Upgrade Instructions

You need to read the information and follow these procedures for upgrading NetWitness version 11.7.0.1.

Upgrade Path Downloads Required
From 11.5.3.2 to 11.7.0.1
  • 11.7.0.0 base pack
  • 11.7.0.1 patch release
From 11.5.3.3 to 11.7.0.1
  • 11.7.0.0 base pack
  • 11.7.0.1 patch release
From 11.6.0.0 to 11.7.0.1
  • 11.7.0.0 base pack
  • 11.7.0.1 patch release

From 11.6.0.1 to 11.7.0.1

  • 11.7.0.0 base pack
  • 11.7.0.1 patch release
From 11.6.1.0 to 11.7.0.1
  • 11.7.0.0 base pack
  • 11.7.0.1 patch release

From 11.6.1.1 to 11.7.0.1

  • 11.7.0.0 base pack
  • 11.7.0.1 patch release

From 11.6.1.2 to 11.7.0.1

  • 11.7.0.0 base pack
  • 11.7.0.1 patch release

From 11.6.1.3 to 11.7.0.1

  • 11.7.0.0 base pack
  • 11.7.0.1 patch release

From 11.7.0.0 to 11.7.0.1

  • 11.7.0.1 patch release

You can upgrade 11.7.0.1 patch using one of the following options:

  • If the NetWitness Server has internet connectivity to Live Services, the NetWitness Platform User Interface can be used to apply the patch.
  • If the NetWitness Server does not have internet connectivity to Live Services, the Command Line Interface (CLI) or the NetWitness Platform User Interface can be used to apply the patch.

Note: If you are using S4s device that utilizes SD cards, SSH to NW Server and run the following command before starting the upgrade process. manage-stig-controls --disable-control-groups 7 --host-id <node uuid>.

For upgrading from 11.5.3.2, see the RSA NetWitness Platform 11.7 Upgrade Guide.

Running in Mixed Mode

Running in mixed mode occurs when some services are upgraded to the latest version and some services are on older versions. See "Running in Mixed Mode" in the RSA NetWitness Platform Hosts and Services Getting Started Guide for further information.

Note: If you are running Endpoint Log Hybrid in mixed mode, make sure Endpoint Broker is on the same version as one of the Endpoint Servers.

Upgrade Tasks

Important Notes - Read This First

Synchronize Time on Component Hosts with NW Server Host

Before upgrading your hosts, make sure that the time on each host is synchronized with the time on the NetWitness Server.
To synchronize the time, do one of the following:

  • Configure the NTP Server. For more information, see"Configure NTP Servers" in the System Configuration Guide.
  • Perform the following steps on each host:
    1. SSH to a component host.
    2. Run the following commands.
      systemctl stop ntpd
      ntpdate nw-node-zero
      systemctl start ntpd

Mixed Mode Unsupported for ESA Hosts

Mixed mode is not supported for ESA hosts in NetWitness Platform version 11.5 and later. The NetWitness server, ESA primary host, and ESA secondary host must all be on the same NetWitness Platform version.

Respond Server Service Not Enabled Until NW Server and Primary ESA Host Upgraded to 11.7.0.1

After upgrading the primary NW Server (including the Respond Server service), the Respond Server service is not automatically re-enabled until after the Primary ESA host is also upgraded to 11.7.0.1. The Respond post-upgrade tasks only apply after the Respond Server service is upgraded and is in the enabled state.

Task 1: Upgrade External Repository

Note: Perform the below steps only if you are using an external repository for 11.7.0.1.

To upgrade the external repository which is an externally managed server, do the following:

  1. Upgrade the external repository with the latest upgrade content for the RSA netwitness-11.7.0.1.zip.
    The following is the structure after upgrading the external repository:
    11.7.0.1 Repo Image

Task 2: Disable Decoder Services

Before upgrading to 11.7.0.1, you must disable Capture AutoStart on Network Decoder and Network Hybrid Services.

To disable Capture Autostart:

  1. Go to (missing or bad snippet) > Services.
    The Administration Services view is displayed.
  1. Select a Network Decoder or Network Hybrid service and select netwitness_actions_icon.png > View > Config.
    The services config view for the selected Network Decoder or Network Hybrid is displayed.
  1. In the Decoder Configuration panel, deselect the Capture Autostart and click Apply.

Task 3: Upgrade the Patch

You can choose one of the following upgrade methods based on your internet connectivity.

