NetEye Additional Components Installation¶
NetEye Core is the set of most commonly used functionalities offered by the platform, including monitoring, visualization (with dashboards and maps), configuration, reporting, and event handling.
The NetEye modular architecture supports the installation of additional Modules that extend the NetEye Core functionalities. This separation allows to customize NetEye in order to address specific customer needs.
Additional NetEye Components¶
Additional NetEye Components are organized in these categories:
- (NetEye) Feature Modules
Fully fledged modules, whose functionalities are well defined and established. A Feature Module corresponds to a yum group which contains all the required packages to make the module working.
- Preview Software
Not yet mature NetEye Modules which provide a set of functionalities that can change in the future; they might be installed to try new software that will be later become part of the official NetEye platform.
- Beta Software
Applications that belong to a NetEye Module, which have not yet reached the level of stability of NetEye Modules. They are suitable for early adopters to test latest functionalities but it is not suggested to install them on production environment. Unlike Feature Modules and Preview Software, Beta Software usually is not a full module but a subset of packages of an existing module.
Feature Modules, Preview Software, and Beta Software belong to
different repositories–neteye
, neteye-extras
, and
neteye-beta
respectively–and can be installed from the command
line. Since the procedure is different for Single Nodes and Cluster,
check the advices in Safe Command Execution then follow the
procedure for either a Single Node or
Cluster Node.
NetEye Feature Modules¶
Each NetEye Feature Module can be purchased separately from NetEye Core and adds a specific set of features. In some cases, the Feature Module contains Open Source, GPL-licensed software. In this cases, the software can be used even after the paid subscription has expired or can even be installed independently. However, the software is considered as a customisation and is entirely not supported.
All NetEye Feature Modules belong to the neteye
repository.
Module |
Requires |
Yum group name |
---|---|---|
Asset |
NetEye Core |
neteye-asset |
Command Orchestrator |
NetEye Core |
neteye-cmd |
ntopng |
NetEye Core |
neteye-ntopng |
SIEM |
NetEye Core |
neteye-siem |
SLM |
NetEye Core |
neteye-slm |
Tools |
NetEye Core |
neteye-tools |
vSphereDB |
NetEye Core |
neteye-vmd |
Alyvix |
NetEye Core |
neteye-alyvix |
Preview Software¶
Modules of this type can be installed whenever desired, and reside in
the neteye-extras
repository. Currently, this repository contains
these modules.
Module |
Requires |
Yum group name |
---|---|---|
Elastic Agent |
SIEM |
elastic-agent |
Beta Software¶
Beta software resides in the neteye-beta
repository. Unlike other
NetEye repositories, this repository may include multiple and
unrelated packages, and possibly multiple versions of a same
package. It is therefore possible to install even a single package
from this repository; the following command lists all packages
available there and allows to check which one to install.
neteye# dnf list available --disablerepo=* --enablerepo=neteye-beta
The output to this command contains a list of packages and their version, for example:
monitoring-plugins-debuginfo.x86_64 2.3.1_neteye1.2.0-1 neteye-beta
Here, monitoring-plugins-debuginfo is the {package_name} of the package and 2.3.1_neteye1.2.0-1 its {version}. Both data are required if you want to install a specific version of a package.
Single Node¶
To install additional NetEye components, you need to run different commands depending on the type of the component.
NetEye Module
Take the appropriate Yum group name from the NetEye Modules table and run:
neteye# dnf -y groupinstall {yum-group-name} --enablerepo=neteye
Preview Software
Take the appropriate Yum group name from the Preview Software table and run:
neteye# dnf -y groupinstall {yum-group-name} --enablerepo=neteye --enablerepo=neteye-extras
Beta Software
Before installing packages from the neteye-beta repository, it is required to enable it with command
neteye# dnf -y install neteye-testing --enablerepo=neteye
Next, find the package name using the command shown in Section Beta Software, then issue the following command to install it.
neteye# dnf -y install {package_name}-{version} --enablerepo=neteye-beta
Once done, please follow the procedure needed to update a NetEye single instance, then the directions on section Accessing the New Module, to complete the overall installation.
Cluster Node¶
Installing a NetEye Components in a Cluster environment requires some more effort than in a Single Node.
