Troubleshoot Engine Upgrades - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-05-12
Category
Administrator Guide
Abstract

Troubleshoot failed engine upgrades. Manually upgrade Cortex XSIAM engines.

During an upgrade, the upgrade file is sent to the engine server. A cron job running on the engine server checks if that file exists. The most common upgrade error is that the job is not running so the new installer does not run.

  1. SSH to the machine.

  2. Check the d1 service status on the engine server. It is possible that it stopped or doesn't exist.

    sudo systemctl status d1

  3. Access the installer log on the engine server and review the error.

    sudo vi /tmp/demisto_install.log

  4. Rerun the installer on the engine using one of the following options. You can open a second window and run watch df -h. If the problem seems to be disk space, you should resolve the disk space issue and then rerun the installer.

    1. Option 1

      1. Download the installer from the user interface and copy it to the engine.

      2. Add the following commands:

        sudo chmod +x installer.sh

        sudo ./installer.sh -- -y

    2. Option 2

      1. Verify that /usr/local/demisto/d1_upgrade.sh exists.

        sudo chmod +x /usr/local/demisto/d1_upgrade.sh

        sudo /usr/local/demisto/d1_upgrade.sh

      2. If d1_upgrade.sh does not exist, check if /usr/local/demisto/archived_d1_upgrade.sh exists and that it was created at the time of the attempted upgrade.

        If the file exists and was created at the time of the attempted upgrade, run the following on the engine server:

        sudo chmod +x /usr/local/demisto/d1_upgrade_archive.sh

        sudo /usr/local/demisto/d1_upgrade_archive.sh