Documentation Center
AlienVault® USM Appliance™

Updating USM Appliance and AlienVault OSSIM® to Version 5.2

Version: 5.2
Deployment: All deployments

USM Appliance and AlienVault OSSIM version 5.2 includes an operating system update to improve general performance, stability, and reliability. The AlienVault OS is based on Debian, which will update from Debian 6 ‘Squeeze’ to Debian 8 ‘Jessie’. All libraries, kernel, and software will be updated; therefore the update option is only available from the AlienVault Setup menu (both online and offline), not from the web interface.

Read the notes below carefully before running the update:

  • Due to the complexity of this update, we are asking all customers to update to USM Appliance/AlienVault OSSIM version 5.1.1 first, following the normal update procedure; then update to version 5.2 from the AlienVault Setup menu.
  • The file size for this update is around 800MB, so it may take a long time to download depending on your Internet connectivity. We recommend that you plan at least 1 hour window to update each AlienVault device. For the same reason, an SSH session may lose connection in the middle of the update, therefore we recommend updating the system from a terminal instead of an SSH session. Alternatively, you can use the GNU Screen program to maintain the session.
  • For virtual environments, a big download relies heavily on the I/O of the hard disk, so it is better to update them one by one, never simultaneously. As always, if you have more than one USM Appliance instances deployed, you should update them from the higher level to the lower level, i.e. first the USM Appliance Logger, then the USM Appliance Server or USM Appliance All-in-One, and lastly the USM Appliance Sensor.
  • This release requires rebooting the appliance once the update has completed.
  • Please run a full backup before updating in case any unexpected issue happens.

Prior to the update, the system will run some checks to make sure that your USM Appliance/AlienVault OSSIM instance(s) is in a healthy state. Actual update will not start if any of the blocker type checks fails. A warning, on the other hand, is a recommendation; you can choose to ignore, you are accepting the risk that your update may not run properly. The table below summaries what these checks are, which AlienVault product they are applicable to, and what you can do if your USM Appliance/AlienVault OSSIM instance(s) do not pass a check.

Checks USM Appliance AlienVault OSSIM Remediation Steps
Verify that current session is not SSH Warning Warning AlienVault recommends updating the system from a terminal to prevent potential connection problems during the update. If you have to use SSH, use screen.
Verify that there are no custom partitions Blocker Warning Please contact AlienVault Support for custom partition issues.

For online update only:

This check considers any mounted USB device to be a custom partition. Disconnect the USB device and run the update again.

Offline update can be carried out through the USB device as normal.

Verify that USM Appliance/AlienVault OSSIM is on version 5.1.1 Blocker Blocker Update to USM Appliance/AlienVault OSSIM version 5.1.1 first, then update to 5.2
Verify that there is enough disk space Blocker Blocker You should have at least 10GB of free disk space before running the update.
Verify that the mysql proc table is OK Blocker Blocker Repair the table and try again. To repair this table, jailbreak the system and run this command:
mysqlcheck --repair mysql proc -u root -pXXX
Verify that High Availability (HA) is not enabled Blocker Blocker Disable HA and run the update again.
Verify that there is no pending reboot Blocker Blocker Reboot the appliance and run the update again.
Verity that CPU load is not too high Blocker Blocker The load average of your CPU in the last minute is above 8. Reboot the appliance and run the update again.
Verify that the installed packages are provided by AlienVault Blocker N/A Remove 3rd party packages. The error message will list what those packages are.
Verify that the installed packages are on the expected version Blocker N/A Update to USM Appliance/AlienVault OSSIM version 5.1.1.
Verify that critical packages are on the expected version Blocker N/A These are the packages that AlienVault packages have dependencies on.
Please contact AlienVault Support if critical packages are not on the correct version.
Verify that all packages have been successfully installed Blocker N/A Make sure all packages show ‘ii’ when running ‘dpkg –l’.
If not, try updating to USM Appliance 5.1.1 first, then run the 5.2 update.
Please contact AlienVault Support if the packages cannot be successfully installed.
Verify that the VM meets the necessary requirements Blocker N/A The minimum requirement for this update is 4 CPU cores and 7.7GB RAM.
Verify that the schema is the correct version Blocker N/A Make sure that the USM Appliance schema version is 5.1.1.
Please contact AlienVault Support if the schema is not on the correct version.

To update to AlienVault USM Appliance/AlienVault OSSIM version 5.2

  1. Login to the AlienVault Console.
  2. Navigate to System Preferences > Update AlienVault System > Update System (Major).

    Note: Make sure to choose the Update System (Major) option. The Update System option only updates the security feeds.

  3. Confirm that you want to continue with the major update. Press <Yes>.
  4. The AlienVault update process starts with the message below:

This update will change the underlying operating system and kernel

Please run a full backup before continuing to prevent any unexpected issues with your AlienVault system.
Your last backup was on Sep 29 11:03

Do you want to upgrade?[Y/n]
  1. Type ‘y’ then press Enter.
  2. The update process continues if none of the checks fails.
  3. Reboot the system once the update process completes successfully.
You can check all the activities in the update log: