Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Release Notes 11.4.1.3: Upgrade Tasks

Document created by RSA Information Design and Development Employee on Oct 14, 2020
Version 1Show Document
  • View in full screen mode
 

Note: Before upgrading the hosts make sure that the time on each host is synchronized with the time on the NetWitness Server.
To synchronize the time do one of the following:
- Configure the NTP Server. For more information, see "Configure NTP Servers" in the System Configuration Guide.
- Run the following commands on each hosts:
1. SSH to NW host.
2. Run the following commands.
systemctl stop ntpd
ntpdate nw-node-zero
systemctl start ntpd

Task 1: Upgrade External Repository

Note: Perform the below steps only if you are using an external repository for 11.4.1.3.

To upgrade the external repository which is an externally managed server, do the following:

  1. Upgrade the external repository with the latest upgrade content for the RSA netwitness-11.4.1.3.zip.
    The following is the structure after upgrading the external repository:

Task 2: Disable Decoder Services

Before upgrading to 11.4.1.3, you must disable Capture AutoStart on Network Decoder and Network Hybrid Services.

To disable Capture Autostart:

  1. Go to ADMIN > Services.
    The Administration Services view is displayed.
  1. Select a Network Decoder or Network Hybrid service and select > View > Config.
    The services config view for the selected Network Decoder or Network Hybrid is displayed.
  1. In the Decoder Configuration panel, deselect the Capture Autostart and click Apply.

Task 3: Upgrade the Patch

You can choose one of the following upgrade methods based on your internet connectivity.

Upgrade Options

Option 1: Online Method (Connectivity to Live Services): Upgrade Using NetWitness Platform User Interface

You can use this method if the NetWitness Server is connected to Live Services and can obtain the package.

Note: If the NetWitness Server does not have access to Live Services, use Option 2: Offline Method (No connectivity to Live Services): Upgrade using the Command Line Interface . or use Option 3: Offline Method (No connectivity to Live Services): Upgrade using the NetWitness Platform User Interface

Prerequisites

Make sure that:

  1. The “Automatically download information about new upgrades every day” option is checked and is applied in ADMIN > System > Upgrades.
  2. Go to ADMIN > Hosts > Update > Check for Updates to check for upgrades. The Host page displays the Update Available status.
  3. 11.4.1.3 is available under “Update Version” column.

Note: If you have custom certifictes, move any custom certificates from /etc/pki/nw/trust/import/ directory to /root/cert. Follow these steps to move the certificates:
1.) mkdir /root/cert.
2.) mv /etc/pki/nw/trust/import/* /root/cert.

Procedure

  1. Go to ADMIN > Hosts.
  2. Select the NetWitness Server (nw-server) host.
  3. Check for the latest updates.

  4. Update Available is displayed in the Status column if you have a version upgrade in your Local Update Repository for the selected host.
  5.  Select 11.4.1.3 from the Update Version column.
    If you:
    • Want to view a dialog with the major features in the upgrade and information on the upgrades click the information icon () to the right of the update version number.
    • Cannot find the version you want, select Update > Check for Updates to check the repository for any available upgrades. If an upgrade is available, the message "New updates are available" is displayed and the Status column upgrades automatically to show Update Available. By default, only supported upgrades for the selected host are displayed.
  6. Click Update > Update Host from the toolbar.
  7. Click Begin Update.
  8. Click the Reboot Host when prompted.
  9. Repeat steps 6 to 8 for other hosts.

Note: You can select multiple hosts to upgrade at the same time only after upgrading and rebooting the NetWitness Admin server. All ESA, Endpoint, and Malware Analysis hosts should be upgraded to the same version as that of NW Admin Server.

Note: Not all components have been changed for 11.4.1.3, so after you perform the upgrade steps, it is normal to see some components with different version numbers. For a list of the components that were upgraded for this release, see Build Numbers.

Option 2: Offline Method (No connectivity to Live Services): Upgrade using the Command Line Interface

You can use this method if the NetWitness Server is not connected to Live Services.

Note: Alternatively, you can upgrade using the Option 3: Offline Method (No connectivity to Live Services): Upgrade using the NetWitness Platform User Interface

Download the 11.4.1.3 Patch

 

Download the RSA NetWitness Platform 11.4.1.3 Upgrade Pack file, which contain all the NetWitness Platform 11.4.1.3 upgrade files, from the RSA Link https://community.rsa.com/community/products/netwitness/114/downloads to a local directory.
netwitness-11.4.1.3.zip

                               
Upgrading fromDownload and Stage file
11.3.x.xnetwitness-11.4.0.0.zip, netwitness-11.4.1.0.zip, netwitness-11.4.1.1.zip,  netwitness-11.4.1.2.zip, and netwitness-11.4.1.3.zip

11.4.0.x

netwitness-11.4.1.0.zip, netwitness-11.4.1.1.zip, netwitness-11.4.1.2.zip, and netwitness-11.4.1.3.zip
11.4.1.0netwitness-11.4.1.1.zip, netwitness-11.4.1.2.zip, and netwitness-11.4.1.3.zip
11.4.1.1netwitness-11.4.1.2.zip and netwitness-11.4.1.3.zip
11.4.1.2netwitness-11.4.1.3.zip
 

Note: If you are using external repository, you can upgrade the external repository with the latest upgrade content. For more information see, Task 1: Upgrade External Repository.

