Upgrade Guide from v2.9.1 to v2.9.2¶
This guide explains how to upgrade from IDSTower v2.9.1 to v2.9.2, to upgrade please follow the below steps.
Stop your IDSTower service
$ sudo systemctl stop idstower.service
Take a full backup of your current IDSTower database
$ sudo mysqldump -B [DatabaseName] -u [DatabaseUsername] -p > IDSTower_backup_`date +%F_%H_%M_%S`.sql
.. note::
Replace `[DatabaseName]` and `[DatabaseUsername]` with your actual database name and username, you can find these details in your IDSTower configuration file located at `/opt/idstower/appsettings.json`
Take a backup of your IDSTower directory (including settings)
$ sudo cp -Rp /opt/idstower /opt/idstower_2.9.1_backup_`date +%F_%H_%M_%S`
Upgrade IDSTower to Version 2.9.2.
on CentOS/RHEL/RockyLinux/AlmaLinux:
$ sudo yum update idstower-2.9.2-1
on Ubuntu/Debian:
$ sudo apt install idstower=2.9.2-1
Start the IDSTower service.
$ sudo systemctl daemon-reload
$ sudo systemctl start idstower.service
Verify IDSTower service has started correctly and database schema has been migrated
$ sudo systemctl status idstower.service
Important: Configure Suricata Dataset Limits for IOCs Alerting
Version 2.9.2 fixes a regression in IOCs alerting that was caused by Suricata 7.0.9 and newer versions introducing default limits for Datasets hashsizes. You need to add the following configuration to your suricata.yaml file via the IDSTower UI:
Login to IDSTower web interface
Navigate to Cluster → Configs → Advanced → Edit suricata.yaml.
In the suricata.yaml configuration editor, add the following lines to the datasets section:
datasets.defaults.memcap: 64mb datasets.defaults.hashsize: 1048576 datasets.limits.single-hashsize: 2097152 datasets.limits.total-hashsizes: 62914560
Save the configuration
Deploy the configuration to all hosts in your cluster
Note
These settings ensure that IOCs alerting works correctly with Suricata 7.0.9 and newer versions. Without these settings, you may experience issues starting your clusters and IOCs alerting working correctly.
done.