Upgrade Graylog on SUSE

This guide describes the recommended way to upgrade Graylog on SUSE Linux Enterprise Server 12 and 15. All links and packages are present at the time of writing.

Warning: This guide does not cover security settings! The server administrator must make sure the Graylog server is not publicly exposed and is following security best practices.

Prerequisites

The following tasks must be completed before upgrading the Graylog server. If they are not completed, problems may occur. Once the prerequisites are satisfied, then you may proceed with the upgrade process.

  • Review the release notes of the version(s) of Graylog that you will upgrade to. You can find release notes for Graylog 6.1 in the documentation.

  • You may also need to perform manual edits to the Graylog server.conf configuration file before restarting the Graylog server. Information on manual tasks required by a version of Graylog can be found in the changelogs and the Upgrading Graylog pages in the documentation.

  • Ensure that you back up both the MongoDB and OpenSearch database states prior to upgrading any component of the Graylog stack to create a rollback option.

  • In preparation for upgrading Graylog, you must first satisfy any software prerequisites. MongoDB and OpenSearch must be running at least the minimum required version for the version of Graylog to which you wish to upgrade. Please refer to the following chart to determine your version compatibility requirements:

WarningWe caution you not to install or upgrade to Elasticsearch 7.11+ or OpenSearch 2.16+! These versions are not supported. Installing them will break your instance!

Graylog Version Minimum MongoDB Version Maximum MongoDB Version Minimum Elasticsearch Version Maximum Elasticsearch Version Minimum OpenSearch Version Maximum OpenSearch Version
4.0.x 3.6 4.2 6.8 or 7.0 7.1 Not Supported Not Supported
4.1.x 3.6 4.4 6.8 or 7.0 7.1 Not Supported Not Supported
4.2.x 3.6 4.4 6.8 or 7.0 7.10.2 Not Supported Not Supported
4.3.x 3.6 5.0 6.8 or 7.0 7.10.2 1.1.x (or 1.3.x for Graylog Security) 1.3.x

5.0.x

5.0.7

6.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.13.x

5.1.x

5.0.7

6.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.13.x

5.2.x

5.0.7

6.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.13.x

6.0.x

5.0.7

7.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.15.x

6.1.x

5.0.7

7.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.15.x

Upgrading Multiple Versions of Graylog

Do not skip a major version when upgrading Graylog. For example, to upgrade from 3.3 to 4.3, first upgrade to the major version 4.0 and then to 4.3. See Upgrade Path for more information on this process.

Additionally, when upgrading through multiple versions of Graylog, ensure that you restart the Graylog service each time an upgrade is performed. You can confirm your new version has installed successfully by verifying the ServerBootstrap message indicates a successful start up in the server.log file:

2024-08-25T00:01:50.883Z INFO [ServerBootstrap] Graylog server up and running.

Software Verification

In order to verify that you are running the desired version of either of the dependencies mentioned above, enter the following command, replacing the name of each application with the one you want to verify:

Copy 
sudo zypper search -i | grep 'mongo\|opensearch\|graylog'

Upgrading Graylog on SUSE

Complete the following steps to upgrade your Graylog instance using your package manager of choice (e.x. APT_GET):

1. Shutdown the Graylog node.

Copy 
 sudo systemctl stop graylog-server

2. Monitor the status of the Graylog node.

Copy 
ps -aefww | grep graylog

3. Once the Graylog node is down, update the repository package to the target version.

Copy 
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-6.1-repository_latest.rpm
sudo zypper update

4. Display available versions of Graylog.

For Graylog Open:

Copy 
sudo zypper search -s graylog-server

For Graylog Enterprise:

Copy 
sudo zypper search -s graylog-enterprise

5. Use the system tools to upgrade the Graylog package(s).

HintIf the version is not specified in the command, then the latest version in the repository will be installed.

For Graylog Open: 

Copy 
sudo zypper install graylog-server-6.1

For Graylog Enterprise: 

Copy 
sudo zypper install graylog-enterprise-6.1

To display installed graylog-* packages:

For Graylog Open:

Copy 
sudo zypper info graylog-server

For Graylog Enterprise:

Copy 
sudo zypper info graylog-enterprise

6. Make any necessary changes to Graylog configuration file(s) as indicated by version.

7. Mark the package on-hold so that package updates do not accidentally upgrade the Graylog server.

For Graylog Open:

Copy 
sudo zypper addlock graylog-server

For Graylog Enterprise:

Copy 
sudo zypper addlock graylog-enterprise

8. Finally, restart the Graylog node.

Copy 
sudo systemctl restart graylog-server