CentOS relay installation

Context

  • Relay version 0.4
  • Environment:
    • Machine: Macbook Pro (10.11.6)
    • VirtualBox (5.1.6 r110634)
    • CentOS 7 (ISO)

You must use the ROOT user for the whole process:

$ su -
Put_Root_Password

Prerequisites (on a new CentOS installation)

Default CentOS 7 installation requires some modifications to configure and enable networks access.

  • Check Internet access from the CentOS Server. From a command line, run:

    $ ping www.google.com 
  • A normal response should be:

    $ 64 bytes from a23-195-55-163.deploy.static.akamaitechnologies.com (23.195.55.163): icmp_seq=1 ttl=54 time=52.7 ms
    ...
  • If Internet access does not work properly, the command returns:

    $ ping -c 3 www.apple.com
    ping: cannot resolve www.apple.com: Unknown host

If the CentOS machine cannot access Internet, you need to configure the network access:

  1. Configure Network (only required if the CentOS machine can not access the network)
  2. Locate and open the network file for editing:

    $ sudo vi /etc/sysconfig/network
  3. Add the following lines to the file to activate the network:

    ...
    NETWORKING=yes
    HOSTNAME=centos7
    GATEWAY=10.0.0.1
    ...
  4. Locate and open the resolv.conf file for editing:

    $ vi /etc/resolv.conf
  5. Add the following lines to the resolv.conf file to activate the network:

    ...
    nameserver 8.8.8.8
    nameserver 8.8.4.4
    ...
  6. Check the internet connexion ID and status:

    $ nmcli dev status
    DISPOSITIVO TIPO ESTADO CONEXIÓN
    enp0s3 ethernet conectado enp0s3
    lo loopback sin gestión -
  7. The file number may vary. Make sure you adapt the command line accordingly.
  8. Locate and open the ifcfg-enp0s3 file for editing:

    $ vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
  9. Add the following lines to the ifcfg-enp0s3 file to activate the network:

    ...
    BOOTPROTO=dhcp
    ...
    DNS1=8.8.8.8
    DNS2=8.8.4.4
    ONBOOT=yes
    ...
  10. Restart the service to implement the changes:

    $ systemctl restart network
  11. Update the system.

    Check with system administrator if this is a client machine.

    $ yum -y update
    $ yum -y upgrade
  12. Set the system date and time zone. This is done to avoid problems with the certificate date limit.

    ...
    timedatectl set-timezone Europe/Madrid
    ...

Dependencies

Install the following programs to proceed with the installation:

$ yum install dialog
$ yum install java
$ yum install wget

If any of these programs are already installed, you will be notified and you won't need to continue with the installation of the program.

Download the Devo relay

  1. Go to the temporary folder:

    $ mkdir /tmp/relay
    $ cd /tmp/relay
  2. Download the relay installation file from a terminal. Note that the exact name of the file may vary depending upon the product version.

    $ wget "http://repository.logtrust.net/packages/logtrust-relay.tar.gz"
  3. Check the downloaded file:

    $ ls -l logtrust-relay.tar.gz
    logtrust-relay.tar.gz
  4. Decompress the downloaded file:

    $ tar -zxvf logtrust-relay.tar.gz
  5. Move opt and etc folders to their final location:

    Check the folder structure carefully before moving the folders and files.

    $ cp -R /tmp/relay/logtrust-relay-0.4/opt/* /opt/
    $ cp -R /tmp/relay/logtrust-relay-0.4/etc/logtrust/* /etc/
  6. Check the directory structure to make sure all files were copied. See Example of the usual relay folder structure near the end of this article for an example of the directory structure.

Installing the Devo relay

  1. First, change the mode of the /opt/logtrust/relay/install.sh and /opt/logtrust/relay/lt-compress files.

    $ chmod 755 /opt/logtrust/relay/install.sh
    $ chmod 755 /etc/cron.d/lt-compress 

    The lt-compress file is sometimes referenced as being in the /opt/logtrust/relay/ folder. 

  2. Locate and launch the install script. Note that the folder name will change depending upon the Devo release number.

    $ cd /tmp/relay/logtrust-relay-0.4/
    $ ./postinstall.sh

An error may appear when you run this script if the Devo user or group already exists. If this happens, open the script and comment out the first lines that create the user, then run the script again. 

Reload the profile

$. /etc/profile
  1. Reboot the system to make sure all modifications take effect.

    % reboot -h now
  2. Check the environment parameters: 

    $ java -version
    openjdk version "1.8.0_102" OpenJDK Runtime Environment (build 1.8.0_102-b14) OpenJDK 64-Bit Server VM (build 25.102-b14, mixed mode)
    $ echo $SCOJA_HOME
    /opt/logtrust/scoja

If the information has not been actualized, you need to repeat the process.

Configure the Devo relay

Run the install script to launch the configuration process:

$ chmod 755 /opt/logtrust/relay/install.sh
$ ./opt/logtrust/relay/logtrust-relay-configure

Refer to the In-house relay software package article for details about the configuration options.

Activate the relay

  1. Go to Administration → Relays, select the newly created relay, click the ellipsis icon, and select Activate.
  2. Force the Devo server to download a new certificate:
    • Go to Administration → Relays and click on the relay name. The Rule window appears. 
    • Select the Force Generate New Certificate check box.
    • Click the Apply Configuration button.
  3. The new certificate will be downloaded to the server where the relay has been installed.

Reload the context

$ source /etc/profile$ ./etc/profile

Test the new relay

Once installed and activated, you can now test the relay. There are several actions you can take to make sure the relay is working as needed.

Test the basic login and data entry

Install the nc program that will be used to send events to the relay.

