Upgrade Graylog on Ubuntu
This guide describes the recommended way to upgrade Graylog on Ubuntu 20.04 LTS and 22.04. All links and packages are present at the time of writing.
Prerequisites
The following tasks must be completed before upgrading the Graylog server. If they are not completed, problems may occur. Once the prerequisites are satisfied, then you may proceed with the upgrade process.
-
Review the release notes of the version(s) of Graylog that you will upgrade to. You can find release notes for Graylog 6.1 in the documentation.
-
You may also need to perform manual edits to the Graylog server.conf configuration file before restarting the Graylog server. Information on manual tasks required by a version of Graylog can be found in the changelogs and the Upgrading Graylog pages in the documentation.
-
Ensure that you back up both the MongoDB and OpenSearch database states prior to upgrading any component of the Graylog stack to create a rollback option.
-
In preparation for upgrading Graylog, you must first satisfy any software prerequisites. MongoDB and OpenSearch must be running at least the minimum required version for the version of Graylog to which you wish to upgrade. Please refer to the following chart to determine your version compatibility requirements:
Graylog Version | Minimum MongoDB Version | Maximum MongoDB Version | Minimum Elasticsearch Version | Maximum Elasticsearch Version | Minimum OpenSearch Version | Maximum OpenSearch Version |
---|---|---|---|---|---|---|
4.0.x | 3.6 | 4.2 | 6.8 or 7.0 | 7.1 | Not Supported | Not Supported |
4.1.x | 3.6 | 4.4 | 6.8 or 7.0 | 7.1 | Not Supported | Not Supported |
4.2.x | 3.6 | 4.4 | 6.8 or 7.0 | 7.10.2 | Not Supported | Not Supported |
4.3.x | 3.6 | 5.0 | 6.8 or 7.0 | 7.10.2 | 1.1.x (or 1.3.x for Graylog Security) | 1.3.x |
5.0.x |
5.0.7 |
6.x |
7.10.2 |
7.10.2 |
1.1.x (or 1.3.x for Graylog Security) |
2.13.x |
5.1.x |
5.0.7 |
6.x |
7.10.2 |
7.10.2 |
1.1.x (or 1.3.x for Graylog Security) |
2.13.x |
5.2.x |
5.0.7 |
6.x |
7.10.2 |
7.10.2 |
1.1.x (or 1.3.x for Graylog Security) |
2.13.x |
6.0.x |
5.0.7 |
7.x |
7.10.2 |
7.10.2 |
1.1.x (or 1.3.x for Graylog Security) |
2.15.x |
6.1.x |
5.0.7 |
7.x |
7.10.2 |
7.10.2 |
1.1.x (or 1.3.x for Graylog Security) |
2.15.x |
Upgrading Multiple Versions of Graylog
Do not skip a major version when upgrading Graylog. For example, to upgrade from 3.3 to 4.3, first upgrade to the major version 4.0 and then to 4.3. See Upgrade Path for more information on this process.
Additionally, when upgrading through multiple versions of Graylog, ensure that you restart the Graylog service each time an upgrade is performed. You can confirm your new version has installed successfully by verifying the ServerBootstrap message indicates a successful start up in the server.log file:
2024-08-25T00:01:50.883Z INFO [ServerBootstrap] Graylog server up and running.
Software Verification
In order to verify that you are running the desired version of either of the dependencies mentioned above, enter the following command, replacing the name of each application with the one you want to verify:
sudo apt list --installed | grep 'mongo\|opensearch\|graylog'
Upgrade Graylog on Ubuntu
Complete the following steps to upgrade your Graylog instance using your package manager of choice (e.x. APT_GET):
1. Shut down the Graylog node.
sudo systemctl stop graylog-server
2. Monitor the status of the Graylog node.
ps -aefww | grep graylog
3. Once the Graylog node is down, update the local package cache.
sudo apt-get update
4. Display available versions of Graylog.
sudo apt-cache policy graylog-server graylog-enterprise
5. Use the system tools to upgrade the Graylog package(s).
-
If the version is not specified in the command, then the latest version in the repository will be installed.
-
If you have a lock on the Graylog package, you may then be prompted to remove it before allowing the upgrade to execute.
For Graylog Open:
wget https://packages.graylog2.org/repo/packages/graylog-6.1-repository_latest.deb
sudo dpkg -i graylog-6.1-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server
For Graylog Enterprise:
wget https://packages.graylog2.org/repo/packages/graylog-6.1-repository_latest.deb
sudo dpkg -i graylog-6.1-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-enterprise
To display installed graylog-*
packages:
sudo apt list --installed | grep graylog
6. Make any necessary changes to Graylog configuration file(s) as indicated by version.
7. Mark the package on-hold so that package updates do not accidentally upgrade the Graylog server.
For Graylog Open:
sudo apt-mark hold graylog-server
For Graylog Enterprise:
sudo apt-mark hold graylog-enterprise
8. Finally, restart the Graylog node.
sudo systemctl restart graylog-server