Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sajid_Abbas
Contributor

Log Server Migration R80.40 to R81.10

Hi Everyone,

We are in the process of migrating our Management Suit (Mgmt + log + event server) from R80.40 to R81.10, which all run on open hardware.

We are creating new VMs for all three to migrate and will be performing migrate_server export and import to move the databases.

Wanted clarification on few question if someone can assist

 

1. Do we need to run the migrate_server export on all three servers or on the management server only. If not on the other two then do we just create new log and event server and re-establish SIC with new Mgmt server.

2. For the new management server, if we have the same hostname and IP address, I believe we do not have to perform re-establish of SIC with gateways.

3. For the log server migration, what is the best way of transferring logs from old server to new server so its viewable after migration. Does it need to be re-indexed? Would appreciate if someone can provide reference sk or guides for this.

 

Thanks

Sajid

0 Kudos
9 Replies
G_W_Albrecht
Legend Legend
Legend

Why so complicated ? In-Place upgrade using CPUSE is one step on 3 units 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

You can only run migrate_server on the management server.
For the log servers you can easily just do a fresh install and establish SIC with the new server.
You can copy the logs over from the old servers and reindex the logs: https://community.checkpoint.com/t5/Management/SmartLog-only-look-back-14-days-how-to-reindex-90-day...

A migrate_server will also preserve the Internal Certificate Authority and all that is necessary to establish SIC with the existing gateways is pushing policy.

0 Kudos
Sajid_Abbas
Contributor

Hi PhoneBoy,

 

Thanks for your response which is helpful.

Could you confirm if the log server will be freshly built and only needs new SIC establishment. From this link, which is for both management and log server, it says the migrate_server instruction applies to management, log and event servers as well.

0 Kudos
PhoneBoy
Admin
Admin

Where precisely are you seeing migrate_server is run on SmartEvent and Log servers?
If they are on the main management server, yes.
For standalone SmartEvent and Log Servers, you can either do an in-place upgrade with CPUSE or a fresh install to new hardware.
If you do a fresh install, you'll have to re-establish SIC.

0 Kudos
Douglas_Rich
Contributor

Both the installation and upgrade guide for R81.10 and R81.20 state: 

In Section: Upgrading a Security Management Server or Log Server from R80.20 and higher with Migration

Notes:
This procedure is supported only for servers that run R80.20.M1, R80.20, R80.20.M2, R80.30, or higher versions.
These instructions equally apply to:
Security Management Server
Dedicated Log Server
Dedicated SmartEvent Server

0 Kudos
Amir_Senn
Employee
Employee

CPUSE upgrade for log servers and SmartEvent server is supported and usually preserve all the logs. Specifically when upgrading from R80.xx to R81.xx you won't see the logs on the logs view since the logging SOLR version was upgraded, therefore you need the re-indexing of the old logs. They are still available to use but only if you open the log file manually.

When doing the migrate_export command you can also retain the logs/indexes by using additional flags ( -l for logs only and -x for logs and indexes), though the limitation of the SOLR version is still relevant so no point of retaining indexes.

Kind regards, Amir Senn
0 Kudos
PhoneBoy
Admin
Admin

You should be able to reindex the old logs when upgrading, but you will have to kick off that process manually after the upgrade.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
Sajid_Abbas
Contributor

Hi,

Wanted to check if I'm doing this process correctly.

We built a fresh new log server and are getting all logs currently according to the policies.

 

For getting older logs from previous logs server, the process I followed

  • Transfer all raw log files from old server to new server. The ones with *.log only not the *.logptr  or other files
  • Transfer was done through scp to new server
  • Upon transferring all files for last 30 days i followed the process mentioned in sk111766
  • Also changed the indexing duration higher in the smart console

 

Is there anything else required after this like reboot etc. Is the above process only to be done on dedicated log server or also dedicated event server. 

What should I expect to see. Will there be new pointer/index files created. 

We still cannot view the logs on dashboard or in reports.

 

Sajid

0 Kudos
Amir_Senn
Employee
Employee

You'll need all the files accompanied with .log file, it contains relevant information about the logs. Transfer with SCP all the files that are related, they should be considerably smaller than the log files.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events