$ yum install nc

Once installed, you can use the nc command to test the relay:

  1. Send events to port 13000 (pure relay).
  2. Use the test.keep.free tag (test table).
$ for i in `seq 1 100`; do (echo "<14>Jan 1 00:00:00 xxx test.keep.free: evento de prueba $i"|nc localhost 13000); done

The events will appear in the Data Search area of Devo, under the test.keep.free tag. If the table is new, the results will take some time to appear.

Ensure that the Java process is running

  • Run the command below to produce a response that confirms if Java is running or not.

    $ ps auxwww|grep java|grep scoja|grep -v grep
  • This should return something similar to:

    root 18767 0.1 8.7 2630284 192772 pts/0 Sl sep26 0:16 java -server -Xms200M -Xmx200M -XX:+UseConcMarkSweepGC -classpath :/opt/logtrust/scoja/scoja.jar:/opt/logtrust/scoja/scoja-cc.jar:/opt/logtrust/scoja/scoja-compression.jar:/opt/logtrust/scoja/scoja-rpc.jar:/opt/logtrust/scoja/scoja-beep.jar:/opt/logtrust/scoja/jython.jar -Djava.library.path=/opt/logtrust/scoja -Dscoja.home=/opt/logtrust/scoja -Xms500M -Xmx500M org.scoja.server.Scoja -r 5s -G /etc/logtrust/scoja/current/all-me.conf -j /etc/logtrust/scoja/current/all-var.conf

Make sure the ports are open and listening

  • Run the following filtered netstat command:

    $ netstat -atun --program|grep `pgrep -f org.scoja.server.Scoja`| grep LISTEN
  • This should return the list of listening ports (12999 to 13002 and 5140):

    tcp6 0 0 :::13002 :::* LISTEN 11231/java tcp6 0 0 127.0.0.1:5140 :::* LISTEN 11231/java tcp6 0 0 :::13000 :::* LISTEN 11231/java tcp6 0 0 :::13001 :::* LISTEN 11231/java

Check the downloaded certificate

  • Check the key:

    $ ls -al /etc/logtrust/scoja/current/keys/
  • This should return:

    drwx------. 2 root root   36 sep 28 21:17 .
    drwxr-xr-x. 5 root root 4096 sep 28 21:17 ..
    -rw-r--r--. 1 root root 8049 sep 28 21:33 client.jks
    lrwxrwxrwx. 1 root root   43 sep 28 19:40 me.jks -> /etc/logtrust/scoja/current/keys/client.jks

 Check the relay logs

  • Check the relay tail log using this command: 

    $ tail /var/log/lt-relay.log
  • If the relay is working properly this command should returns:

    …
    2016-09-28 19:53:01.829299 [SUCCESS] No changes in the Relay Configuration
    2016-09-28 19:54:02.236072 [SUCCESS] No changes in the Relay Configuration
    2016-09-28 19:55:01.593954 [SUCCESS] No changes in the Relay Configuration

Common problems

Error Problem and solution
2016-01-28 10:16:01.374445 [ERROR] Property 'api.key' not found in conf file.

The API key was not correctly defined.

Run the configuration process again and enter the API key. Open Devo and go to Administration → Credentials, then click Show to display and copy the API key to your clipboard. To paste the API key into the configuration script window, use SHIFT + INS

2016-01-28 10:23:00.488298 [SUCCESS] Relay activation is still pending, waiting for user to activate the Relay.

The relay is not active.

Go to Administration → Relays, select the relay, click the ellipsis icon, and select Activate.

2016-01-28 10:24:01.331976 [SUCCESS] Relay is active, deploying new configuration set. A new certificate is being downloaded.
2016-01-28 10:25:01.794021 [SUCCESS] No changes in the Relay Configuration. If the relay reports NO change but is still not working, try downloading a new certificate. Go to Administration → Relays then click on the relay link and select Force Generate New Certificate → Apply Configuration.

Check the configuration of the ports

  1. There is a configuration file for each open port:

    $ cat /etc/logtrust/scoja/version1/rules/rule-13000.pconf
    $ cat /etc/logtrust/scoja/version1/rules/rule-13001.pconf
    $ cat /etc/logtrust/scoja/version1/rules/rule-13002.pconf
  2. This will return the port configuration:

    source(
    port = 13000,
    udpThreads = 2,
    udpReceiveBuffer = None,
    maxPacketSize = 32*1024,
    tcpThreads = 2,
    tcpReceiveBuffer = None
    )
    
    rule(order = 0)

Example of the usual relay folder structure

/opt/
logtrust
    relay
        daily_compress.sh
        fprobe.deb.initial
        fprobe.rpm.initial
        install.sh
        logtrust-relay-configure
        UpdateRelay.py
    scoja
        cachedir
        coja.sh
        cprezoso.sh
        jython.jar
        Lib
        libPosixNative.so
        log4j-1.2.16.jar
        nao
        recoja
        recoja.logconf
        recoja.sh
        scoja
        scoja-beep.jar
        scoja-cc.jar
        scoja-client.jar
        scoja-compression.jar
        scoja-cp.sh
        scoja.jar
        scoja.policy
        scoja-rpc.jar
        scoja.sh
        scoja-test.jar
        sip

/etc/
    logtrust
        relay
            logtrust.conf
            logtrust.conf.initial
        scoja
            version1
                all-me.conf
                defs.py
                keys
                local.py.initial
                netflow2.pconf
                parameters.conf
                syslog.pconf
                all-var.conf
                internal.pconf
                local.py
                me.conf
                netflow.pconf
                rule.py
                unrules

    cron.d
        lt-compress
        lt-relay

    init.d
        logtrust-relay

    logrotate.d
        lt-relay

    profile.d
        logtrust.sh

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US