Updating the host name or domain name of the ESA

Update the ESA configuration after updating the host name or domain name of the ESA machine.

Updating the host name or domain name on the Primary ESA

Update the configurations of the Primary ESA. This is the designated ESA that is used to log in for performing all configurations. It is also the ESA that is used to create and deploy policies.

Ensure that the host name or domain name of the ESA has been updated.
Ensure that the hostname does not contain the dot(.) special character.

Perform the steps on one system at a time if multiple ESAs must be updated.

Perform the following steps to refresh the configurations:

  1. Update the host name or domain name in the configuration files.

    1. Open the OS Console on the Primary ESA.

      1. Log in to the CLI Manager on the Primary ESA.
      2. Navigate to Administration > OS Console.
      3. Enter the root password.

    2. Update the repository.json file for the Audit Store configuration.

      1. Navigate to the /opt/protegrity/auditstore/management/config directory.

        cd /opt/protegrity/auditstore/management/config

      2. Open the repository.json file using a text editor.

      3. Locate and update the hosts attribute with the new host name and domain name as shown in the following example.

        "hosts": [
    "protegrity-esa123.protegrity.com"
  ]

      4. Save and close the file.

    3. Update the repository.json file for the Analytics configuration.

      1. Navigate to the /opt/protegrity/insight/analytics/config directory.

        cd /opt/protegrity/insight/analytics/config

      2. Open the repository.json file using a text editor.

      3. Locate and update the hosts attribute with the new host name and domain name as shown in the following example.

        "hosts": [
    "protegrity-esa123.protegrity.com"
  ]

      4. Save and close the file.

    4. Update the opensearch.yml file for the Audit Store configuration.

      1. Navigate to the /opt/protegrity/auditstore/config directory.

        cd /opt/protegrity/auditstore/config

      2. Open the opensearch.yml file using a text editor.

      3. Locate and update the node.name, network.host, and the http.host attributes with the new host name and domain name as shown in the following example. Update the node.name only with the host name. If required, uncomment the line by deleting the number sign (#) character at the start of the line.

        ...
<existing code>
...
node.name: protegrity-esa123
...
<existing code>
...
network.host:
- protegrity-esa123.protegrity.com
...
<existing code>
...
http.host:
- protegrity-esa123.protegrity.com

      4. Save and close the file.

    5. Update the opensearch_dashboards.yml file for the Audit Store Dashboards configuration.

      1. Navigate to the /opt/protegrity/auditstore_dashboards/config directory.

        cd /opt/protegrity/auditstore_dashboards/config

      2. Open the opensearch_dashboards.yml file using a text editor.

      3. Locate and update the opensearch.hosts attribute with the new host name and domain name as shown in the following example.

        opensearch.hosts: [ "https://protegrity-esa123.protegrity.com:9200" ]

      4. Save and close the file.

    6. Update the OUTPUT.conf file for the td-agent configuration.

      1. Navigate to the /opt/protegrity/td-agent/config.d directory.

        cd /opt/protegrity/td-agent/config.d

      2. Open the OUTPUT.conf file using a text editor.

      3. Locate and update the hosts attribute with the new host name and domain name as shown in the following example.

        hosts protegrity-esa123.protegrity.com

      4. Save and close the file.

    7. Update the INPUT_forward_external.conf file for the external SIEM configuration. This step is required only if an external SIEM is used.

      1. Navigate to the /opt/protegrity/td-agent/config.d directory.

        cd /opt/protegrity/td-agent/config.d

      2. Open the INPUT_forward_external.conf file using a text editor.

      3. Locate and update the bind attribute with the new host name and domain name as shown in the following example.

        bind protegrity-esa123.protegrity.com

      4. Save and close the file.

  2. Recreate the Docker containers using the following steps.

    1. Open the OS Console on the Primary ESA, if it is not opened.

      1. Log in to the CLI Manager on the Primary ESA.
      2. Navigate to Administration > OS Console.
      3. Enter the root password.

    2. Stop the containers using the following commands.

      /etc/init.d/asrepository stop
/etc/init.d/asdashboards stop

    3. Remove the containers using the following commands.

      /etc/init.d/asrepository remove
/etc/init.d/asdashboards remove

    4. Start the containers using the following commands.

      /etc/init.d/asrepository start
/etc/init.d/asdashboards start

  3. Rotate the Audit Store certificates on the Primary ESA. Use the IP address of the local node, which is the Primary ESA and the Lead node, while rotating the certificates.

    For the steps to rotate Audit Store certificates, refer here.

  4. Update the unicast_hosts.txt file for the Audit Store configuration.

    1. Open the OS Console on the Primary ESA.

    2. Navigate to the /opt/protegrity/auditstore/config directory using the following command.

      cd /opt/protegrity/auditstore/config

    3. Open the unicast_hosts.txt file using a text editor.

    4. Locate and update the host name and domain name.

      protegrity-esa123
protegrity-esa123.protegrity.com

    5. Save and close the file.

  5. Monitor the cluster status.

    1. Log in to the Web UI of the Primary ESA.

    2. Navigate to Audit Store > Cluster Management.

    3. Wait till the following updates are visible on the Overview page.

      • The IP address of the Primary ESA is updated.
      • All the nodes are visible in the cluster.
      • The health of the cluster is green.

