This article lists some of the commonly seen issues you may see while configuring and using Log Collector with Security Director 15.2R.
[root@LOG-COLLECTOR ~]# healthcheckOSLC --pre checks in progress-- ........
[root@LOG-COLLECTOR ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface ... default 10.207.99.254 0.0.0.0 UG 0 0 0 eth0
If eth0 is not the default route, disable or remove the second NIC and run the setup script again.
[root@LOG-COLLECTOR ~]# grep ipwhitelist /etc/elasticsearch/elasticsearch.yml http.basic.ipwhitelist: [ "localhost", "127.0.0.1", "10.207.98.99" ] [root@LOG-COLLECTOR ~]# The second IP address listed should match the IP address of the eth0 interface.
2) Verify the IP address in the /etc/hosts file. [root@LOG-COLLECTOR ~]# cat /etc/hosts 10.207.98.99 LOG-COLLECTOR localhost.localdom localhost 127.0.0.1 localhost.localdom localhost
The IP address on first line should match the IP address of the eth0 interface.
We are trying to upgrade Log director from 16.1R1 to 17.2R1. The upgrade path we followed is the following:
step 1: from 16.1R1 to 17.1R2 We downloaded the script "Log-Collector-Upgrade-17.1R2.38.sh", copied it to the /root directory,changed it to executable and launched the upgrade as decsribed in the upgrade guide. In this phase we noticed that elasticsearch cannot be found. However, the upgrade completed.
step2: from 17.1R2 to 17.2R1 We downloaded the script "Log-Collector_Upgrade-17.2R1.11.sh", copied it to the /root directory, changed to executable and finally launched the upgrade as described in the guide. Also in this phase elastic search cannot be found and the upgrade completed.
Here is relevant terminal output regarding elasticsearch:
"/bin/cp: cannot stat `/etc/elasticsearch/elasticsearch.yml': No such file or directory"
"The elasticsearch startup script does not exists or it is not executable, tried: /usr/share/elasticsearch/bin/elasticsearch"
We also tried to check if services jingest and elasticsearch are running using the commands: "service jingest status" and "sudo service ingest status". Both services resulted shutdown. we started them using the commands "sudo service jingest start" and "sudo service elasticsearch start". Jingest start successfully, while we get the following output regarding elastic search:
Please not that we already upgraded junos spac(new version 17.2R1.4) and junos security director (new version 17.2R1.10) successfully. Currently, the junos log director shows version 17.2R1.10 under administration->application tabs in junos space platform. and results in "down" status under administration->fabric tabs
What can we do to solve the problem?
Thank you so much for your help
it's empty, just display: "EPS Trend"