Procedure

You need to perform the upgrade steps for NW Admin servers and for component servers.

Note: If you copy paste the commands from PDF to Linux SSH terminal, the characters do not work. It is recommended to type the commands.

  • If you are upgrading from  11.3.x.x to 11.4.1.3, you must stage 11.4.0.0, 11.4.1.0, 11.4.1.1, 11.4.1.2, and 11.4.1.3. Log into the /root directory of the Admin NetWitness Server and create the following directories:
    /tmp/upgrade/11.4.0.0
    /tmp/upgrade/11.4.1.0
    /tmp/upgrade/11.4.1.1
    /tmp/upgrade/11.4.1.2
    /tmp/upgrade/11.4.1.3
    and then copy the package zip files to the /root directory of the Admin server and extract the package files from /root to the appropriate directories:
    unzip netwitness-11.4.0.0.zip -d /tmp/upgrade/11.4.0.0
    unzip netwitness-11.4.1.0.zip -d /tmp/upgrade/11.4.1.0
    unzip netwitness-11.4.1.1.zip -d /tmp/upgrade/11.4.1.1
    unzip netwitness-11.4.1.2.zip -d /tmp/upgrade/11.4.1.2
    unzip netwitness-11.4.1.3.zip -d /tmp/upgrade/11.4.1.3
  • If you are upgrading from 11.4.0.x to 11.4.1.3, you must stage 11.4.1.0, 11.4.1.1, 11.4.1.2, and 11.4.1.3. Log into the /root directory of the Admin NetWitness Server and create the following directories:
    /tmp/upgrade/11.4.1.0
    /tmp/upgrade/11.4.1.1
    /tmp/upgrade/11.4.1.2
    /tmp/upgrade/11.4.1.3
    and then copy the package zip files to the /root directory of the Admin server and extract the package files from /root to the appropriate directories:
    unzip netwitness-11.4.1.0.zip -d /tmp/upgrade/11.4.1.0
    unzip netwitness-11.4.1.1.zip -d /tmp/upgrade/11.4.1.1
    unzip netwitness-11.4.1.2.zip -d /tmp/upgrade/11.4.1.2
    unzip netwitness-11.4.1.3.zip -d /tmp/upgrade/11.4.1.3
  • If you are upgrading from 11.4.1.0 to 11.4.1.3, you only need to stage 11.4.1.1, 11.4.1.2, and 11.4.1.3. Log into the /root directory of the Admin NetWitness Server and create the following directory:
    /tmp/upgrade/11.4.1.1
    /tmp/upgrade/11.4.1.2
    /tmp/upgrade/11.4.1.3
    and then copy the package zip files to the /root directory of the Admin server and extract the package files from /root to the appropriate directories:
    unzip netwitness-11.4.1.1.zip -d /tmp/upgrade/11.4.1.1
    unzip netwitness-11.4.1.2.zip -d /tmp/upgrade/11.4.1.2
    unzip netwitness-11.4.1.3-zip -d /tmp/upgrade/11.4.1.3
  • If you are upgrading from 11.4.1.1 to 11.4.1.3, you only need to stage 11.4.1.2 and 11.4.1.3. Log into the /root directory of the Admin NetWitness Server and create the following directory:
    /tmp/upgrade/11.4.1.2
    /tmp/upgrade/11.4.1.3
    and then copy the package zip files to the /root directory of the Admin server and extract the package files from /root to the appropriate directories:
    unzip netwitness-11.4.1.2.zip -d /tmp/upgrade/11.4.1.2
    unzip netwitness-11.4.1.3.zip -d /tmp/upgrade/11.4.1.3
  • If you are upgrading from 11.4.1.2 to 11.4.1.3, you only need to stage 11.4.1.3. Log into the /root to the directory of the Admin NetWitness Server and create the following directory:
    /tmp/upgrade/11.4.1.3
    and then copy the package zip files to the /root directory of the Admin server and extract the package files from /root to the appropriate directory:
    unzip netwitness-11.4.1.3.zip -d /tmp/upgrade/11.4.1.3

Note: If you copied the .zip file to the created staging directory to unzip, make sure that you delete the initial .zip file that you copied to the staging location after you extract it.

  1. Initialize the upgrade, using the following command:
    upgrade-cli-client –-init --version 11.4.1.3 --stage-dir /tmp/upgrade
  2. Upgrade Netwitness Server, using the following command:
    upgrade-cli-client –-upgrade --host-addr <IP of Netwitness Server> --version 11.4.1.3
  3. When the component host upgrade is successful, reboot the host from NetWitness UI.
  4. Repeat steps 2 and 3 for each component host, changing the IP address to the component host which is being upgraded.

