Can you please share your experience with upgrading to 10.6
was it smooth?
is it worth it to upgrade?
As long as you follow the upgrade instructions it will go well. As far as being worth it? There are so many new additions to 10.6, well worth the upgrade.
You will LOVE the new context hub.
I would also add that the Behavioral Analytics capability that was added to the ESA system is a big addition in the area of automated detection.
A summary of the highlights of the release are:
Behavior Detection - Covert Channels, Lateral Movement Detection, Investigation Enrichment, Log Parsing Toolkit (ESI), Selective Retention of Logs, ESA Rule Builder Enhancements, Streamlined Upgrades & Installs, Query PerformanceEnhancements
If you want to see a demo of some of the highlights of 10.6, check out this video (the product demo portion is embedded in the overall event):
I just went from 10.5.1 to 10.6 on Tuesday and the experience was great, no issues at all. Follow all the instructions and take proper backups and you should be fine. Honestly, the best part for me right now is the ability to search so quickly now. I can search 1.6 billion events for one word and get an accurate return in about 30 seconds on plain text.
we faced problems with windows legacy collectors,
after the upgrade, WLC is working, however on SA server we cannot see the status of the WLC,
below is a log taken from sa.log
received error: Message get was not recognized by /sys/stats
Di you also upgrade the WLC as per Upgrade List.
yes from 10.5.1.2 to 10.6.0.2
Upgraded from 10.5.2 to 10.6.0.1, and it went well.
I perform upgrade from 10.5.2.0 to 10.6.0.1 for one of my client, but didn't face any issue except Log Hybrid Upgrade. But it is resolved with OLD SCHOOL method.
Below is the error screen shot...
In case if you got this error, you can do the upgrade from CLI.
So, what I did to resolve this issue :
# yum clean all
#yum update -y
Looks like old school rite !!
Once you done and able to see "Completed !!", on GUI it will ask you to reboot it. Please reboot the appliance from GUI only to avoid any further issue.
Retrieving data ...