User Guide

NetEye Additional Components Installation

NetEye Core is the set of most commonly used functionalities offered by the platform, including monitoring, visualization (with dashboards and maps), configuration, reporting, and event handling.

The NetEye modular architecture supports the installation of additional Modules that extend the NetEye Core functionalities. This separation allows to customize NetEye in order to address specific customer needs.

Additional NetEye Components

Additional NetEye Components are organized in these categories:

(NetEye) Feature Modules

Fully fledged modules, whose functionalities are well defined and established. A Feature Module corresponds to a yum group which contains all the required packages to make the module working.

Preview Software

Not yet mature NetEye Modules which provide a set of functionalities that can change in the future; they might be installed to try new software that will be later become part of the official NetEye platform.

Beta Software

Applications that belong to a NetEye Module, which have not yet reached the level of stability of NetEye Modules. They are suitable for early adopters to test latest functionalities but it is not suggested to install them on production environment. Unlike Feature Modules and Preview Software, Beta Software usually is not a full module but a subset of packages of an existing module.

Feature Modules, Preview Software, and Beta Software belong to different repositories–neteye, neteye-extras, and neteye-beta respectively–and can be installed from the command line. Since the procedure is different for Single Nodes and Cluster, check the advices in Safe Command Execution then follow the procedure for either a Single Node or Cluster Node.

NetEye Feature Modules

Each NetEye Feature Module can be purchased separately from NetEye Core and adds a specific set of features. In some cases, the Feature Module contains Open Source, GPL-licensed software. In this cases, the software can be used even after the paid subscription has expired or can even be installed independently. However, the software is considered as a customisation and is entirely not supported.

All NetEye Feature Modules belong to the neteye repository.

Module

Requires

Yum group name

Asset

NetEye Core

neteye-asset

Command Orchestrator

NetEye Core

neteye-cmd

ntopng

NetEye Core

neteye-ntopng

SIEM

NetEye Core

neteye-siem

SLM

NetEye Core

neteye-slm

Tools

NetEye Core

neteye-tools

vSphereDB

NetEye Core

neteye-vmd

Alyvix

NetEye Core

neteye-alyvix

Preview Software

Modules of this type can be installed whenever desired, and reside in the neteye-extras repository. Currently, this repository contains these modules.

Module

Requires

Yum group name

Elastic Agent

SIEM

elastic-agent

Beta Software

Beta software resides in the neteye-beta repository. Unlike other NetEye repositories, this repository may include multiple and unrelated packages, and possibly multiple versions of a same package. It is therefore possible to install even a single package from this repository; the following command lists all packages available there and allows to check which one to install.

neteye# dnf list available --disablerepo=* --enablerepo=neteye-beta

The output to this command contains a list of packages and their version, for example:

monitoring-plugins-debuginfo.x86_64    2.3.1_neteye1.2.0-1    neteye-beta

Here, monitoring-plugins-debuginfo is the {package_name} of the package and 2.3.1_neteye1.2.0-1 its {version}. Both data are required if you want to install a specific version of a package.

Single Node

To install additional NetEye components, you need to run different commands depending on the type of the component.

NetEye Module

Take the appropriate Yum group name from the NetEye Modules table and run:

neteye# dnf -y groupinstall {yum-group-name} --enablerepo=neteye

Preview Software

Take the appropriate Yum group name from the Preview Software table and run:

neteye# dnf -y groupinstall {yum-group-name} --enablerepo=neteye --enablerepo=neteye-extras

Beta Software

Before installing packages from the neteye-beta repository, it is required to enable it with command

neteye# dnf -y install neteye-testing --enablerepo=neteye

Next, find the package name using the command shown in Section Beta Software, then issue the following command to install it.

neteye# dnf -y install {package_name}-{version} --enablerepo=neteye-beta

Once done, please follow the procedure needed to update a NetEye single instance, then the directions on section Accessing the New Module, to complete the overall installation.

Cluster Node

Installing a NetEye Components in a Cluster environment requires some more effort than in a Single Node.

First of all, installation must be carried out on every node of the cluster with the same commands described in the previous section. So, the command(s):

cluster# dnf -y groupinstall {yum-group-name} --enablerepo=neteye
cluster# dnf -y groupinstall {yum-group-name} --enablerepo=neteye --enablerepo=neteye-extras
cluster# dnf -y install {package_name} --enablerepo=neteye-beta

must be run on each node of the cluster. Then, after the successful yum installation, these additional steps are needed:

  1. Look for the template file having filepath with pattern /usr/share/neteye/cluster/templates/Services-{name}-*.conf.tpl where {name} is the name of the NetEye Component you are installing, and the * is a wildcard for any string. If any such file does not exist, skip the following steps and go to the next section.

