Network Management
Network Management

FAQ: Log Collector Deployment

by Juniper Employee on ‎06-07-2016 07:13 AM - edited on ‎10-06-2017 04:50 PM by Administrator Administrator (6,523 Views)

This article lists some of the commonly seen issues you may see while configuring and using Log Collector with Security Director 15.2R.

 

  • To identify Log Collector issues, run the healthcheck script.

            [root@LOG-COLLECTOR ~]# healthcheckOSLC
            --pre checks in progress--
            ........

  • While deploying the Log Collector VM, ensure that networking information is not provided under the 'Networking Properties' page of the wizard.
    Instead, use the setup script that is shown to you when you login to the console after deployment of the Log Collector VM.
  • After the 15.2R Log Collector VM is configured with the setup script, it should configure only the eth0 interface. If DHCP is enabled on your network,  eth1 will also get an IP address, and the eth1 interface might be used for the default route.

    Verify that eth0 is used as default route.

         [root@LOG-COLLECTOR ~]# route
         Kernel IP routing table
        Destination Gateway Genmask Flags Metric Ref Use Iface
         ...
        default 10.207.99.254 0.0.0.0 UG 0 0 0 eth0

 

      If eth0 is not the default route, disable or remove the second NIC and run the setup script again.

 

  • Verify the settings below. These issues are only seen in Security Director 15.2R1.
      1) Check that the correct IP address is present in the whitelist section in /etc/elasticsearch/elasticsearch.yml file.

             [root@LOG-COLLECTOR ~]# grep ipwhitelist /etc/elasticsearch/elasticsearch.yml
             http.basic.ipwhitelist: [ "localhost", "127.0.0.1", "10.207.98.99" ]
             [root@LOG-COLLECTOR ~]#

            The second IP address listed should match the IP address of the eth0 interface.

 

        2)  Verify the IP address in the /etc/hosts file.
              [root@LOG-COLLECTOR ~]# cat /etc/hosts
             10.207.98.99 LOG-COLLECTOR localhost.localdom localhost
             127.0.0.1 localhost.localdom localhost

 

             The IP address on first line should match the IP address of the eth0 interface.

  

  • Check Logging related statistics under
       - Administration->Logging Management->Logging Nodes
       - Administration->Logging Management->Statistics & Troubleshooting
'
Comments
Jan 25, 2017
michael_pan
  • Check Logging related statistics under
       - Administration->Logging Management->Logging Nodes
       - Administration->Logging Management->Statistics & Troubleshooting

it's empty, just display: "EPS Trend"

 

Feb 6, 2018
a_hmaity

Hello,

We are trying to upgrade Log director from 16.1R1 to 17.2R1. The upgrade path we followed is the following:

step 1: from 16.1R1 to 17.1R2 
We downloaded the script "Log-Collector-Upgrade-17.1R2.38.sh", copied it to the /root directory,changed it to executable and launched the upgrade as decsribed in the upgrade guide. In this phase we noticed that elasticsearch cannot be found. However, the upgrade completed.

step2: from 17.1R2 to 17.2R1 
We downloaded the script "Log-Collector_Upgrade-17.2R1.11.sh", copied it to the /root directory, changed to executable and finally launched the upgrade as described in the guide. Also in this phase elastic search cannot be found and the upgrade completed.

Here is relevant terminal output regarding elasticsearch:

"/bin/cp: cannot stat `/etc/elasticsearch/elasticsearch.yml': No such file or directory"

"The elasticsearch startup script does not exists or it is not executable, tried: /usr/share/elasticsearch/bin/elasticsearch"

We also tried to check if services jingest and elasticsearch are running using the commands: 
"service jingest status" and "sudo service ingest status". Both services resulted shutdown. we started them using the commands "sudo service jingest start" and "sudo service elasticsearch start". Jingest start successfully, while we get the following output regarding elastic search:

"The elasticsearch startup script does not exists or it is not executable, tried: /usr/share/elasticsearch/bin/elasticsearch"

Please not that we already upgraded junos spac(new version 17.2R1.4) and junos security director (new version 17.2R1.10) successfully. 
Currently, the junos log director shows version 17.2R1.10 under administration->application tabs in junos space platform. and results in "down" status under administration->fabric tabs

What can we do to solve the problem?

Thank you so much for your help