NetEye Additional Components Installation¶
NetEye Core is the set of most commonly used functionalities offered by the platform, including monitoring, visualization (with dashboards and maps), configuration, reporting, and event handling.
The NetEye modular architecture supports the installation of additional Modules that extend the NetEye Core functionalities. This separation allows to customize NetEye in order to address specific customer needs.
Additional NetEye Components¶
Additional NetEye Components are organized in the following categories:
- (NetEye) Feature Modules
Fully fledged modules, whose functionalities are well defined and established. A Feature Module corresponds to a yum group which contains all the required packages to make the module working.
- Preview Software
Not yet mature NetEye Modules which provide a set of functionalities that can change in the future; they might be installed to try new software that will be later become part of the official NetEye platform.
- Beta Software
Applications that belong to a NetEye Module, which have not yet reached the level of stability of NetEye Modules. They are suitable for early adopters to test latest functionalities but it is not suggested to install them on production environment. Unlike Feature Modules and Preview Software, Beta Software usually is not a full module but a subset of packages of an existing module.
Feature Modules, Preview Software, and Beta Software belong to
different repositories–neteye
, neteye-extras
, and
neteye-beta
respectively–and can be installed from the command
line. Since the procedure is different for Single Nodes and Cluster,
check the advices in Safe Command Execution then follow the
procedure for either a Single Node or
Cluster Node.
NetEye Feature Modules¶
Each NetEye Feature Module can be purchased separately from NetEye Core and adds a specific set of features. In some cases, the Feature Module contains Open Source, GPL-licensed software. In this cases, the software can be used even after the paid subscription has expired or can even be installed independently. However, the software is considered as a customisation and is entirely not supported.
All NetEye Feature Modules belong to the neteye
repository.
Module |
Requires |
Yum group name |
---|---|---|
Alyvix |
NetEye Core |
neteye-alyvix |
Asset |
NetEye Core |
neteye-asset |
Command Orchestrator |
NetEye Core |
neteye-cmd |
Log management |
NetEye Core |
neteye-logmanagement |
ntopng |
NetEye Core |
neteye-ntopng |
SIEM |
NetEye Core |
neteye-siem |
SLM |
NetEye Core |
neteye-slm |
Tools |
NetEye Core |
neteye-tools |
vSphereDB |
NetEye Core |
neteye-vmd |
Note
Please remember that, due to the possibly large amount of space required by Elasticsearch, it is strongly recommended to create a logical volume dedicated to it when installing the SIEM Feature Module.
NetEye Feature Modules Licenses¶
As an Elastic OEM partner, Würth Phoenix provides the Elastic license with the NetEye SIEM Feature Module. The license provides a fully functional Elastic Stack, with all features of the Platinum subscription, covering also, for example APM functionalities. Although the Elastic Stack Platinum license is the default option, it is possible to upgrade the license plan to the Enterprise subscription using the dedicated command.
Beta Software¶
Beta software resides in the neteye-beta
repository. Unlike other
NetEye repositories, this repository may include multiple and
unrelated packages, and possibly multiple versions of a same
package. It is therefore possible to install even a single package
from this repository; the following command lists all packages
available there and allows to check which one to install.
neteye# dnf list available --disablerepo=* --enablerepo=neteye-beta
The output to this command contains a list of packages and their version, for example:
monitoring-plugins-debuginfo.x86_64 2.3.1_neteye1.2.0-1 neteye-beta
Here, monitoring-plugins-debuginfo is the {package_name} of the package and 2.3.1_neteye1.2.0-1 its {version}. Both data are required if you want to install a specific version of a package.
Single Node¶
The procedure to install additional NetEye components is divided into three steps, the second of which requires to run different commands depending on the type of the component.
The first step is to update the NetEye single instance, during which all bug-fixes are installed and the list of packages updated.
Then, install the NetEye Component. Depending on the type of component, use one of the following commands.
NetEye Module
Take the appropriate Yum group name from the NetEye Modules table and run:
neteye# dnf -y groupinstall {yum-group-name} --enablerepo=neteye
Beta Software
Before installing packages from the neteye-beta repository, it is required to enable it with command
neteye# dnf -y install neteye-testing --enablerepo=neteye
Next, find the package name using the command shown in Section Beta Software, then issue the following command to install it.
neteye# dnf -y install {package_name}-{version} --enablerepo=neteye-beta
As last step, run neteye install
Once done, please follow the directions given in section Accessing the New Module, to complete the overall installation.
Cluster Node¶
The procedure to install a NetEye Component on a Cluster is slight more complex, and requires some more effort than in a Single Node. The steps are the following.
Like in the case of the Single Node, the first task to carry out is to Update a NetEye Cluster.
Install the NetEye Component on every node of the cluster, using the same commands described in the previous section, depending on the type of the NetEye Component to install.
