Upgrading Software ESM

This section describes how to upgrade software ESM in compact mode and software ESM in distributed mode.

Notes:

For software ESM, running the upgrade in GUI mode is optional. To run the upgrade in GUI mode, install the X Windows system package for your operating system. Micro Focus recommends running the upgrade in console mode rather than GUI mode.
X Windows is not included in the operating system image provided on a G9 appliance. If you are upgrading ESM on an appliance, use console mode.
In GUI mode, if the upgrade program displays a dialog reporting an error or problem, click Quit to close the dialog. Micro Focus does not recommend using the X to close the dialog.

In both GUI mode and console mode, the upgrade process displays ongoing status updates with details about what it is doing. For example, Upgrading database, Updating startup scripts, or Completing installation.

ESM also generates status messages in /opt/arcsight/upgradelogs/suite_upgrade.log so that you can view the upgrade progress. If you are upgrading ESM in compact mode or on the persistor node in distributed correlation mode, typical log messages are as follows:

[2020-06-25 18:57:48.198 PDT] PROGRESS: "Storage Engine Upgrade" started. To go - Phase: 7.6 Total: 15.7 minutes estimate.

[2020-06-25 19:02:40.707 PDT] PROGRESS: "Storage Engine Upgrade" completed. 48% complete, about 7.6 minutes to go.

[2020-06-25 19:02:40.938 PDT] PROGRESS: "Start Storage Engine" started. To go - Phase: 2.3 Total: 6.9 minutes estimate.

[2020-06-25 19:05:28.819 PDT] PROGRESS: "Start Storage Engine" completed. 65% complete, about 5.4 minutes to go.

[2020-06-25 19:05:29.056 PDT] PROGRESS: "Manager Upgrade" started. To go - Phase: 1.1 Total: 5.1 minutes estimate.

[2020-06-25 19:07:47.330 PDT] PROGRESS: "Manager Upgrade" completed. 73% complete, about 4.4 minutes to go.

[2020-06-25 19:07:47.560 PDT] PROGRESS: "MySql TZ Upgrade" started. To go - Phase: 2.4 Total: 4.1 minutes estimate.

[2020-06-25 19:10:25.047 PDT] PROGRESS: "MySql TZ Upgrade" completed. 89% complete, about 1.8 minutes to go.

[2020-06-25 19:10:25.738 PDT] PROGRESS: "Start up Processes" started. To go - Phase: 1.7 Total: 1.7 minutes estimate.

[2020-06-25 19:13:31.777 PDT] PROGRESS: "Start up Processes" completed. 100% complete, about 0.0 minutes to go.

If you are upgrading a non-persistor node in distributed correlation mode, typical log messages are as follows:

[2020-06-25 18:04:01.960 PDT] PROGRESS: "Java Upgrade" started. To go - Phase: 0.4 Total: 2.1 minutes estimate.

[2020-06-25 18:04:08.166 PDT] PROGRESS: "Java Upgrade" completed. 17% complete, about 0.9 minutes to go.

[2020-06-25 18:04:08.400 PDT] PROGRESS: "Manager Upgrade" started. To go - Phase: 0.7 Total: 0.7 minutes estimate.

[2020-06-25 18:04:11.607 PDT] PROGRESS: "Manager Upgrade" completed. 100% complete, about 0.0 minutes to go.

Caution: Once you begin the upgrade, you cannot roll back to the previous version of ESM. The uninstallation link does not work with an upgrade. If you encounter errors, ensure that the system tables and log files are available and contact Technical Support. For more information about the items to have available, see Reporting Upgrade Issues.

Upgrading Software ESM in Compact Mode

This section describes how to upgrade software ESM in compact mode. To upgrade software ESM in distributed correlation mode, see Upgrading Software ESM in Distributed Correlation Mode.

To upgrade software ESM in compact mode:

As user arcsight, untar the ArcSightESMSuite-7.5.0.xxxx.0.tar file:
```
tar xvf ArcSightESMSuite-7.5.0.xxxx.0.tar
```
As user root, remove services before running the upgrade:
```
cd <untar_directory>/Tools
```
```
./stop_services.sh
```
If necessary, upgrade the operating system to a supported version.

For more information, see the Technical Requirements on the ESM documentation page.
Services restart after you complete the operating system upgrade and reboot the system. Verify that all services started and are available.
As user arcsight, run the upgrade:
```
cd <untar directory>
```
```
./ArcSightESMSuite.bin -i console
```
Before the upgrade process begins, the upgrade program checks that all upgrade requirements are met. If you encounter an error at this point, correct the error and run the upgrade again.

If you receive a Java (Manager) heap size error message, press Enter. You will need to change the Manager heap size to at least 16 GB after the upgrade. For information about changing the heap size, see Completing Pre-Upgrade Tasks.

The upgrade performs a pre-upgrade redundant-name check to ensure that your database does not contain duplicate resource names in the same group. If duplicate names exist, the upgrade program generates an error that causes the upgrade to halt. To resolve this error:
1. Check the /opt/arcsight/upgradelogs/runcheckdupnames.txt file to determine which duplicate names are causing the conflict.
2. Resolve duplicate names manually.
3. Run the upgrade again.
For assistance, contact Technical Support.

If the upgrade fails, check the /opt/arcsight/upgradelogs/suite_upgrade.log file to determine the point of failure. If your log file does not include the following line, correct the error that you find in the log file and run the upgrade again:

Pre-upgrade tasks completed successfully.