First of all, installation must be carried out on every node of the cluster with the same commands described in the previous section. So, the command(s):
cluster# dnf -y groupinstall {yum-group-name} --enablerepo=neteye
cluster# dnf -y groupinstall {yum-group-name} --enablerepo=neteye --enablerepo=neteye-extras
cluster# dnf -y install {package_name} --enablerepo=neteye-beta
must be run on each node of the cluster. Then, after the
successful yum
installation, these additional steps are needed:
Look for the template file having filepath with pattern
/usr/share/neteye/cluster/templates/Services-{name}-*.conf.tpl
where{name}
is the name of the NetEye Component you are installing, and the*
is a wildcard for any string. If any such file does not exist, skip the following steps and go to the next section.If, on the contrary, any such file exists, adapt it to the settings of your cluster, and save it to a file with the same name without the
.tpl
suffix.Now, for each file saved in the previous step, create the cluster resource by executing the following command on one of the nodes of the cluster (replace
{name}
with the name of the NetEye Component you are installing, and the*
with the string that completes the actual filename):# /usr/share/neteye/scripts/cluster/cluster_service_setup.pl -c /usr/share/neteye/cluster/templates/Services-{name}-*.conf``
When the execution of the script above has finished, please perform the steps described the procedure to Update a NetEye Cluster and, to complete the overall installation, please follow the directions on section Accessing the New Module.
Verify if a module is running correctly¶
After installing a NetEye Component, you need to make sure that all services are running.
The commands to be used differ on a Single Node and on a Cluster Installation.
Verify Installation on NetEye Single Node¶
The neteye status command outputs a list of the status of all NetEye services, similar to the following snippet:
DOWN [3] elastic-blockchain-proxy.service
DOWN [3] elasticsearch.service
DOWN [3] eventhandlerd.service
UP [0] filebeat.service
UP [0] grafana-server.service
UP [0] httpd.service
DOWN [3] icinga2-master.service
UP [0] influxdb.service
DOWN [3] kibana-logmanager.service
DOWN [0] lampod.service
UP [0] logstash.service
UP [0] mariadb.service
DOWN [3] nats-server.service
UP [0] neteye-agent.service
UP [0] nginx.service
UP [0] nprobe.service
UP [0] ntopng.service
UP [0] redis.service
UP [0] rh-php73-php-fpm.service
UP [0] rsyslog-logmanager.service
UP [0] slmd.service
UP [0] smsd.service
UP [0] snmptrapd.service
UP [0] tornado.service
DOWN [3] tornado_email_collector.service
DOWN [0] tornado_icinga2_collector.service
DOWN [3] tornado_nats_json_collector.service
DOWN [3] tornado_webhook_collector.service
Note
Output may vary, depending on both installed modules and running services.
Suppose you have just install Tornado and all its collectors: they
should be running, but are marked as DOWN
. This means that
something has gone wrong and you need to understand why. You can
therefore check the dedicated troubleshooting section for directions.
Verify Installation on NetEye Cluster¶
On a cluster it is necessary to differentiate between clustered and non clustered services: Non clustered services, which for example include Elasticsearch, follow the same approach shown in the previous section and in case of issues, can be inspected with the same commands mentioned in the corresponding troubleshooting section.
Clustered services, on the contrary, require a different approach. Indeed, the neteye status, neteye start, and neteye stop commands can not be used, because they are not available on cluster.
Note
Clustered services are referred to as Resources. For example, a Tornado instance running on a NetEye single installation is a service, while a Tornado instance running on a NetEye cluster is a resource.
Therefore, to verify if resources are correctly running, use the pcs status command, which outputs the status of the cluster and all the resources, similarly to the following excerpt.
Cluster name: NetEye
Stack: corosync
Current DC: neteye01.local (version 1.1.23-1.el7_9.1-9acf116022) - partition with quorum
Last updated: Wed Jul 28 09:47:52 2021
Last change: Tue Jul 27 15:04:36 2021 by root via cibadmin on neteye02.local
2 nodes configured
74 resource instances configured
Online: [ neteye01.local neteye02.local ]
Full list of resources:
cluster_ip (ocf::heartbeat:IPaddr2): Started neteye02.local
Resource Group: tornado_rsyslog_collector_group
tornado_rsyslog_collector_drbd_fs (ocf::heartbeat:Filesystem): Started neteye02.local
Resource Group: tornado_group
In case a resource is not starting correctly, it will be listed at the end of the output (see snippet below) as Failed. You need to understand why it is not running: the dedicated cluster troubleshooting section features options that you can apply to find the root cause of the problem.
Failed Resource Actions:
* tornado_email_collector_monitor_30000 on neteye02.local 'not running' (7): call=414, status=complete, exitreason='',
last-rc-change='Wed Jul 28 09:57:21 2021', queued=0ms, exec=0ms
Accessing the New Module¶
If the procedure you followed above was successful, you can now access the new module with these steps:
Refresh your browser window. This will ensure that the new module appears in the NetEye menu and all Javascript and CSS is reloaded properly.
Log out of NetEye and then log back in so that any permissions or roles required by the new module will take effect.