Install Integrated Log Collector

You can install an integrated Log Collector on a JA2500 appliance or Junos Space virtual appliance. The integrated Log Collector is installed on Junos Space node (JA2500 appliance or virtual appliance) and it works as both the Log Receiver node and Log Storage node. Integrated Log Collector supports only 500 eps.

Before You Begin

Integrated Log Collector uses port 9200, 514, and 4567.
Junos Space Network Management Platform must be configured with Ethernet Interface eth0 and management IP addresses.
OpenNMS must be disabled on Junos Space Network Management Platform.
Ethernet Interface eth0 on the Junos Space Network Management Platform must be connected to the network to receive logs.
/var should have a minimum of 500-GB disk space for the integrated Log Collector installation to complete.

Table 1 shows the specifications for installing the integrated Log Collector on a JA2500 appliance.

Table 1: Specifications for Installing an Integrated Log Collector on a JA2500 appliance

Component	Specification
Memory	8 GB Log Collector uses 8 GB of the available 32-GB system RAM.
Disk space	500 GB This is used from the existing JA2500 appliance disk space.
CPU	Single core

Component

Specification

Memory

8 GB

Log Collector uses 8 GB of the available 32-GB system RAM.

Disk space

500 GB

This is used from the existing JA2500 appliance disk space.

CPU

Single core

Note

These specifications are used internally by the integrated Log Collector on JA2500 appliance.

Table 2 shows the specifications for installing the integrated Log Collector on Junos Space virtual appliance.

Table 2: Specifications for Installing an Integrated Log Collector on a Junos Space Virtual Appliance

Component	Specification
Memory	8 GB If integrated Log Collector is running on the Junos Space virtual appliance, we recommend that you add 8 GB of RAM to maintain the Junos Space performance. It uses 8 GB of system RAM from the total system RAM.
Disk space	500 GB Minimum 500 GB free space is required. You can add any amount of disk space.
CPU	2 CPUs of 3.20 GHz

Component

Specification

Memory

8 GB

If integrated Log Collector is running on the Junos Space virtual appliance, we recommend that you add 8 GB of RAM to maintain the Junos Space performance. It uses 8 GB of system RAM from the total system RAM.

Disk space

500 GB

Minimum 500 GB free space is required. You can add any amount of disk space.

CPU

2 CPUs of 3.20 GHz

Note

These specifications are used internally by the integrated Log Collector running on the Junos Space virtual appliance.

To install an integrated Log Collector on a JA2500 appliance or virtual appliance:

Download the integrated Log Collector script from the download site.
Copy the integrated Log Collector script to a JA2500 appliance or virtual appliance.
Connect to the CLI of JA2500 appliance or virtual appliance with admin privileges.
Navigate to the location where you have copied the integrated Log Collector script.
Change the file permission using the following command:
chmod +x Integrated-Log-Collector-xx.xxx.xxx.sh
For example, chmod +x Integrated-Log-Collector-20.1R1.xxx.sh
Install the integrated Log Collector script using the following command:
./Integrated-Log-Collector-xx.xxx.xxx.sh
For example, ./Integrated-Log-Collector-20.1R1.xxx.sh
- The installation stops if the following error message is displayed while installing the integrated Log Collector on the virtual appliance. You must expand the virtual appliance disk size to proceed with the installation.
  ERROR: Insufficient HDD size, Please upgrade the VM HDD size to minimum 500 GB to install Log Collector
  To expand the hard disk size for the Junos Space virtual appliance:
  1. Add a 500 GB capacity hard disk on the Junos Space virtual appliance through VMware vSphere client.
  2. Connect to the console of the Junos Space virtual appliance through SSH.
  3. Select Expand VM Drive Size.
  4. Enter the admin password and expand /var with 500 GB.
  5. Once /var is expanded, you are prompted for any further HDD expansion. Select No to reboot the system.Note
    Junos Space Network Management Platform must be active and functioning. You must be able to log in to the Junos Space Network Management Platform and Security Director user interfaces before attempting to run the integrated Log Collector setup script again.
  6. After the disk size is expanded and Junos Space Network Management Platform and Security Director user interfaces are accessible, run the following command:
    ./Integrated-Log-Collector-xx.xxx.xxx.sh
    For example, ./Integrated-Log-Collector-20.1R1.xxx.sh
- The installation stops if the following error message is displayed while installing the integrated Log Collector on a JA2500 appliance or virtual appliance. You must disable OpenNMS by following the steps mentioned in the error message to proceed with the installation.
  ERROR: Opennms is running...
  
  Please try to disable opennms as described below or in document and retry Log Collector installation...
  
  STEPS: Login to Network Management Platform --> Administration --> Applications
  
  Right Click on Network Management Platform --> Manage Services -> Select Network Monitoring and click Stop
  
  Service Status should turn to Disabled
  After OpenNMS is disabled, run the following command:
  ./Integrated-Log-Collector-xx.xxx.xxx.sh
  For example, ./Integrated-Log-Collector-20.1R1.xxx.sh
When the integrated Log Collector is installed on the JA2500 appliance or virtual appliance, the following message is displayed:
Shutting down system logger: [ OK ]

Starting jingest ... jingest started.

{"log-collector-node": {"id":376,"ip-address":"x.x.x.x","priority":0,"node-type": "INTEGRATED","cpu-usage":0,"memory-usage":0, "fabric-id":0,"display-name": "Integrated","timestamp":0}}
After the installation is complete, a logging node is automatically added in Administration > Logging Management > Logging Nodes.

Note

Perform the following after installing the integrated Log Collector script: Integrated-Log-Collector-20.1R1v.130

Log in to the Junos Space console.
Update Dir permission.
chmod -R 777 /var/run/
Restart the ElasticSearch service:
systemctl restart elasticsearch
systemctl status elasticsearch
Update the eth0 IP address in /opt/jIngest/config/config.properties:
bindIp=<Junos Space eth0 IP>
Restart the JIngest service:
service jingest restart
service jingest status
Run the following commands to add Log Collector in Security Director:
1. ip=$(ifconfig eth0 | grep "inet" | awk '{print $2}')
2. curl -X POST -k -H 'Accept: application/json' -H 'Content-Type: application/json' -i 'http://localhost:8080/api/juniper/ecm/log-collector-nodes/' -data '{"log-collector-credential":{"user-name":"admin","ip-address":"'"$ip"'","password":"juniper_123","name":"Integrated","node-type":"Integrated"}}'
Log in to Security Director, and verify the Log Collector details.