Upgrade Options

Option 1: Online Method (Connectivity to Live Services): Upgrade Using NetWitness Platform User Interface

You can use this method if the NetWitness Server host is connected to Live Services and can obtain the package.

Note: If the NetWitness Server does not have access to Live Services, use Option 2: Offline Method (No connectivity to Live Services): Upgrade using the Command Line Interface . or use Option 3: Offline Method (No connectivity to Live Services): Upgrade using the NetWitness Platform User Interface

Prerequisites

Make sure that:

  1. The Automatically download information about new upgrades every day option is selected and is applied in (missing or bad snippet) > System > Updates.
  2. Go to (missing or bad snippet) > Hosts > Update > Check for Updates to check for upgrades. The Host page displays the Update Available status.
  3. 11.7.0.1 is available under Update Version column.

Note: If you have custom certificates, move any custom certificates from /etc/pki/nw/trust/import/ directory to /root/cert. Follow these steps to move the certificates:
1.) mkdir /root/cert.
2.) mv /etc/pki/nw/trust/import/* /root/cert.

Procedure

  1. Go to (missing or bad snippet) > Hosts.
  2. Select the NetWitness Server (nw-server) host.
  3. Check for the latest updates.
    netwitness_chk4upds.png
  4. Update Available is displayed in the Status column if you have a version upgrade in your Local Update Repository for the selected host.
  5. Select 11.7.0.1 from the Update Version column. If you:
    • Want to view a dialog with the major features in the upgrade and information on the updates, click the information icon (netwitness_ic-inline_help.png) to the right of the upgrade version number.
    • Cannot find the version you want, select Update > Check for Updates to check the repository for any available updates. If an update is available, the message "New updates are available" is displayed and the Status column upgrades automatically to show Update Available. By default, only supported upgrades for the selected host are displayed.
  6. Click Update > Update Host from the toolbar.
  7. Click Begin Update.
  8. Click the Reboot Host when prompted.
  9. Repeat steps 6 to 8 for other hosts.

Note: You can select multiple hosts to upgrade at the same time only after updating and rebooting the NetWitness Server host. All ESA, Endpoint, and Malware Analysis hosts should be upgraded to the same version as that of NW Admin Server or NetWitness Server host.

Note: Not all components have been changed for 11.7.0.1, so after you perform the upgrade steps, it is normal to see some components with different version numbers. For a list of the components that were upgraded for this release, see Build Numbers.

Option 2: Offline Method (No connectivity to Live Services): Upgrade using the Command Line Interface

You can use this method if the NetWitness Server host is not connected to Live Services.

Note: Alternatively, you can upgrade using the Option 3: Offline Method (No connectivity to Live Services): Upgrade using the NetWitness Platform User Interface

Download the 11.7.0.1 Patch

Download the RSA NetWitness Platform 11.7.0.1 Upgrade Pack files, which contain all the RSA NetWitness Platform 11.7.0.1 upgrade files respectively, from the NetWitness Community (https://community.netwitness.com/) > Products> NetWitness Platform > Downloads > Version 11.7 > 11.7.0.1 Patch Download. To download the 11.7 package, click on Full Product Downloads.

Upgrading from Download and Stage file

11.5.3.2

netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip

11.5.3.3

netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip

11.6.0.0

netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip

11.6.0.1 netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip

11.6.1.0

netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip

11.6.1.1 netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip
11.6.1.2 netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip
11.6.1.3 netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip
11.7.0.0 netwitness-11.7.0.1.zip

Note: If you are using external repository, you can upgrade the external repository with the latest upgrade content. For more information see, Task 1: Upgrade External Repository.

Procedure

You need to perform the upgrade steps for NetWitness Server host and for component hosts.

Note: Ensure that you have enough space in the NetWitness Server root and tmp directory before you unzip the package files.

Note: If you copy paste the commands from PDF to Linux SSH terminal, the characters do not work. It is recommended to type the commands.

Note: If you copied the .zip file to the created staging directory to unzip, make sure that you delete the initial .zip file that you copied to the staging location after you extract it.

  • If you are upgrading from 11.5.3.2 to 11.7.0.1, you only need to stage 11.7.0.0 and 11.7.0.1. Log into the /root to the directory of the NetWitness Server and create the following directory:
    /tmp/upgrade/11.7.0.0

    /tmp/upgrade/11.7.0.1
    and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:
    unzip netwitness-11.7.0.0.zip -d /tmp/upgrade/11.7.0.0

    unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

  • If you are upgrading from 11.5.3.3 to 11.7.0.1, you only need to stage 11.7.0.0 and 11.7.0.1. Log into the /root to the directory of the NetWitness Server and create the following directory:
    /tmp/upgrade/11.7.0.0

    /tmp/upgrade/11.7.0.1
    and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:
    unzip netwitness-11.7.0.0.zip -d /tmp/upgrade/11.7.0.0

    unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

  • If you are upgrading from 11.6.0.0 to 11.7.0.1, You only need to stage 11.7.0.0 and 11.7.0.1. There are two options to stage 11.7.0.1.

