User Guide

NetEye Additional Components Installation

NetEye Core is the set of most commonly used functionalities offered by the platform, including monitoring, visualization (with dashboards and maps), configuration, reporting, and event handling.

The NetEye modular architecture supports the installation of additional Modules that extend the NetEye Core functionalities. This separation allows to customize NetEye in order to address specific customer needs.

Additional NetEye Components

Additional NetEye Components are organized in the following categories:

(NetEye) Feature Modules

Fully fledged modules, whose functionalities are well defined and established. A Feature Module corresponds to a yum group which contains all the required packages to make the module working.

Preview Software

Not yet mature NetEye Modules which provide a set of functionalities that can change in the future; they might be installed to try new software that will be later become part of the official NetEye platform.

Beta Software

Applications that belong to a NetEye Module, which have not yet reached the level of stability of NetEye Modules. They are suitable for early adopters to test latest functionalities but it is not suggested to install them on production environment. Unlike Feature Modules and Preview Software, Beta Software usually is not a full module but a subset of packages of an existing module.

Feature Modules, Preview Software, and Beta Software belong to different repositories–neteye, neteye-extras, and neteye-beta respectively–and can be installed from the command line. Since the procedure is different for Single Nodes and Cluster, check the advices in Safe Command Execution then follow the procedure for either a Single Node or Cluster Node.

NetEye Feature Modules

Each NetEye Feature Module can be purchased separately from NetEye Core and adds a specific set of features. In some cases, the Feature Module contains Open Source, GPL-licensed software. In this cases, the software can be used even after the paid subscription has expired or can even be installed independently. However, the software is considered as a customisation and is entirely not supported.

All NetEye Feature Modules belong to the neteye repository.

Module

Requires

Yum group name

Alyvix

NetEye Core

neteye-alyvix

Asset

NetEye Core

neteye-asset

Command Orchestrator

NetEye Core

neteye-cmd

Log management

NetEye Core

neteye-logmanagement

ntopng

NetEye Core

neteye-ntopng

SIEM

NetEye Core

neteye-siem

SLM

NetEye Core

neteye-slm

Tools

NetEye Core

neteye-tools

vSphereDB

NetEye Core

neteye-vmd

Note

Please remember that, due to the possibly large amount of space required by Elasticsearch, it is strongly recommended to create a logical volume dedicated to it when installing the SIEM Feature Module.

NetEye Feature Modules Licenses

As an Elastic OEM partner, Würth Phoenix provides the Elastic license with the NetEye SIEM Feature Module. The license provides a fully functional Elastic Stack, with all features of the Platinum subscription, covering also, for example APM functionalities. Although the Elastic Stack Platinum license is the default option, it is possible to upgrade the license plan to the Enterprise subscription using the dedicated command.

Beta Software

Beta software resides in the neteye-beta repository. Unlike other NetEye repositories, this repository may include multiple and unrelated packages, and possibly multiple versions of a same package. It is therefore possible to install even a single package from this repository; the following command lists all packages available there and allows to check which one to install.

neteye# dnf list available --disablerepo=* --enablerepo=neteye-beta

The output to this command contains a list of packages and their version, for example:

monitoring-plugins-debuginfo.x86_64    2.3.1_neteye1.2.0-1    neteye-beta

Here, monitoring-plugins-debuginfo is the {package_name} of the package and 2.3.1_neteye1.2.0-1 its {version}. Both data are required if you want to install a specific version of a package.

Single Node

The procedure to install additional NetEye components is divided into three steps, the second of which requires to run different commands depending on the type of the component.

  1. The first step is to update the NetEye single instance, during which all bug-fixes are installed and the list of packages updated.

  2. Then, install the NetEye Component. Depending on the type of component, use one of the following commands.

    • NetEye Module

      Take the appropriate Yum group name from the NetEye Modules table and run:

      neteye# dnf -y groupinstall {yum-group-name} --enablerepo=neteye
      
    • Beta Software

      Before installing packages from the neteye-beta repository, it is required to enable it with command

      neteye# dnf -y install neteye-testing --enablerepo=neteye
      

      Next, find the package name using the command shown in Section Beta Software, then issue the following command to install it.

      neteye# dnf -y install {package_name}-{version} --enablerepo=neteye-beta
      
  3. As last step, run neteye install

Once done, please follow the directions given in section Accessing the New Module, to complete the overall installation.

Cluster Node

The procedure to install a NetEye Component on a Cluster is slight more complex, and requires some more effort than in a Single Node. The steps are the following.

  1. Like in the case of the Single Node, the first task to carry out is to Update a NetEye Cluster.

  2. Install the NetEye Component on every node of the cluster, using the same commands described in the previous section, depending on the type of the NetEye Component to install.

  3. Look for the template file having filepath with pattern /usr/share/neteye/cluster/templates/Services-{name}-*.conf.tpl where {name} is the name of the NetEye Component you are installing, and the * is a wildcard for any string. If any such file does not exist, skip the following steps and go to the next section.