      It is possible to monitor the log files for any errors by logging into the ESA Web UI, navigating to Logs > Appliance, and selecting the following files from the Enterprise-Security-Administrator - Event Logs list:

      • insight_analytics
      • asmanagement
      • asrepository

Updating the host name or domain name on the Secondary ESA

Update the configurations of the Secondary ESA after the host name or domain name of the ESA has been updated.

Perform the steps on one system at a time if multiple ESAs must be updated.

Perform the following steps to refresh the configurations:

  1. Update the host name or domain name in the configuration files.

    1. Open the OS Console on the Secondary ESA.

      1. Log in to the CLI Manager on the Secondary ESA.
      2. Navigate to Administration > OS Console.
      3. Enter the root password.

    2. Update the repository.json file for the Audit Store configuration.

      1. Navigate to the /opt/protegrity/auditstore/management/config directory.

        cd /opt/protegrity/auditstore/management/config

      2. Open the repository.json file using a text editor.

      3. Locate and update the hosts attribute with the new host name and domain name as shown in the following example.

        "hosts": [
    "protegrity-esa456.protegrity.com"
  ]

      4. Save and close the file.

    3. Update the repository.json file for the Analytics configuration.

      1. Navigate to the /opt/protegrity/insight/analytics/config directory.

        cd /opt/protegrity/insight/analytics/config

      2. Open the repository.json file using a text editor.

      3. Locate and update the hosts attribute with the new host name and domain name as shown in the following example.

        "hosts": [
    "protegrity-esa456.protegrity.com"
  ]

      4. Save and close the file.

    4. Update the opensearch.yml file for the Audit Store configuration.

      1. Navigate to the /opt/protegrity/auditstore/config directory.

        cd /opt/protegrity/auditstore/config

      2. Open the opensearch.yml file using a text editor.

      3. Locate and update the node.name, network.host, and the http.host attributes with the new host name and domain name as shown in the following example. Update the node.name only with the host name. If required, uncomment the line by deleting the number sign (#) character at the start of the line.

        ...
<existing code>
...
node.name: protegrity-esa456
...
<existing code>
...
network.host:
- protegrity-esa456.protegrity.com
...
<existing code>
...
http.host:
- protegrity-esa456.protegrity.com

      4. Save and close the file.

    5. Update the opensearch_dashboards.yml file for the Audit Store Dashboards configuration.

      1. Navigate to the /opt/protegrity/auditstore_dashboards/config directory.

        cd /opt/protegrity/auditstore_dashboards/config

      2. Open the opensearch_dashboards.yml file using a text editor.

      3. Locate and update the opensearch.hosts attribute with the new host name and domain name as shown in the following example.

        opensearch.hosts: [ "https://protegrity-esa456.protegrity.com:9200" ]

      4. Save and close the file.

    6. Update the OUTPUT.conf file for the td-agent configuration.

      1. Navigate to the /opt/protegrity/td-agent/config.d directory.

        cd /opt/protegrity/td-agent/config.d

      2. Open the OUTPUT.conf file using a text editor.

      3. Locate and update the hosts attribute with the new host name and domain name as shown in the following example.

        hosts protegrity-esa456.protegrity.com

      4. Save and close the file.

    7. Update the INPUT_forward_external.conf file for the external SIEM configuration. This step is required only if an external SIEM is used.

      1. Navigate to the /opt/protegrity/td-agent/config.d directory.

        cd /opt/protegrity/td-agent/config.d

      2. Open the INPUT_forward_external.conf file using a text editor.

      3. Locate and update the bind attribute with the new host name and domain name as shown in the following example.

        bind protegrity-esa456.protegrity.com

      4. Save and close the file.

  2. Recreate the Docker containers using the following steps.

    1. Open the OS Console on the Secondary ESA, if it is not opened.

      1. Log in to the CLI Manager on the Secondary ESA.
      2. Navigate to Administration > OS Console.
      3. Enter the root password.

    2. Stop the containers using the following commands.

      /etc/init.d/asrepository stop
/etc/init.d/asdashboards stop

    3. Remove the containers using the following commands.

      /etc/init.d/asrepository remove
/etc/init.d/asdashboards remove

    4. Start the containers using the following commands.

      /etc/init.d/asrepository start
/etc/init.d/asdashboards start

  3. Rotate the Audit Store certificates on the Secondary ESA. Perform the steps on the Secondary ESA using the IP address of the Primary ESA, which is the Lead node, for rotating the certificates.

    For the steps to rotate Audit Store certificates, refer here.

  4. Update the unicast_hosts.txt file for the Audit Store configuration.

    1. Open the OS Console on the Primary ESA.

    2. Navigate to the /opt/protegrity/auditstore/config directory using the following command.

      cd /opt/protegrity/auditstore/config

    3. Open the unicast_hosts.txt file using a text editor.

    4. Locate and update the host name and domain name.

      protegrity-esa456
protegrity-esa456.protegrity.com

    5. Save and close the file.

  5. Monitor the cluster status.

    1. Log in to the Web UI of the Primary ESA.

    2. Navigate to Audit Store > Cluster Management.

    3. Wait till the following updates are visible on the Overview page.

      • The IP address of the Secondary ESA is updated.
      • All the nodes are visible in the cluster.
      • The health of the cluster is green.

      Monitor the log files for any errors by logging into the ESA Web UI, navigating to Logs > Appliance, and selecting the following files from the Enterprise-Security-Administrator - Event Logs list:

      • insight_analytics
      • asmanagement
      • asrepository
Last modified February 7, 2025