Look for the template file having filepath with pattern
/usr/share/neteye/cluster/templates/Services-{name}-*.conf.tpl
where{name}
is the name of the NetEye Component you are installing, and the*
is a wildcard for any string. If any such file does not exist, skip the following steps and go to the next section.If, on the contrary, any such file exists, adapt it to the settings of your cluster, and save it to a file with the same name without the
.tpl
suffix.Now, for each file saved in the previous step, create the cluster resource by executing the following command on one of the nodes of the cluster
Hint
Replace
{name}
with the name of the NetEye Component you are installing, and the*
with the string that completes the actual filename.cluster# /usr/share/neteye/scripts/cluster/cluster_service_setup.pl \ -c /usr/share/neteye/cluster/templates/Services-{name}-*.conf
Execute the neteye installation script once on any cluster node:
cluster# neteye install
Satellites Nodes only¶
In order to install additional components on NetEye Satellites, the NetEye component should be correctly installed on the Master following the Single Node or Cluster Node installation depending on your configuration.
Single Tenant¶
In a non-multitenant environment, all the installed NetEye components are already enabled. In order to apply them on a Satellite follow the Configuration of a Satellite that will guide you trough the configuration or update of all satellites present in your system.
Multi Tenant¶
In order to install additional NetEye components on satellites in a multi tenancy environment, the following steps should be performed:
Enable the NetEye component for the desired Tenant using the
--enable-module
parameter of theneteye tenant config
command. See neteye tenant for more informations.Create or update the Satellites of that tenant in order to install the new activated NetEye component. Follow the Configuration of a Satellite section for more detailed information.
Verify if a module is running correctly¶
After installing a NetEye Component, you need to make sure that all services are running.
The commands to be used differ on a Single Node and on a Cluster Installation.
Verify Installation on NetEye Single Node¶
The neteye status command outputs a list of the status of all NetEye services, similar to the following snippet:
DOWN [3] elastic-blockchain-proxy.service
DOWN [3] elasticsearch.service
UP [0] filebeat.service
UP [0] grafana-server.service
UP [0] httpd.service
DOWN [3] icinga2-master.service
UP [0] influxdb.service
DOWN [3] kibana-logmanager.service
DOWN [0] lampod.service
UP [0] logstash.service
UP [0] mariadb.service
DOWN [3] nats-server.service
UP [0] neteye-agent.service
UP [0] nginx.service
UP [0] nprobe.service
UP [0] ntopng.service
UP [0] redis.service
UP [0] rh-php73-php-fpm.service
UP [0] rsyslog-logmanager.service
UP [0] slmd.service
UP [0] smsd.service
UP [0] snmptrapd.service
UP [0] tornado.service
DOWN [3] tornado_email_collector.service
DOWN [0] tornado_icinga2_collector.service
DOWN [3] tornado_nats_json_collector.service
DOWN [3] tornado_webhook_collector.service
Note
Output may vary, depending on both installed modules and running services.
Suppose you have just install Tornado and all its collectors: they
should be running, but are marked as DOWN
. This means that
something has gone wrong and you need to understand why. You can
therefore check the dedicated troubleshooting section for directions.
Verify Installation on NetEye Cluster¶
On a cluster it is necessary to differentiate between clustered and non clustered services: Non clustered services, which for example include Elasticsearch, follow the same approach shown in the previous section and in case of issues, can be inspected with the same commands mentioned in the corresponding troubleshooting section.
Clustered services, on the contrary, require a different approach. Indeed, the neteye status, neteye start, and neteye stop commands can not be used, because they are not available on cluster.
Note
Clustered services are referred to as Resources. For example, a Tornado instance running on a NetEye single installation is a service, while a Tornado instance running on a NetEye cluster is a resource.
Therefore, to verify if resources are correctly running, use the pcs status command, which outputs the status of the cluster and all the resources, similarly to the following excerpt.
Cluster name: NetEye
Stack: corosync
Current DC: neteye01.local (version 1.1.23-1.el7_9.1-9acf116022) - partition with quorum
Last updated: Wed Jul 28 09:47:52 2021
Last change: Tue Jul 27 15:04:36 2021 by root via cibadmin on neteye02.local
2 nodes configured
74 resource instances configured
Online: [ neteye01.local neteye02.local ]
Full list of resources:
cluster_ip (ocf::heartbeat:IPaddr2): Started neteye02.local
Resource Group: tornado_rsyslog_collector_group
tornado_rsyslog_collector_drbd_fs (ocf::heartbeat:Filesystem): Started neteye02.local
Resource Group: tornado_group
In case a resource is not starting correctly, it will be listed at the end of the output (see snippet below) as Failed. You need to understand why it is not running: the dedicated cluster troubleshooting section features options that you can apply to find the root cause of the problem.
Failed Resource Actions:
* tornado_email_collector_monitor_30000 on neteye02.local 'not running' (7): call=414, status=complete, exitreason='',
last-rc-change='Wed Jul 28 09:57:21 2021', queued=0ms, exec=0ms
Accessing the New Module¶
If the procedure you followed above was successful, you can now access the new module with these steps:
Refresh your browser window. This will ensure that the new module appears in the NetEye menu and all Javascript and CSS is reloaded properly.
Log out of NetEye and then log back in so that any permissions or roles required by the new module will take effect.