In addition to external Elasticsearch nodes, Sentinel now includes an local Elasticsearch node by default for data visualization. Hence, you must install an Elasticsearch plug-in for the local Elasticsearch. For more information, see Installing the Elasticsearch Security Plug-In.
As the Elasticsearch and Kibana used in Sentinel are upgraded, you must redeploy all the Elasticsearch security plug-ins in the existing Elasticsearch nodes. For more information about redeploying Elasticsearch security plug-in, see Redeploying Elasticsearch Security Plug-In.
During the Sentinel upgrade, some of the Spark application files are also updated. You must re-submit the Spark applications with these updated files by performing the following steps:
Log in to the SSDM server as the novell user and copy the files to the Spark history server where HDFS NameNode is installed:
cd /etc/opt/novell/sentinel/scalablestore
scp SparkApp-*.jar avroevent-*.avsc avrorawdata-*.avsc spark.properties log4j.properties manage_spark_jobs.sh root@<hdfs_node>:<destination_directory>
where <destination_directory> is any directory where you want to place the copied files. Also, ensure that the hdfs user has full permissions to this directory.
Log in to the <hdfs_node> server as the root user and change the ownership of the copied files to hdfs user:
cd <destination_directory>
chown hdfs SparkApp-*.jar avroevent-*.avsc avrorawdata-*.avsc spark.properties log4j.properties manage_spark_jobs.sh
Assign executable permission to the manage_spark_jobs.sh script.
Ensure that the Spark jobs have completed processing all the data:
Go to YARN ResourceManager Web user interface and view each Sentinel Spark application. The Spark Streaming application data will show the input rate drop to zero when all data has been processed from Kafka.
Run the following command to stop data processing:
./manage_spark_jobs.sh stop
Clear the data processing checkpoint:
sudo -u hdfs hadoop fs -rm -R -skipTrash /spark/checkpoint
where /spark/checkpoint is the checkpoint directory.
Run the following script to re-submit the Spark jobs:
./manage_spark_jobs.sh start
The above command takes a while to complete the submit process.
(Optional) Run the following command to verify the status of the submitted Spark jobs:
./manage_spark_jobs.sh status
Resume event forwarding to Kafka for Spark to start processing events:
In Sentinel Main, click Storage > Scalable Storage > Advanced Configuration > Kafka.
Set the following property to false:
pause.events.tokafka
Click Save.
When you upgrade from SSDM 8.0.x.x, some of the Sentinel features added in Sentinel 8.1 and later are not available by default. You must manually enable those features in the /etc/opt/novell/sentinel/config/ui-configuration.properties file.
Log in to the Sentinel server as novell user.
Open the /etc/opt/novell/sentinel/config/ui-configuration.properties file.
Change the following properties to false:
alerts.hideUI solutionDesigner.launcher.hideUI correlation.hideUI scc.configurations.solutionPacks.hideUI people.hideUI permission.knowledgeBase.hideUI scc.menuBarItem.toolsMenu.hideUI scc.toolBarItem.peopleBrowser.hideUI integration.hideUI
Refresh the Sentinel browser.
You must update dashboards and visualizations after upgrading SSDM, so that the enhancements included in the latest version for dashboards and visualizations are applied.
When you upgrade SSDM, dashboards and visualizations are not updated by default. However, you can update them manually after the upgrade. You can update dashboards and visualizations by deleting the existing dashboards and visualizations and running the load_kibana_data.sh script, which installs latest dashboards and visualizations.
IMPORTANT:The customizations you might have done in dashboards and visualizations will be lost when you update dashboards and visualizations.
To update dashboards and visualizations:
Log in to the SSDM web interface and go to Event Visualization.
In Event Visualization, go to Settings > Objects > Dashboards.
Select the dashboards you want to update, and click Delete.
Click Visualizations. Select the visualizations you want to update, and click Delete.
Log out of the SSDM web interface.
Log in to the SSDM server as the novell user.
Go to the /opt/novell/sentinel/bin directory.
Run the load_kibana_data.sh using the following command:
./load_kibana_data.sh http://<ip address>:<port>> <alerts/events/misc>
For example:
./load_kibana_data.sh http://127.0.0.1:9200 alerts
./load_kibana_data.sh http://127.0.0.1:9200 events
Log in to the SSDM web interface and go to Event Visualization to view the updated dashboards and visualizations.