    If, on the contrary, any such file exists, adapt it to the settings of your cluster, and save it to a file with the same name without the .tpl suffix.

  4. Now, for each file saved in the previous step, create the cluster resource by executing the following command on one of the nodes of the cluster

    Hint

    Replace {name} with the name of the NetEye Component you are installing, and the * with the string that completes the actual filename.

    cluster# /usr/share/neteye/scripts/cluster/cluster_service_setup.pl \
             -c /usr/share/neteye/cluster/templates/Services-{name}-*.conf
    
  5. Execute the neteye installation script once on any cluster node:

    cluster# neteye install
    

Satellites Nodes only

In order to install additional components on NetEye Satellites, the NetEye component should be correctly installed on the Master following the Single Node or Cluster Node installation depending on your configuration.

Single Tenant

In a non-multitenant environment, all the installed NetEye components are already enabled. In order to apply them on a Satellite follow the Configuration of a Satellite that will guide you trough the configuration or update of all satellites present in your system.

Multi Tenant

In order to install additional NetEye components on satellites in a multi tenancy environment, the following steps should be performed:

  • Enable the NetEye component for the desired Tenant using the --enable-module parameter of the neteye tenant config command. See neteye tenant for more informations.

  • Create or update the Satellites of that tenant in order to install the new activated NetEye component. Follow the Configuration of a Satellite section for more detailed information.

Verify if a module is running correctly

After installing a NetEye Component, you need to make sure that all services are running.

The commands to be used differ on a Single Node and on a Cluster Installation.

Verify Installation on NetEye Single Node

The neteye status command outputs a list of the status of all NetEye services, similar to the following snippet:

DOWN [3] elastic-blockchain-proxy.service
DOWN [3] elasticsearch.service
UP   [0] filebeat.service
UP   [0] grafana-server.service
UP   [0] httpd.service
DOWN [3] icinga2-master.service
UP   [0] influxdb.service
DOWN [3] kibana-logmanager.service
DOWN [0] lampod.service
UP   [0] logstash.service
UP   [0] mariadb.service
DOWN [3] nats-server.service
UP   [0] neteye-agent.service
UP   [0] nginx.service
UP   [0] nprobe.service
UP   [0] ntopng.service
UP   [0] redis.service
UP   [0] rh-php73-php-fpm.service
UP   [0] rsyslog-logmanager.service
UP   [0] slmd.service
UP   [0] smsd.service
UP   [0] snmptrapd.service
UP   [0] tornado.service
DOWN [3] tornado_email_collector.service
DOWN [0] tornado_icinga2_collector.service
DOWN [3] tornado_nats_json_collector.service
DOWN [3] tornado_webhook_collector.service

Note

Output may vary, depending on both installed modules and running services.

Suppose you have just install Tornado and all its collectors: they should be running, but are marked as DOWN. This means that something has gone wrong and you need to understand why. You can therefore check the dedicated troubleshooting section for directions.

Verify Installation on NetEye Cluster

On a cluster it is necessary to differentiate between clustered and non clustered services: Non clustered services, which for example include Elasticsearch, follow the same approach shown in the previous section and in case of issues, can be inspected with the same commands mentioned in the corresponding troubleshooting section.

Clustered services, on the contrary, require a different approach. Indeed, the neteye status, neteye start, and neteye stop commands can not be used, because they are not available on cluster.

Note

Clustered services are referred to as Resources. For example, a Tornado instance running on a NetEye single installation is a service, while a Tornado instance running on a NetEye cluster is a resource.

Therefore, to verify if resources are correctly running, use the pcs status command, which outputs the status of the cluster and all the resources, similarly to the following excerpt.

Cluster name: NetEye
Stack: corosync
Current DC: neteye01.local (version 1.1.23-1.el7_9.1-9acf116022) - partition with quorum
Last updated: Wed Jul 28 09:47:52 2021
Last change: Tue Jul 27 15:04:36 2021 by root via cibadmin on neteye02.local
2 nodes configured
74 resource instances configured
Online: [ neteye01.local neteye02.local ]
Full list of resources:
 cluster_ip    (ocf::heartbeat:IPaddr2):    Started neteye02.local
 Resource Group: tornado_rsyslog_collector_group
     tornado_rsyslog_collector_drbd_fs    (ocf::heartbeat:Filesystem):    Started neteye02.local
 Resource Group: tornado_group

In case a resource is not starting correctly, it will be listed at the end of the output (see snippet below) as Failed. You need to understand why it is not running: the dedicated cluster troubleshooting section features options that you can apply to find the root cause of the problem.

Failed Resource Actions:
* tornado_email_collector_monitor_30000 on neteye02.local 'not running' (7): call=414, status=complete, exitreason='',
    last-rc-change='Wed Jul 28 09:57:21 2021', queued=0ms, exec=0ms

Accessing the New Module

If the procedure you followed above was successful, you can now access the new module with these steps:

  • Refresh your browser window. This will ensure that the new module appears in the NetEye menu and all Javascript and CSS is reloaded properly.

  • Log out of NetEye and then log back in so that any permissions or roles required by the new module will take effect.