Rebuilding and reinstalling a Blumira sensor

Overview

There may be times when you must rebuild the Blumira sensor software and either reinstall it on the same server it was already running on or migrate the sensor to a new host if the old one is being deprecated.

You can generate a fresh build of your sensor image while retaining the sensor name and ID, as well as all sensor configurations, including the modules you already configured for log collection. This can save you the time and effort of starting with a new Blumira sensor configuration and having to redo your integrations.

Note: Although we designed sensor reinstallation to minimize disruption on an actively-used sensor during the rebuild process, it is possible that a small number of log messages (especially those using regular UDP-based Syslog) may be lost during the upgrade of a running sensor.

When to rebuild and reinstall a Blumira sensor

You should only rebuild a Blumira sensor in the following circumstances:

• The original Blumira sensor install script expired before you successfully installed the sensor on your Ubuntu host.
• You can no longer use the host it is currently running on and need to migrate the sensor onto a new host server.
• You were instructed to or otherwise need to upgrade the core sensor software manually.
• When the existing sensor will be unaffected until you run the installation script on the sensor host, at which time migration will occur (if a running sensor is detected).

Migrating a sensor to a new host

Unlike reinstalling in place, moving an existing sensor that is currently collecting logs onto a new host can be very lossy, depending on the volume of logs being processed by the sensor and how quickly you install it on the new host.

Tip: You can avoid a gap in data by creating a new host and new sensor, instead, and then manually reconfiguring your integrated log sources to the new sensor. However, this approach can be more time-consuming and sensor modules will re-fetch all history, leading to duplicate logs in the system for that data type and history time window.

Preparing to migrate a sensor

Before you can migrate an existing sensor onto a new server, you must first ensure you have a new virtual host ready to use. Complete the procedure in Preparing an Ubuntu host before continuing with the steps below.

Tip: To avoid additional work reconfiguring your log sources, ensure that you continue to use the same IP address for the new host as was used for the old host.

If you plan to continue using the old host for other purposes, manually delete the sensor Docker container on the old host by running the following commands:

sudo docker ps
# Get ID of the sensor container
sudo docker stop [containerID]
sudo docker rm [containerID]

Procedure

To rebuild and install the Blumira sensor:

1. In Blumira, navigate to Settings > Sensors.
2. Click the sensor that you want to update.
3. Click View details.
4. Click Rebuild Sensor.
5. When prompted, click Rebuild.
   

   

6. From the email you receive, copy and run the provided command on your host to complete the installation with the new sensor image.
   Note: You can also copy the script from the Installation Instructions section on the Sensor details page when the image is ready. The script will no longer appear after it expires.
   
7. When the install script successfully completes, a docker container appears on your host, which contains the sensor stack.
8. Reboot the host after the installation script has finished running. Until then the sensor will show online, but the modules will remain in an unknown state.