      • Option 1 (Manual) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade/11.7.0.0

        /tmp/upgrade/11.7.0.1
        and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:

        unzip netwitness-11.7.0.0.zip -d /tmp/upgrade/11.7.0.0

        unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

      • Option 2 (Automated) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade and /root/NW

        and then copy the NetWitness 11.7.0.0 and 11.7.0.1 package zip files to the /root/NW directory of the NetWitness Server.

        After this, run the below command to extract, validate, and initialize the 11.7.0.1 zip files:

        [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1

        Here, <download file path> is the location where you need to copy the netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip if it is downloaded to the local directory earlier.

        For Example: [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path /root/NW --version 11.7.0.1

        Once the message (INFO) Download and extraction of all the necessary NetWitness zips are completed is displayed in the console of the admin server, only then the initialization process will begin.

        Note: If you do not receive the message (INFO) Download and extraction of all the necessary NetWitness zips are completed, run the command [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1 again to stage 11.7.0.1.

        Note: After staging 11.7.0.1 (using the Option 2), if the initialization fails, run the command upgrade-cli-client –-init --version 11.7.0.1 --stage-dir /tmp/upgrade. If the initialization succeeds, ignore the first step under Upgrading the NetWitness Server and component hosts and proceed with the further steps in it.

  • If you are upgrading from 11.6.0.1 to 11.7.0.1, You only need to stage 11.7.0.0 and 11.7.0.1. There are two options to stage 11.7.0.1.

      • Option 1 (Manual) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade/11.7.0.0

        /tmp/upgrade/11.7.0.1
        and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:

        unzip netwitness-11.7.0.0.zip -d /tmp/upgrade/11.7.0.0

        unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

      • Option 2 (Automated) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade and /root/NW

        and then copy the NetWitness 11.7.0.0 and 11.7.0.1 package zip files to the /root/NW directory of the NetWitness Server.

        After this, run the below command to extract, validate, and initialize the 11.7.0.1 zip files:

        [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1

        Here, <download file path> is the location where you need to copy the netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip if it is downloaded to the local directory earlier.

        For Example: [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path /root/NW --version 11.7.0.1

        Once the message (INFO) Download and extraction of all the necessary NetWitness zips are completed is displayed in the console of the admin server, only then the initialization process will begin.

        Note: If you do not receive the message (INFO) Download and extraction of all the necessary NetWitness zips are completed, run the command [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1 again to stage 11.7.0.1.

        Note: After staging 11.7.0.1 (using the Option 2), if the initialization fails, run the command upgrade-cli-client –-init --version 11.7.0.1 --stage-dir /tmp/upgrade. If the initialization succeeds, ignore the first step under Upgrading the NetWitness Server and component hosts and proceed with the further steps in it.

  • If you are upgrading from 11.6.1.0 to 11.7.0.1, You only need to stage 11.7.0.0 and 11.7.0.1. There are two options to stage 11.7.0.1.

      • Option 1 (Manual) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade/11.7.0.0

        /tmp/upgrade/11.7.0.1
        and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:

        unzip netwitness-11.7.0.0.zip -d /tmp/upgrade/11.7.0.0

        unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

      • Option 2 (Automated) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade and /root/NW

        and then copy the NetWitness 11.7.0.0 and 11.7.0.1 package zip files to the /root/NW directory of the NetWitness Server.

        After this, run the below command to extract, validate, and initialize the 11.7.0.1 zip files:

        [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1

        Here, <download file path> is the location where you need to copy the netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip if it is downloaded to the local directory earlier.

        For Example: [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path /root/NW --version 11.7.0.1

        Once the message (INFO) Download and extraction of all the necessary NetWitness zips are completed is displayed in the console of the admin server, only then the initialization process will begin.

        Note: If you do not receive the message (INFO) Download and extraction of all the necessary NetWitness zips are completed, run the command [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1 again to stage 11.7.0.1.

