LC AWS: Troubleshoot using AWS

Document created by RSA Information Design and Development on Nov 22, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 10Show Document
  • View in full screen mode
  

The following section describes troubleshooting tips using AWS.

Changing Hostname in Amazon AMI

If you need to change the hostname in Amazon AMI, follow these steps:

  • In your instance, open the /etc/sysconfig/network configuration file in your favorite text editor and change the HOSTNAME entry to reflect the fully qualified domain name (such as webserver.mydomain.com).
    For example: HOSTNAME=webserver.mydomain.com

  • Reboot the instance to establish the new hostname, as shown in the following example:

    [ec2-user ~]$sudo reboot

  • Log in to your instance and verify that the hostname is updated. Your prompt should show the new hostname (up to the first set of quotation marks). The hostname command should display the fully qualified domain name, as shown in the following example:

    [ec2-user@webserver ~]$ hostname webserver.mydomain.com

    Troubleshooting Provisioning Errors

    Listed below are the steps required to re-enable your remote log collection service in Security Analytics on the remote log collector in AWS, along with steps that are required re-enable your remote log collection service in Security Analytics on your Security Analytics Server.

    1. On the AWS Remote Log Collector, run

      /etc/puppet/scripts/node_id.py

    2. On the Security Analytics Server , run

      puppet cert clean <Node_id>

    3. On the Security Analytics Server, run

      service puppetmaster stop

    4. On the AWS Remote Log Collector, run

      service puppet stop

    5. On the AWS Remote Log Collector, run

      rm -rf /var/lib/puppet/ssl/*

    6. On the Security Analytics Server, run

      service puppetmaster start

    7. On the AWS Remote Log Collector, run

      service puppet start

    8. On the AWS Remote Log Collector, run

      puppet agent -t -- waitforcert 30

    Troubleshooting Discovery Issues

    1. Run the following commands to check if any of the following services are down (rabbitmq, mcollective, puppet, and nwlogcollector):

      service rabbitmq-server status
      service mcollective status
      service puppet status
      status nwlogcollector

    2. If rabbitmq-service is stopped, check the processes and ensure that no multiple processes exist. Run the following command:

      ps - aux | grep rabbit

    3. Kill the additional rabbitmq processes (if any) by running the following command:

      kill -9 <PID of rabbit>

    4. Run the following command to start the rabbitmq service:

      service rabbitmq-server start

    5. Re-run the puppet agent to complete the discovery of the Remote Log Collector by running the following command:

      puppet agent -t

    Checking Ports and Log Collection Services

    To check for the ports that are listening on your remote log collection service, run the following command:

    netstat -anp | grep LISTEN

    For more information, refer to the Ports table in Configure Security Group.

You are here
Table of Contents > Configure and Deploy Remote Log Collector Service into AWS > Troubleshooting

Attachments

    Outcomes