  2. If, on the contrary, any such file exists, adapt it to the settings of your cluster, and save it to a file with the same name without the .tpl suffix.

  3. Now, for each file saved in the previous step, create the cluster resource by executing the following command on one of the nodes of the cluster (replace {name} with the name of the NetEye Component you are installing, and the * with the string that completes the actual filename):

    # /usr/share/neteye/scripts/cluster/cluster_service_setup.pl -c /usr/share/neteye/cluster/templates/Services-{name}-*.conf``
    

When the execution of the script above has finished, please perform the steps described the procedure to Update a NetEye Cluster and, to complete the overall installation, please follow the directions on section Accessing the New Module.

Verify if a module is running correctly

After installing a NetEye Component, you need to make sure that all services are running.

The commands to be used differ on a Single Node and on a Cluster Installation.

Verify Installation on NetEye Single Node

The neteye status command outputs a list of the status of all NetEye services, similar to the following snippet:

DOWN [3] elastic-blockchain-proxy.service
DOWN [3] elasticsearch.service
DOWN [3] eventhandlerd.service
UP   [0] filebeat.service
UP   [0] grafana-server.service
UP   [0] httpd.service
DOWN [3] icinga2-master.service
UP   [0] influxdb.service
DOWN [3] kibana-logmanager.service
DOWN [0] lampod.service
UP   [0] logstash.service
UP   [0] mariadb.service
DOWN [3] nats-server.service
UP   [0] neteye-agent.service
UP   [0] nginx.service
UP   [0] nprobe.service
UP   [0] ntopng.service
UP   [0] redis.service
UP   [0] rh-php73-php-fpm.service
UP   [0] rsyslog-logmanager.service
UP   [0] slmd.service
UP   [0] smsd.service
UP   [0] snmptrapd.service
UP   [0] tornado.service
DOWN [3] tornado_email_collector.service
DOWN [0] tornado_icinga2_collector.service
DOWN [3] tornado_nats_json_collector.service
DOWN [3] tornado_webhook_collector.service

Note

Output may vary, depending on both installed modules and running services.

Suppose you have just install Tornado and all its collectors: they should be running, but are marked as DOWN. This means that something has gone wrong and you need to understand why. You can therefore check the dedicated troubleshooting section for directions.

Verify Installation on NetEye Cluster

On a cluster it is necessary to differentiate between clustered and non clustered services: Non clustered services, which for example include Elasticsearch, follow the same approach shown in the previous section and in case of issues, can be inspected with the same commands mentioned in the corresponding troubleshooting section.

Clustered services, on the contrary, require a different approach. Indeed, the neteye status, neteye start, and neteye stop commands can not be used, because they are not available on cluster.

Note

Clustered services are referred to as Resources. For example, a Tornado instance running on a NetEye single installation is a service, while a Tornado instance running on a NetEye cluster is a resource.

Therefore, to verify if resources are correctly running, use the pcs status command, which outputs the status of the cluster and all the resources, similarly to the following excerpt.

Cluster name: NetEye
Stack: corosync
Current DC: neteye01.local (version 1.1.23-1.el7_9.1-9acf116022) - partition with quorum
Last updated: Wed Jul 28 09:47:52 2021
Last change: Tue Jul 27 15:04:36 2021 by root via cibadmin on neteye02.local
2 nodes configured
74 resource instances configured
Online: [ neteye01.local neteye02.local ]
Full list of resources:
 cluster_ip    (ocf::heartbeat:IPaddr2):    Started neteye02.local
 Resource Group: tornado_rsyslog_collector_group
     tornado_rsyslog_collector_drbd_fs    (ocf::heartbeat:Filesystem):    Started neteye02.local
 Resource Group: tornado_group

In case a resource is not starting correctly, it will be listed at the end of the output (see snippet below) as Failed. You need to understand why it is not running: the dedicated cluster troubleshooting section features options that you can apply to find the root cause of the problem.

Failed Resource Actions:
* tornado_email_collector_monitor_30000 on neteye02.local 'not running' (7): call=414, status=complete, exitreason='',
    last-rc-change='Wed Jul 28 09:57:21 2021', queued=0ms, exec=0ms

Accessing the New Module

If the procedure you followed above was successful, you can now access the new module with these steps:

  • Refresh your browser window. This will ensure that the new module appears in the NetEye menu and all Javascript and CSS is reloaded properly.

  • Log out of NetEye and then log back in so that any permissions or roles required by the new module will take effect.