        Note: After staging 11.7.0.1 (using the Option 2), if the initialization fails, run the command upgrade-cli-client –-init --version 11.7.0.1 --stage-dir /tmp/upgrade. If the initialization succeeds, ignore the first step under Upgrading the NetWitness Server and component hosts and proceed with the further steps in it.

  • If you are upgrading from 11.6.1.1 to 11.7.0.1, You only need to stage 11.7.0.0 and 11.7.0.1. There are two options to stage 11.7.0.1.

      • Option 1 (Manual) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade/11.7.0.0

        /tmp/upgrade/11.7.0.1
        and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:
        unzip netwitness-11.7.0.0.zip -d /tmp/upgrade/11.7.0.0

        unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

      • Option 2 (Automated) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade and /root/NW

        and then copy the NetWitness 11.7.0.0 and 11.7.0.1 package zip files to the /root/NW directory of the NetWitness Server.

        After this, run the below command to extract, validate, and initialize the 11.7.0.1 zip files:

        [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1

        Here, <download file path> is the location where you need to copy the netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip if it is downloaded to the local directory earlier.

        For Example: [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path /root/NW --version 11.7.0.1

        Once the message (INFO) Download and extraction of all the necessary NetWitness zips are completed is displayed in the console of the admin server, only then the initialization process will begin.

        Note: If you do not receive the message (INFO) Download and extraction of all the necessary NetWitness zips are completed, run the command [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1 again to stage 11.7.0.1.

        Note: After staging 11.7.0.1 (using the Option 2), if the initialization fails, run the command upgrade-cli-client –-init --version 11.7.0.1 --stage-dir /tmp/upgrade. If the initialization succeeds, ignore the first step under Upgrading the NetWitness Server and component hosts and proceed with the further steps in it.

    • If you are upgrading from 11.6.1.2 to 11.7.0.1, You only need to stage 11.7.0.0 and 11.7.0.1. There are two options to stage 11.7.0.1.

      • Option 1 (Manual) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade/11.7.0.0

        /tmp/upgrade/11.7.0.1
        and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:
        unzip netwitness-11.7.0.0.zip -d /tmp/upgrade/11.7.0.0

        unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

        • Option 2 (Automated) : Log into the /root to the directory of the NetWitness Server and create the following directory:

          /tmp/upgrade and /root/NW

          and then copy the NetWitness 11.7.0.0 and 11.7.0.1 package zip files to the /root/NW directory of the NetWitness Server.

          After this, run the below command to extract, validate, and initialize the 11.7.0.1 zip files:

          [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1

          Here, <download file path> is the location where you need to copy the netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip if it is downloaded to the local directory earlier.

          For Example: [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path /root/NW --version 11.7.0.1

          Once the message (INFO) Download and extraction of all the necessary NetWitness zips are completed is displayed in the console of the admin server, only then the initialization process will begin.

          Note: If you do not receive the message (INFO) Download and extraction of all the necessary NetWitness zips are completed, run the command [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1 again to stage 11.7.0.1.

          Note: After staging 11.7.0.1 (using the Option 2), if the initialization fails, run the command upgrade-cli-client –-init --version 11.7.0.1 --stage-dir /tmp/upgrade. If the initialization succeeds, ignore the first step under Upgrading the NetWitness Server and component hosts and proceed with the further steps in it.

    • If you are upgrading from 11.6.1.3 to 11.7.0.1, You only need to stage 11.7.0.0 and 11.7.0.1. There are two options to stage 11.7.0.1.

      • Option 1 (Manual) : Log into the /root to the directory of the NetWitness Server and create the following directory:

        /tmp/upgrade/11.7.0.0

        /tmp/upgrade/11.7.0.1
        and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:
        unzip netwitness-11.7.0.0.zip -d /tmp/upgrade/11.7.0.0

        unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

        • Option 2 (Automated) : Log into the /root to the directory of the NetWitness Server and create the following directory:

          /tmp/upgrade and /root/NW

          and then copy the NetWitness 11.7.0.0 and 11.7.0.1 package zip files to the /root/NW directory of the NetWitness Server.

          After this, run the below command to extract, validate, and initialize the 11.7.0.1 zip files:

          [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1

          Here, <download file path> is the location where you need to copy the netwitness-11.7.0.0.zip and netwitness-11.7.0.1.zip if it is downloaded to the local directory earlier.

          For Example: [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path /root/NW --version 11.7.0.1

          Once the message (INFO) Download and extraction of all the necessary NetWitness zips are completed is displayed in the console of the admin server, only then the initialization process will begin.

