Configuring rbk-log to start on boot
In my last post, I made mention of the fact that the Linux binary we use to connect Polaris to your syslog collector doesn’t start at boot and if you log off will be killed. I thought about that and decided that it would be stupid not to note how to make it automatically start on boot. I mean, why would you not?
The process itself is not complicated. In days of old you would have used /etc/init.d to configure services, these days we use a process called systemd. There are a couple of tricks to getting the rbk-log tool to work as it requires either switches or environment variables, and as we used environment variables the last time round, I’m going to stick with that.
So what steps do we need to take to make the magic happen?
- Download the rbk-log tool if you haven’t already
- Save the file to a home directory and make it executable
- Configure the syslog service locally
- Create the systemd service definition file
- Start the rbk-log service to make sure it starts properly
- Enable the service to auto start on boot
Downloading the rbk-log tool
You can get this tool from the Rubrik Support website, under Downloads. See my Sentinel blog post prior to this to see where it lives.
Save the file to a home directory and make it executable
As I’m using Ubuntu on EC2 for this example, there is a user created during VM provisioning called ubuntu. As it has a home directory already created, I’d recommend dropping the tool in there. To make it executable, run chmod ugo+x rbk-log. If you do an ls -l, it should look like the following :-
Create the systemd service definition file
We then need to create a small configuration file for the rbk-log tool so that systemd knows how the service should run and what other information it needs to start successfully. To save time, I’ve copied my definition file below :-
[Unit] Description=Rubrik Polaris Syslog Importer After=network.target StartLimitIntervalSec=0 [Service] Type=simple Restart=always RestartSec=1 User=ubuntu ExecStart=/home/ubuntu/rbk-log start Environment="RUBRIK_POLARIS_ACCOUNT="<your-tenant-id>.my.rubrik.com"" Environment="RUBRIK_POLARIS_LOG_NETWORK="tcp"" Environment="RUBRIK_POLARIS_LOG_PORT="514"" Environment="RUBRIK_POLARIS_LOG_SERVER="localhost"" Environment="RUBRIK_POLARIS_PASSWORD="<your-polaris-password>"" Environment="RUBRIK_POLARIS_USERNAME="<your-polaris-login-email>"" [Install] WantedBy=multi-user.target
The file itself should be pretty self explanatory, just copy the file and put it into /etc/systemd/system and name it rbk-log.service. The full path to the saved file should be /etc/systemd/system/rbk-log.service
You will then need to go in and check the ExecStart parameter to make sure the path to the rbk-log tool executable is correct.
You will also need to configure the environment variables to match your configuration, so the three values in bold and the pointy brackets need to be amended. Save the file away when you’re done, if you get any permissions errors, remember you will probably need to run your text editor with the sudo command.
sudo vim /etc/systemd/system/rbk-log.service
Start the rbk-log service to make sure it starts properly
In order for systemd to refresh the config files, issue a sudo systemctl daemon-reload command at the prompt. This should be instant. Once you’ve reloaded systemctl, we can issue the command to start the rbk-log service :-
sudo systemctl start rbk-log.service
Wait a few seconds for the service to start and then issue a status command, to make sure it has started up properly.
sudo systemctl status rbk-log.service
All being well, you should see something similar to below :-
You can also issue a tail -f /var/log/syslog command to watch the tail of the syslog file to perform any necessary troubleshooting.
Enable the service to auto start on boot
All being well at this stage, we can now enable the service to start automatically on boot :-
sudo systemctl enable rbk-log
That’s it! You may wish to reboot the VM just to make sure the service auto starts, just as a precaution.