Blogs

FAQ: Log Collector Deployment

By Erdem posted 06-07-2016 07:13

  

This article lists some of the commonly seen issues you may see while configuring and using Log Collector with Security Director 15.2R.

 

  • To identify Log Collector issues, run the healthcheck script.

            [root@LOG-COLLECTOR ~]# healthcheckOSLC
            --pre checks in progress--
            ........

  • While deploying the Log Collector VM, ensure that networking information is not provided under the 'Networking Properties' page of the wizard.
    Instead, use the setup script that is shown to you when you login to the console after deployment of the Log Collector VM.
  • After the 15.2R Log Collector VM is configured with the setup script, it should configure only the eth0 interface. If DHCP is enabled on your network,  eth1 will also get an IP address, and the eth1 interface might be used for the default route.

    Verify that eth0 is used as default route.

         [root@LOG-COLLECTOR ~]# route
         Kernel IP routing table
        Destination Gateway Genmask Flags Metric Ref Use Iface
         ...
        default 10.207.99.254 0.0.0.0 UG 0 0 0 eth0

 

      If eth0 is not the default route, disable or remove the second NIC and run the setup script again.

 

  • Verify the settings below. These issues are only seen in Security Director 15.2R1.
      1) Check that the correct IP address is present in the whitelist section in /etc/elasticsearch/elasticsearch.yml file.

             [root@LOG-COLLECTOR ~]# grep ipwhitelist /etc/elasticsearch/elasticsearch.yml
             http.basic.ipwhitelist: [ "localhost", "127.0.0.1", "10.207.98.99" ]
             [root@LOG-COLLECTOR ~]#

            The second IP address listed should match the IP address of the eth0 interface.

 

        2)  Verify the IP address in the /etc/hosts file.
              [root@LOG-COLLECTOR ~]# cat /etc/hosts
             10.207.98.99 LOG-COLLECTOR localhost.localdom localhost
             127.0.0.1 localhost.localdom localhost

 

             The IP address on first line should match the IP address of the eth0 interface.

  

  • Check Logging related statistics under
       - Administration->Logging Management->Logging Nodes
       - Administration->Logging Management->Statistics & Troubleshooting

#FAQ