          Note: If you do not receive the message (INFO) Download and extraction of all the necessary NetWitness zips are completed, run the command [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1 again to stage 11.7.0.1.

          Note: After staging 11.7.0.1 (using the Option 2), if the initialization fails, run the command upgrade-cli-client –-init --version 11.7.0.1 --stage-dir /tmp/upgrade. If the initialization succeeds, ignore the first step under Upgrading the NetWitness Server and component hosts and proceed with the further steps in it.

    • If you are upgrading from 11.7.0.0 to 11.7.0.1, You only need to stage 11.7.0.1. There are two options to stage 11.7.0.1.

        • Option 1 (Manual) : Log into the /root to the directory of the NetWitness Server and create the following directory:

          /tmp/upgrade/11.7.0.1
          and then copy the package zip files to the /root directory of the NetWitness Server and extract the package files from /root to the /tmp/upgrade/11.7.0.1 directory:

          unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1

        • Option 2 (Automated) : Log into the /root to the directory of the NetWitness Server and create the following directory:

          /tmp/upgrade and /root/NW

          and then copy the NetWitness 11.7.0.1 package zip files to the /root/NW directory of the NetWitness Server.

          After this, run the below command to extract, validate, and initialize the 11.7.0.1 zip files:

          [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1

          Here, <download file path> is the location where you need to copy the netwitness-11.7.0.1.zip if it is downloaded to the local directory earlier.

          For Example: [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path /root/NW --version 11.7.0.1

          Once the message (INFO) Download and extraction of all the necessary NetWitness zips are completed is displayed in the console of the admin server, only then the initialization process will begin.

          Note: If you do not receive the message (INFO) Download and extraction of all the necessary NetWitness zips are completed, run the command [root@SA ~]# upgrade-cli-client --init --stage-dir /tmp/upgrade --download-path <download file path> --version 11.7.0.1 again to stage 11.7.0.1.

          Note: After staging 11.7.0.1 (using the Option 2), if the initialization fails, run the command upgrade-cli-client –-init --version 11.7.0.1 --stage-dir /tmp/upgrade. If the initialization succeeds, ignore the first step under Upgrading the NetWitness Server and component hosts and proceed with the further steps in it.

Upgrading the NetWitness Server and component hosts

  1. Initialize the upgrade, using the following command:
    upgrade-cli-client –-init --version 11.7.0.1 --stage-dir /tmp/upgrade

    IMPORTANT: Once init is performed, do not reboot the NW Admin server or restart jetty.

  2. Upgrade NetWitness Server, using the following command:
    upgrade-cli-client –-upgrade --host-addr <IP of NetWitness Server> --version 11.7.0.1
  3. When the component host upgrade is successful, reboot the host from NetWitness UI.

    IMPORTANT: This is a mandatory step. Ensure that you reboot the host from the NetWitness UI.

  4. Repeat steps 2 and 3 for each component host, changing the IP address to the component host which is being upgraded.

Note: You can check versions of all the hosts, using the command upgrade-cli-client --list on the NetWitness Server. If you want to view the help content of upgrade-cli-client, use the command upgrade-cli-client --help.

Note: If the following error displays during the upgrade process:
2017-11-02 20:13:26.580 ERROR 7994 — [ 127.0.0.1:5671] o.s.a.r.c.CachingConnectionFactory : Channel shutdown: connection error; protocol method: #method<connection.close>(reply-code=320, reply-text=CONNECTION_FORCED - broker forced connection closure with reason 'shutdown', class-id=0, method-id=0)
the patch will install correctly. No action is required. If you encounter additional errors when upgrading a host to a new version, contact Getting Help with NetWitness Platform.

External Repo Instructions for CLI Upgrade

Note: The external repo should have separate directories for 11.7.0.0 and 11.7.0.1, as described in Option 2: Offline Method (No connectivity to Live Services): Upgrade using the Command Line Interface

Note: If you copied the .zip file to the created staging directory to unzip, make sure that you delete the initial .zip file that you copied to the staging location after you extract it.

  1. Stage 11.7.0.1 by creating a directory on the NetWitness Server at /tmp/upgrade/11.7.0.1 and extract the zip package.
    unzip netwitness-11.7.0.1.zip -d /tmp/upgrade/11.7.0.1
  2. Initialize the upgrade, using the following command:
    upgrade-cli-client –-init --version 11.7.0.1--stage-dir /tmp/upgrade
  3. Upgrade NetWitness Server, using the following command:
    upgrade-cli-client –-upgrade --host-addr <IP of NetWitness Server> --version 11.7.0.1
  4. When the component host upgrade is successful, reboot the host from NetWitness UI.
  5. Repeat steps 3 and 4 for each component host, changing the IP address to the component host which is being upgraded.


