Upgrading to Graylog 4.1.x
  • 25 May 2022
  • 1 Minute to read
  • Dark
    Light

Upgrading to Graylog 4.1.x

  • Dark
    Light

Overview

  • Upgrading to Graylog 4.1.x
    • TLS Changes
    • Breaking Changes
      • Changes to the Elasticsearch Support
      • Configuration file changes
Warning

Please make sure to create a MongoDB database backup before starting the upgrade to Graylog 4.1!

TLS Changes

Graylog is now using only ciphers that considered secure (at this time of writing) when TLS v1.2 or greater is enabled. (see #10653 and #10985 ) Only TLSv1.2 and TLSv1.3 are enabled in the default Graylog configuration.

This could lead to problems with legacy TLS implementations connecting to Graylog. (e.g. older Syslog daemon versions connecting to a Graylog Syslog input)

To enable older ciphers again and work around problems with legacy TLS implementations, the enabled_tls_protocolsoption can be adjusted to include TLS v1.1.
Example:

enabled_tls_protocols = TLSv1.1,TLSv1.2

Breaking Changes

The semantics of the limit parameter in the legacy search API (/search/universal/(absolute|keyword|relative)) have changedto fix an inconsistency introduced in 4.0: prior to 4.0, 0meant “no limit”, with 4.0this changed to -1and 0for “empty result”. With 4.1 this has been fixed to work again like in the past but the underlyingSearches#scrollmethod has been tagged as @deprecatednow, too.

Changes to the Elasticsearch Support

Prior to v4.0 and in v4.0 without version probing for the Elasticsearch version, Graylog continues connecting to ES until it is successful. When you have version-probing for the used Elasticsearch version enabled, and Graylog starts up but can not connect to ES, the startup stopped immediately with v4.0. Starting from 4.1 the default behaviour is, that Graylog retries connecting with a delay until it can connect to Elasticsearchmaking the behaviour consistent again. See the Elasticsearch configuration page for details.

Configuration options: elasticsearch_version_probe_attemptsand elasticsearch_version_probe_delay.

4.1.x Compatability

Elasticsearch Version Compatability

GRAYLOG VERSION MINIMUM ES VERSION MAXIMUM ES VERSION
4.1.X 6.8, 7 7.1

MongoDB Version Compatability

GRAYLOG VERSION MINIMUM MONGO VERSION MAXIMUM MONGO VERSION
4.1.X 3.6 4.4

Configuration file changes

The system stats collector has been reimplemented using OSHI instead of SIGAR. The configuration option disable_sigar has been renamed to disable_native_system_stats_collector.


Was this article helpful?