We improved the upgrade and update procedure related to the Elastic Agent, fixing an issue for which external Elastic Agents would disconnect from Fleet if they were connecting through a hostname different from NetEyes’s FQDN.
Moreover, we solve potential problems during the upgrade that would have occurred in case of already present outdated integrations or in case of a large number of policies.
Manual required steps
If you have not already upgraded to NetEye 4.33
You are good to go, the upgrade procedure will take care of all the required steps.
If you have already upgraded to NetEye 4.33
To ensure a clean and compliant environment please apply the following procedure before performing the update:
- Access
Fleetfrom Kibana’s menu and remove the previously created policiesNetEye Operative NodesandNetEye Single Purpose Nodes. Please note that if there are Elastic Agents associated to them, these need to be unenrolled. Do not worry, they will be enrolled back automatically by the update procedure!
To un-enroll the agents, please apply the following procedure:- Access
Fleetfrom Kibana’s menu - Select all the agents enrolled in one of the previously mentioned policies
- Click on
Actions->Unenroll X agents->Remove agent immediately->Unenroll
- Access
- Always from
Fleet, access theSettingsand remove all NetEye related outputs and Fleet Hosts. Please note that if they are marked as default they cannot be removed, so we advise to create a new item, marking that as default and delete then the one belonging to NetEye.
At this point, it is possible to update the packages, following the standard NetEye Update procedure.
Please note that these steps are required only for this particular update, due to necessary changes in some objects ID, while future updates and upgrades would not be impacted by this in any mean.
Updated packages
For NetEye 4.33 we updated the following packages:
elastic-agent,elastic-agent-neteye-config,elastic-agent-autosetup,elastic-stack-configurator,elasticsearch,elasticsearch-autosetup,elasticsearch-neteye-config,elasticsearch-xpack-license,filebeat,filebeat-autosetup,filebeat-neteye-config,kibana,kibana-autosetup,kibana-neteye-config,logstash,logstash-autosetup,logstash-neteye-config,logstash-neteye-config-autosetupto version8.10.2_neteye3.57.2-1
Davide Sbetti
Hi! I'm Davide and I'm a Software Developer with the R&D Team in the "IT System & Service Management Solutions" group here at Würth Phoenix. IT has been a passion for me ever since I was a child, and so the direction of my studies was...never in any doubt! Lately, my interests have focused in particular on data science techniques and the training of machine learning models.
Author
Latest posts by Davide Sbetti
20. 12. 2024
Automation, Development, NetEye
When Less is More: NetEye Update and Upgrade Checkpoints
06. 11. 2024
AI, Log-SIEM, Machine Learning, NetEye
The New NetEye User Guide Search: From POC to Production