Updating SEAL Elastic Stack¶

The update consists of a server an a client part which you have to update separately.

Server:

The server part includes Elasticsearch and Kibana. You have to update it on the management server.
Client:

The client part contains Filebeat. You have to update it on the PLOSSYS 5 server.

Management Server¶

Caution - SEAL Elastic Stack incompatible to seal-elk

SEAL Elastic Stack contains the new version of Elasticsearch and Kibana and replaces seal-elk. Before installing SEAL Elastic Stack, you have to uninstall seal-elk.

In a browser, log on to the SEAL Systems delivery platform with your logon data:

https://delivery.sealsystems.de

Hint - logon data

You receive the logon data from your Technical Project Manager at SEAL Systems.
Download the SEAL Elastic Stack - 7.16.1.85 - msi folder. It is saved as SEAL Elastic Stack - 7.16.1.85 - msi.zip.
Extract SEAL Elastic Stack - 7.16.1.85 - msi.zip.
In a PowerShell (Administrator), change to the SEAL Elastic Stack - 7.16.1.85 - msi\server directory and start installing the packages:
```
cd "SEAL Elastic Stack - 7.16.1.85 - msi\server"
```
```
Set-ExecutionPolicy Bypass -Scope Process -Force; .\install.ps1
```

Open the required firewall ports for necessesary services:

Set-ExecutionPolicy Bypass -Scope Process -Force; .\firewall.ps1

Change to the configuration directory:
```
cd C:\ProgramData\SEAL Systems\config
```
In an editor, compare the new kibana.yml configuration file to the old kibana.yml.install-bak configuration file and add your customer-specific changes.
Start Elasticsearch:
```
start-service elasticsearch
```
Start Kibana:
```
start-service seal-kibana
```

PLOSSYS 5 Server¶

In a browser, log on to the SEAL Systems delivery platform with your logon data:

https://delivery.sealsystems.de

Hint - logon data

You receive the logon data from your Technical Project Manager at SEAL Systems.
Download the SEAL Elastic Stack - 7.16.1.85 - rpm folder. It is saved as SEAL Elastic Stack - 7.16.1.85 - rpm.zip.
Extract SEAL Elastic Stack - 7.16.1.85 - msi.zip.
In a PowerShell (Administrator), change to the SEAL Elastic Stack - 7.16.1.85 - msi\client directory and start installing the packages:
```
cd "SEAL Elastic Stack - 7.16.1.85 - msi\client"
```
```
Set-ExecutionPolicy Bypass -Scope Process -Force; .\install.ps1
```
Change to the configuration directory:
```
cd C:\ProgramData\SEAL Systems\config
```
In an editor, compare the new filebeat.yml configuration file to the old filebeat.yml.install-bak configuration file and add your customer-specific changes.
Start SEAL Filebeat:
```
start-service seal-filebeat
```

Manual Steps After Updating the PLOSSYS 5 Server to PLOSSYS 5.3.3¶

With PLOSSYS 5.3.3, audit messages have been introduced. For this, the filebeat.yml configuration file had to be changed. So, if you update SEAL Elastic Stack in the context of a PLOSSYS 5 update to version 5.3.3, you have to do some manual changes in the Filebeat configuration file.

On the PLOSSYS 5 server, open the Filebeat configuration file:
```
C:\ProgramData\SEAL Systems\config\filebeat.yml
```

Add the following entry below the processors section:

- add_fields:
    when:
      has_fields:
        - metadata.audit
    target: ""
    fields:
      indextype: audit
- rename:
    when:
      has_fields:
        - metadata.audit
    fields:
      - from: metadata.audit
        to: audit
      - from: application
        to: audit.application
    ignore_missing: true
- copy_fields:
    when:
      has_fields:
        - audit
    fields:
      - from: timestamp
        to: audit.timestamp
    ignore_missing: true
- drop_fields:
    when:
      has_fields:
        - audit
    fields: ["sourcefile", "hostname", "message", "application", "module", "level", "metadata", "agent", "host", "ecs", "processId"]
    ignore_missing: true