Note: You can check versions of all the hosts, using the command upgrade-cli-client --list on the NetWitness Server. If you want to view the help content of upgrade-cli-client, use the command upgrade-cli-client --help.

Note: If the following error displays during the upgrade process:
2017-11-02 20:13:26.580 ERROR 7994 — [ 127.0.0.1:5671] o.s.a.r.c.CachingConnectionFactory : Channel shutdown: connection error; protocol method: #method<connection.close>(reply-code=320, reply-text=CONNECTION_FORCED - broker forced connection closure with reason 'shutdown', class-id=0, method-id=0)
the patch will install correctly. No action is required. If you encounter additional errors when upgrading a host to a new version, contact Getting Help with NetWitness Platform.

External Repo Instructions for CLI Upgrade

Note: The external repo should have separate directories for 11.4.0.0, 11.4.1.0, 11.4.1.1, 11.4.1.2, and 11.4.1.3, as described in Option 2: Offline Method (No connectivity to Live Services): Upgrade using the Command Line Interface .

  1. Stage 11.4.1.3 by creating a directory on the NetWitness Server at /tmp/upgrade/11.4.1.3 and extract the zip package.
    unzip netwitness-11.4.1.3.zip -d /tmp/upgrade/11.4.1.3

    Note: If you copied the .zip file to the created staging directory to unzip, make sure that you delete the initial .zip file that you copied to the staging location after you extract it.

  1. Initialize the upgrade, using the following command:
    upgrade-cli-client –-init --version 11.4.1.3--stage-dir /tmp/upgrade
  2. Upgrade Netwitness Server, using the following command:
    upgrade-cli-client –-upgrade --host-addr <IP of Netwitness Server> --version 11.4.1.3
  3. When the component host upgrade is successful, reboot the host from NetWitness UI.
  4. Repeat steps 3 and 4 for each component host, changing the IP address to the component host which is being upgraded.

Note: You can check versions of all the hosts, using the command upgrade-cli-client --list on NetWitness Server. If you want to view the help content of upgrade-cli-client, use the command upgrade-cli-client --help.

Note: If the following error displays during the upgrade process:
2017-11-02 20:13:26.580 ERROR 7994 — [ 127.0.0.1:5671] o.s.a.r.c.CachingConnectionFactory : Channel shutdown: connection error; protocol method: #method<connection.close>(reply-code=320, reply-text=CONNECTION_FORCED - broker forced connection closure with reason 'shutdown', class-id=0, method-id=0)
the patch will install correctly. No action is required. If you encounter additional errors when upgrading a host to a new version, contact Contacting Customer Care.

Option 3: Offline Method (No connectivity to Live Services): Upgrade using the NetWitness Platform User Interface

Follow the instructions in Release Notes 11.4.1.3: Appendix A. Offline Method (No connectivity to Live Services): Upgrade using the NetWitness Platform User Interface.

Post-Upgrade Tasks

This topic is divided into two sections, based on the version that you are upgrading from:

Post Upgrade Tasks for Customers Upgrading from version 11.4.1.x

Post Upgrade Tasks for Customers Upgrading from version  11.3.x.x or 11.4.0.x

Post Upgrade Tasks for Customers Upgrading from version 11.4.1.x

Task 1 - Upgrade HIVE version

Note: If you already installed customized HIVE RPMs in 11.2.1 or later, you can skip this task

After you upgrade to 11.4.1.3, you need to upgrade the HIVE version that is compatible with Warehouse. To install the latest HIVE version, run the following commands on the NetWitness admin server and restart the Reporting Engine service. Download the latest HIVE RPMs from https://community.rsa.com/docs/DOC-109473.

  1. To install HIVE 0.12 version, run the following command:

    rpm -ivh rsa-nw-hive-jdbc-0.12.0-1.x86_64.rpm

  2. To Install HIVE 1.0 version, run the following command:

    rpm -ivh rsa-nw-hive-jdbc-1.0.0-1.x86_64

Task 2 (Optional) - Move the custom certificates

Move the custom certificatess from external directory to /etc/pki/nw/trust/import directory.

Task 3 - Enable Decoder Services

After you upgrade to 11.4.1.3, you must enable Capture AutoStart on Network Decoder and Network Hybrid Services.

To enable the Capture Autostart field:

  1. Go to ADMIN > Services.

    The Administration Services view is displayed.

  2. Select a Network Decoder or Network Hybrid service and select > View > Config.

    The services Config view for the selected Network Decoder or Network Hybrid is displayed.

  3. In the Decoder Configuration panel, select the Capture Autostart field and click Apply.

Post Upgrade Tasks for Customers Upgrading from version  11.3.x.x or 11.4.0.x

Perform all the post upgrade tasks mentioned in Upgrade Guide for RSA NetWitness Platform 11.4.1.0.

Previous Topic:Contact Customer Care
Next Topic:Build Numbers
You are here
Table of Contents > Upgrade Tasks and Options

Attachments

    Outcomes