Cloning unit to create additional instances

[TEWLS]

We are finally ready to start creating our cluster and expanding the networks we pull information from.. For this process though we would like to just clone the working unit rather than rebuilding multiple units, STIGing the boxes, installing the application, and then running the dozen scripts to get the app working with the STIG in place. I tried this before however and it put my machine in an unrecoverable state that required me to full wipe the system and reinstalling everything from scratch. Is it possible to clone the system and remove X files/settings and running a script, like the generate_uuid.sh script in /usr/local, or is this not an option with the current iteration of NLS.

Also as an aside we are trying to get logs from our Oracle/SAP servers and I am not finding a simple way to gather these logs correctly. Is there a sample conf for nxlog that will gather these logs without doing a file-by-file basis as demonstrated on the 'Windows Files Setup' page? Right now we have the logs being sent to the Windows Event Viewer and it is not ideal and we would like to see if there was another option or a plug-in that will gather these logs more efficiently.

[mcapra]

Is it possible to clone the system and remove X files/settings and running a script, like the generate_uuid.sh script in /usr/local, or is this not an option with the current iteration of NLS.

There isn't a specific documented process at the moment, though I was able to do this.

I cloned an existing NLS node, took it off the network (super important, don't want write conflicts), powered it on, ran the following commands:

Code: Select all

service elasticsearch stop
rm -rf /usr/local/nagioslogserver/elasticsearch/data/*
rm -f /usr/local/nagioslogserver/var/cluster_uuid
rm -f /usr/local/nagioslogserver/var/host_uuid
rm -rf /var/www/html/nagioslogserver/application/cache/installed
# do my network config stuff like static IPs
poweroff

Then I added it back on the network, powered it up, and ran through the install steps provided by the GUI to add it to my existing cluster. That seems to have worked, though I can't provide any specific guarantees because the testing I've done is limited.

Is there a sample conf for nxlog that will gather these logs without doing a file-by-file basis as demonstrated on the 'Windows Files Setup' page?

Can you share the file/folder structure of the logs you're trying to capture? You can do wildcard inclusions with the im_file module like so:

Code: Select all

<Input many_files>
    Module	im_file
    File	'C:\\inetpub\\error-*.xml'
    SavePos	TRUE
    ReadFromLast TRUE
    InputType	multiline
	
	Exec        $raw_event = replace($raw_event, "\r\n", " ");
	Exec     $Message = $raw_event;
</Input>

With the File directive's formatting being the secret sauce.

[TEWLS]

I wrote a bunch of stuff in here and it failed to post so here is a summary... Cluster up using clones of our template, 4 instances using Centos 7, STIGed, SELinux working, PHP 5.6 working, java 1.8 working.

Commands you gave work but need to be modified slightly.

Code: Select all

service elasticsearch stop
rm -rf /usr/local/nagioslogserver/elasticsearch/data/*
rm -f /usr/local/nagioslogserver/var/cluster_uuid
rm -f /usr/local/nagioslogserver/var/node_uuid
rm -rf /var/www/html/nagioslogserver/application/cache/installed
rm -rf /store/backups/nagios/nagioslogserver/*
cat /dev/null > /usr/local/nagioslogserver/var/cluster_hosts

SAP logging still not working but we are creating a cookbook that will be used to gather logs from these various sources.

[mcapra]

Thanks for sharing your findings! I definitely recommend leveraging chef/puppet when it comes to distributing hundreds of syslog config files.