Before you begin
Make sure you have the following:
• Administrator rights to the Manager server.
• Manager database name, user name, and password.
When you upgrade to the latest 8.2 Manager, if there are 1 million or more alerts or host events in your current Manager setup, you are prompted to run two SQL scripts as described in this section. These scripts convert those alerts to the new Manager database schema for version 8.2. If it is an upgrade from 7.1 or 7.5 to 8.2 only, you must run a script for Apache Solr after you run the two SQL scripts.
Make sure that you run the three scripts soon after the Manager upgrade is complete. McAfee recommends that you select a relatively idle time to run the scripts to minimize the impact on performance.
How to Upgrade the Manager?
When Manager 8.2 starts, all new alerts come into the 8.2 schema tables. Your original alerts and packet logs are still there in the database with a ' tmp_' prefixed to them. You cannot access these old alerts and packet logs until they are manually converted to the new schema and merged back in. This is accomplished by running the following two scripts:
1 Alertproc_offline_1.sql: When you trigger this script, it runs in the background while the newly upgraded Manager is up and running. You do not need to stop the Manager service when running this script. It takes about an hour per every 4-8GB of the original alert and packetlog tables. For example, for a Manager database of 25 GB, it could take between 3–7 hours.
The time taken for alertproc_offline_1.sql to complete depends on the Manager RAM, hard disk speed, the activities on the Manager database, number of users logged on to the Manager, reports being generated currently, alerts from the Sensors, maintenance tasks, and so on.
The quick and easy way to estimate the time needed for this script is to look at the size of the mysql\data\lf directory. Once started, it runs and only returns the MySQL command prompt after it completes.
After you trigger this script, do not close the window even if you do not see the MySQL command prompt. This process might take some time but completes eventually.
2 Alertproc_offline_2.sql: Run this script when the MySQL command prompt returns after the first script. You must stop the Manager service to run this script. However, this script takes only a few minutes to complete. This script takes the now-converted original alerts and the alerts that came in while the first script was running and merges them together. It does this by renaming the active tables and then renaming the original tables back to what they had been. The script then merges the new alerts into the converted alert tables.
The merging is because the original tables are large and the new ones are small. It is much faster to merge the small table into the large one. The assumption is that the alert and packetlog tables for the alerts that come into the Manager while the first script was running are much smaller than the tables with the converted alerts. So we merge the smaller table into the larger, which makes it complete the task much faster. When the second script completes, restart the Manager service.
Run alertproc_offline_1.sql and alertproc_offline_2.sql only if prompted to do so. The system prompts you only when there are 1 million or more, alerts or host events, in the Manager database. If you run these scripts when not prompted, you receive SQL errors. In this case, contact McAfee Technical Support with the details of the message. If you do not run these scripts when prompted, you will not be able to view the alerts in the Threat Analyzer.
Task
1 After a successful upgrade of the Manager to 8.2, check that it is up, Sensors are connected, and alerts are generated.
2 Log on to the Manager server with administrator rights.
3 To run the scripts easily and successfully, it is recommended that you copy the scripts to the MySQL \bin directory and run the scripts from this location.
Follow these steps to copy the scripts to the MySQL\bin folder.
a Go to <Manager install directory>\App\db\mysql\migrate. Example: C:\Program Files \McAfee\Network Security Manager\App\db\mysql\migrate.
b Copy the two scripts — Alertproc_offline_1.sql and Alertproc_offline_2.sql to <Manager install directory>\MySQL\bin.
For example, copy the scripts to C:\Program Files\McAfee\Network Security Manager \MySQL\bin.
13
How to Upgrade the Manager?4 On the Manager server, log on to MySQL.
a On the Manager server command prompt, go to <Manager install directory>\MySQL\bin.
For example, go to C:\Program Files\McAfee\Network Security Manager\MySQL\bin.
b Run the following command: mysql -u<Database user name> -p<Database password> db_name
For example, run mysql -uroot -proot123 lf
5 In the MySQL shell (MySQL prompt), run: source alertproc_offline_1.sql
• When Alertproc_offline_1.sql executes, it does not display any progress. So, wait until the script completes.
• When Alertproc_offline_1.sql executes, few log messages are displayed at the MySQL prompt. The query for the message adding few columns for alert table takes more time based on factors such as the RAM of the Manager server, hard disk speed, activities involving the Manager database, and so on.
• When you execute Alertproc_offline_1.sql, the MySQL prompt drops to the next line and the cursor is restored only when the script is fully executed.
• If you stop Alertproc_offline_1.sql before it executes fully, you might lose the historical alerts and packetlogs. For such cases, revert to the earlier version of the Manager, restore the database backup from prior to upgrade, and then restart the upgrade process.
• If an SQL error message is displayed, stop proceeding and contact McAfee Technical Support with the details of the message.
6 Stop the Manager service.
The Manager database service must be running.
7 In the MySQL shell (MySQL prompt), run: source alertproc_offline_2.sql
• Alertproc_offline_2.sql typically takes less than a minute to complete.
• If an SQL error message is displayed, stop proceeding and contact McAfee Technical Support with the details of the message.
• After you complete running the two scripts, you can delete the two scripts from MySQL\bin
folder since these scripts are might differ between versions.
• Alertprocoffline1.log and alertprocoffline2.log files are created in the <Manager install
directory>\App directory. You can check these logs if there are any issues during the upgrade.
Utilities like db backup/restore/archival/purge cannot be run on your database before completing step 7. This is because your Manager database will still be in transition at this stage of the upgrade.