If the upgrade fails at any point after the pre-upgrade checks, contact Technical Support and send all files in the following directories:

/opt/arcsight/upgradelogs/

/opt/arcsight/logger/current/arcsight/logger/logs/

/opt/arcsight/var/logs/misc/upgrade/
Review the information that is provided about the estimated duration of the upgrade and confirm that you want to upgrade your existing ESM installation.

The upgrade program provides the estimated duration by upgrade phase and also provides a total estimated duration. The phases are the same as those that are logged in /opt/arcsight/upgradelogs/suite_upgrade.log. If you determine that this is not a convenient time based on the estimated duration, you have the opportunity to cancel the upgrade.
Review the information that is provided about overwriting customized content and choose whether to continue the upgrade.

If you have customized content that you need to back up, see Backing Up Resources Before Upgrading.
Specify where to create the link for the installation.
Review the settings, select Install, and then press Enter.
After the upgrade is complete, as user root, run the following script to set up the ArcSight services:
```
/opt/arcsight/manager/bin/setup_services.sh
```

After you run the script to set up the ArcSight services, verify that the upgrade was successful and then complete the applicable post-upgrade tasks. For more information, see Verifying Successful Upgrade and Completing Post-Upgrade Tasks.

After the upgrade completes, ESM starts a process in the background to build case histories into a database table. The case histories are used to display information in the ArcSight Platform. ESM continues to function normally while it builds the case histories. The time to complete building the case histories depends on the volume of cases in the system. To determine whether building of the case histories was successful, check /opt/arcsight/var/logs/misc/casehistorybuilder.log. While ESM is building the cases histories, do not shut down ESM. If you need to shut down the Manager before case history building is complete, after you restart the Manager, run /opt/arcsight/manager/bin/arcsight buildcasehistory to restart the process.

After you complete post-upgrade tasks, upgrade the ArcSight Console and Smart Connectors. For more information, see Upgrading the ArcSight Console and Smart Connectors.

Upgrading Software ESM in Distributed Correlation Mode

This section describes how to upgrade software ESM in distributed correlation mode. To upgrade software ESM in compact mode, see Upgrading Software ESM in Compact Mode

To upgrade software ESM in distributed correlation mode:

Note: If you are upgrading ESM in distributed correlation mode and the cluster is also part of an Active Passive High Availability environment, see the Active Passive High Availability Module User's Guide for information about performing the upgrade.

On the persistor node, untar the ArcSightESMSuite-7.5.0.xxxx.0.tar file:
```
tar xvf ArcSightESMSuite-7.5.0.xxxx.0.tar
```
On the persistor node, as user root, remove services before running the upgrade:
```
cd <untar_directory>/Tools
```
```
./stop_services.sh
```
On each node except the persistor node, complete the following steps:
1. As user arcsight, untar the ArcSightESMSuite-7.5.0.xxxx.0.tar file:
```
tar xvf ArcSightESMSuite-7.5.0.xxxx.0.tar
```
2. As user root, remove services before running the upgrade:
```
cd <untar_directory>/Tools
```
```
./stop_services.sh
```
3. If necessary, upgrade the operating system to a supported version.
  
  For more information, see the Technical Requirements on the ESM documentation page.
4. As user arcsight, run the upgrade:
  cd <untar directory>
```
./ArcSightESMSuite.bin -i console
```
5. After the upgrade is complete, as user root, run the following script on each cluster node to set up the ArcSight services:
```
/opt/arcsight/manager/bin/setup_services.sh
```
On the persistor node, complete the following steps:
1. If necessary, upgrade the operating system to a supported version.
  
  For more information, see the Technical Requirements on the ESM documentation page.
2. As user arcsight, run the upgrade:
```
cd <untar directory>
```
```
./ArcSightESMSuite.bin -i console
```
3. Review the information that is provided about the estimated duration of the upgrade and confirm that you want to upgrade your existing ESM installation.
  
  The upgrade program provides the estimated duration by upgrade phase and also provides a total estimated duration. The phases are the same as those that are logged in /opt/arcsight/upgradelogs/suite_upgrade.log. If you determine that this is not a convenient time based on the estimated duration, you have the opportunity to cancel the upgrade.
  
  Note: The estimated duration is provided only on the persistor node. It is not provided on non-persistor nodes.
4. Review the information that is provided about overwriting customized content and choose whether to continue the upgrade.
  
  If you have customized content that you need to back up, see Backing Up Resources Before Upgrading.
  
  Note: The overwrite message is provided only on the persistor node. It is not provided on non-persistor nodes.
5. After the upgrade is complete, as user root, run the following script on each cluster node to set up the ArcSight services:
```
/opt/arcsight/manager/bin/setup_services.sh
```
6. As user arcsight, start all services:
```
/etc/init.d/arcsight_services start all
```

After the upgrade completes, ESM starts a process in the background on the persistor node to build case histories into a database table. The case histories are used to display information in the ArcSight Platform. ESM continues to function normally while it builds the case histories. The time to complete building the case histories depends on the volume of cases in the system. To determine whether building of the case histories was successful, check /opt/arcsight/var/logs/misc/casehistorybuilder.log. While ESM is building the cases histories, do not shut down ESM. If you need to shut down the Manager before case history building is complete, after you restart the Manager, run /opt/arcsight/manager/bin/arcsight buildcasehistory to restart the process.

After you complete post-upgrade tasks, upgrade the ArcSight Console and Smart Connectors. For more information, see Upgrading the ArcSight Console and Smart Connectors.