Note: You can check versions of all the hosts, using the command upgrade-cli-client --list on NetWitness Server. If you want to view the help content of upgrade-cli-client, use the command upgrade-cli-client --help.

Note: If the following error displays during the upgrade process:
2017-11-02 20:13:26.580 ERROR 7994 — [ 127.0.0.1:5671] o.s.a.r.c.CachingConnectionFactory : Channel shutdown: connection error; protocol method: #method<connection.close>(reply-code=320, reply-text=CONNECTION_FORCED - broker forced connection closure with reason 'shutdown', class-id=0, method-id=0)
the patch will install correctly. No action is required. If you encounter additional errors when upgrading a host to a new version, contact Getting Help with NetWitness Platform.

Option 3: Offline Method (No connectivity to Live Services): Upgrade using the NetWitness Platform User Interface

Follow the instructions in Appendix A. Offline Method (No connectivity to Live Services): Upgrade using the NetWitness Platform User Interface.

Post-Upgrade Tasks

This topic is divided into two sections, based on the version that you are upgrading from:

Post Upgrade Tasks for Customers Upgrading from version 11.6.x.x

Post Upgrade Tasks for Customers Upgrading from version 11.5.3.2 or 11.5.3.3

Post Upgrade Tasks for Customers Upgrading from version 11.6.x.x

Task 1 (Optional) - Move the custom certificates

Move the custom certificates from external directory to /etc/pki/nw/trust/import directory.

Task 2- Enable Decoder Services

After you upgrade to 11.7.0.1, you must enable Capture AutoStart on Network Decoder and Network Hybrid Services.

To enable the Capture Autostart field:

  1. Go to (missing or bad snippet) > Services.

    The Administration Services view is displayed.

  2. Select a Network Decoder or Network Hybrid service and select netwitness_actions_icon.png > View > Config.

    The services Config view for the selected Network Decoder or Network Hybrid is displayed.

  3. In the Decoder Configuration panel, select the Capture Autostart field and click Apply.

Task 3 (Optional) - Reinstall Export Connector Plugin and Remove Old Plugins.

Follow the below procedure only if you have export connector plugin in your deployment and logstash installed separately.

Install the updated plugin

If you have Logstash installed separately, not as part of the NetWitness installation, you must install the updated Export Connector plugin after 11.7.0.1 patch upgrade. For more information to install the updated plugin, see https://community.netwitness.com/t5/netwitness-platform-online/install-netwitness-logstash-input-plugin/ta-p/669115.

Remove the old plugin

You must remove the old plugin, so the scans do not list them as vulnerabilities.

  1. Remove old Export Connector Plugin files. Do the following.

    rm -rf /usr/share/logstash/vendor/bundle/jruby/2.5.0/logstash-inputnetwitness_export_connector-2.x.x

    rm -rf /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-inputnetwitness_export_connector-2.x.x

    Note: 2.x.x can be 2.1.0 or 2.0.0

  2. Restart the Log Collector.

    service nwlogcollector restart

    Note: In case you have installed Logstash separately, outside NetWitness installation, the path and version of the plugin will be different. Restarting of the Log Collector service may not be required.

Post Upgrade Tasks for Customers Upgrading from version 11.5.3.2 or 11.5.3.3

Perform all the post upgrade tasks mentioned in Upgrade Guide for RSA NetWitness Platform 11.7.0.0.

Task 1 (Optional) - Reinstall Export Connector Plugin and Remove Old Plugins.

Follow the below procedure only if you have export connector plugin in your deployment and logstash installed separately.

Install the updated plugin

If you have Logstash installed separately, not as part of the NetWitness installation, you must install the updated Export Connector plugin after 11.7.0.1 patch upgrade. For more information to install the updated plugin, see https://community.netwitness.com/t5/netwitness-platform-online/install-netwitness-logstash-input-plugin/ta-p/669115.

Remove the old plugin

You must remove the old plugin, so the scans do not list them as vulnerabilities.

To remove old Export Connector Plugin files, do the following.

rm -rf /usr/share/logstash/vendor/bundle/jruby/2.5.0/logstash-inputnetwitness_export_connector-1.x.x

rm -rf /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-inputnetwitness_export_connector-1.x.x

Note: In case you have installed Logstash separately, outside NetWitness installation, the path and version of the plugin will be different.