Uninstalling and Restarting the Installation Program

This chapter describes how to uninstall ESM (if needed) and run the installation program and configuration wizard again.

Uninstalling ESM

This section describes how to uninstall ESM in compact mode and in distributed correlation mode.

If you are uninstalling ESM in distributed correlation mode, start with the persistor node. After you successfully uninstall the persistor node, uninstall the remaining nodes.

Note: If you are not uninstalling the persistor node, first run the mbussetup utility to stop and delete message bus data and message bus control instances from the cluster. Also, run other setup utilities to delete other services from the node. Only run remove_services.sh after you run the setup utilities.

To uninstall ESM in compact mode:

As user root, run the following command:

/opt/arcsight/manager/bin/remove_services.sh

As user arcsight, shut down any ArcSight processes that are still running:
1. Check for running ArcSight processes:
```
ps -elf | grep "/opt/arcsight"
```
2. Shut down any running processes:
```
kill -9 <process_id_number>
```
Run the uninstallation program from either the directory where you created the links during installation or, if you did not create links, from the /opt/arcsight/suite/UninstallerData directory:
```
./Uninstall_ArcSight_ESM_Suite_7.8.0
```
Verify that the /tmp and /opt/arcsight directories do not contain ESM-related files. If the directories do contain ESM-related files, remove them:

As user arcsight, kill all ArcSight processes.
Delete remaining ESM-related directories and files from /opt/arcsight/ and /tmp.
Delete any links that were created during installation.

To uninstall ESM in distributed correlation mode:

On the persistor node, as user root, run the following script to remove services:
```
/opt/arcsight/manager/bin/remove_services.sh
```
As user arcsight, shut down any ArcSight processes that are still running:
1. Check for running ArcSight processes:
```
ps -elf | grep "/opt/arcsight"
```
2. Shut down any running processes:
```
kill -9 <process_id_number>
```
Run the uninstallation program from either the directory where you created the links during installation or, if you did not create links, from the /opt/arcsight/suite/UninstallerData directory:
```
./Uninstall_ArcSight_ESM_Suite_7.8.0
```
Verify that the /tmp and /opt/arcsight directories do not contain ESM-related files. If the directories do contain ESM-related files, remove them:
1. As user arcsight, kill all ArcSight processes.
2. Delete remaining ESM-related directories and files from /opt/arcsight/ and /tmp.
3. Delete any links that were created during installation.
After you uninstall ESM from the persistor node, repeat the process on the remaining nodes. Ensure that you run remove_services.sh script on each remaining node.

Re-running the Installation File

For software ESM, if the installation is interrupted, you can re-run the installation file at any time before you reach the File Delivery Complete screen.

To re-run the installation file:

Remove all install.dir.xxxx directories from the /tmp directory.
Remove all directories and files from the /opt/arcsight directory.
Run ./ArcSightESMSuite.bin again.

Re-running the ESM Configuration Wizard

You can re-run the wizard manually only if you exit it before the actual configuration begins.

To re-run the configuration wizard:

Run the following command:

rm /opt/arcsight/manager/config/fbwizard*

To run the First Boot Wizard, run the following command from the /opt/arcsight/manager/bin directory as user arcsight:

In GUI mode:
```
./arcsight firstbootsetup -boxster -soft
```
In console mode:
```
./arcsight firstbootsetup -boxster -soft -i console
```
If you are running the First Boot Wizard in console mode, ensure that X-Window is not running.

If you encounter a failure during the configuration stage, uninstall and reinstall ESM. On an appliance, restore the appliance to the factory settings and start over. For more information, see Restore Appliance Factory Settings.