practices is to be "flag free" so serious issues aren't obscured by a datasource inactivity.
Verify connectivity and assure all devices report status OK.
Clear all long running queries in ESM task managers.
Perform a status check from the GUI for every device, to ensure that key processes in the system are running.
Note the ports, source/target ip and protocols that need to be allowed by firewall rules.
*If you are upgrading from 10.x versions, it's imperative you check and understand the port requirements to assure a smooth upgrade process.
Not following the documentation may lead to a failing upgrade.
Upload files to ESM under ESM file maintenance by following the steps below.
- Got to System Properties > File Maintenance.
- At the top where it says Select File Type: choose Software Update Files.
- Click the Upload Button.
- Browse to the upgrade files.
Step 3*IMPORTANT NOTE:
- Make sure device status is OK before proceeding to the next device.
- Not following the documentation and performing the pre-upgrade requisites may lead to a failed upgrade.
|If upgrading from 10.x or lower, rekey all peripheral devices||System Properties -> ESM Management -> Key Management -> Regenerate SSH Button -> Yes and close to finish||This operation can take up to 30 min, it will display a message about the rekey being in process, it's completely normal and it can be ignored.|
|Write settings to the McAfee Event Receiver or ESM/Event Receiver combo||
||Once complete, you will see a ‘Write Successful’ message.|
|Write settings to the McAfee Advanced Correlation Engine (ACE)||
|Apply rules update||
||Select a Receiver. Open the Policy Editor. Rollout rules to all datasource. Repeat for each Receiver in the environment. See KB83046 for further reference.|
|Roll out policies||Policy Editor -> Rollout Icon -> The Rollout page appears -> Rollout policy to all devices now -> To schedule the rollout for later, click Edit.|
|ESM: Write out Cluster settings||System Properties -> Clustering -> Write Button -> Yes and close to finish||Message of Success on the operation is required to continue.|
|#1 Check Flags||
|#2 Dashboard Views||
|#3 Task Manager||
|#7 Further Resources|