Troubleshooting frequent problems with All-in-One installation of Kaspersky Unified Monitoring and Analysis Platform
Issue
After successful installation of Kaspersky Unified Monitoring and Analysis Platform (KUMA), you may encounter some errors:
- Pre-installed services have the red status and cannot be launched.
- When trying to download the pre-installed service logs, an error message appears informing you that the KUMA server name has not been specified.
- The error “failed to verify certificate: x509: certificate is valid for kuma, not kuma.demo” appears in the KUMA service log (collector, correlator, storage).
Cause
The errors occur because the server name specified in single.inventory.yml does not match the server name displayed when running the hostname -f command.
Solution
Follow the step-by-step instructions below. Run the specified commands using the sudo service.
Step 1. Check and change the server name
- Check the server name which is indicated in the configuration file single.inventory.yml.
- Check the KUMA server name using the command:
- Replace the KUMA server name with the one from the configuration file by using the command:
The new name will be displayed after the command is executed.
Step 2. Update certificates for the correct server name
- Display the contents of an internal (internal.cert) and external (external.cert) certificates located in the KUMA home directory (/opt/kaspersky/kuma/core/certificates), using the openssl tool and the command:
- Make sure that the CN value contains the incorrect server name for which the certificate is issued.
- Go to /opt/kaspersky/kuma/core/certificates and delete the certificates using the command:
- Restart the kernel KUMA service using the command:
- Make sure that the previously deleted certificates are restored with the new CN names by using the command:
Step 3. Recreate the services for the correct certificates
- Go to Resources → Active services.
- Right-click the Storage service ([OOTB] Storage) and copy its ID.
- Delete the following services on the KUMA server:
- Storage ([OOTB] Storage) using the command:
# /opt/kaspersky/kuma/kuma storage --core https://kuma.demo:7210 --id 1234567a-89c0-1234-a12d-123e4d5c6e7f --uninstall
- Correlator ([OOTB] Correlator) using the command:
# sudo /opt/kaspersky/kuma/kuma correlator --core https://kuma.demo:7210 --id 1234567a-89c0-1234-a12d-123e4d5c6e7f --uninstall
- Collector ([OOTB] Syslog-CEF) using the command:
# /opt/kaspersky/kuma/kuma collector --core https://kuma.demo:7210 --id 1234567a-89c0-1234-a12d-123e4d5c6e7f --uninstall
-
Specify the name of your server instead of kuma.demo. Enter the copied ID of the corresponding service instead of 1234567a-89c0-1234-a12d-123e4d5c6e7f.
- Storage ([OOTB] Storage) using the command:
- Select the check box for the Storage service ([OOTB] Storage), click Remove in the upper menu of the KUMA interface. In the prompt window, click OK to remove the service.
- In the upper menu of the interface, click Add service. In the window that opens, select the [OOTB] Storage check box.
- Copy the ID of the recreated service.
- Go to the KUMA server and create the service using the command:
Specify the name of your server instead of kuma.demo. Enter the copied ID of the corresponding service instead of 1234567a-89c0-1234-a12d-123e4d5c6e7f.
- Make sure that the service is running and functioning without errors by using the command:
Specify the name of your server instead of kuma.demo. Enter the copied ID of the corresponding service instead of 1234567a-89c0-1234-a12d-123e4d5c6e7f.
- Go back to the KUMA interface and check if the Storage service ([OOTB] Storage) status has turned green.
- Repeat the items 2—5 of these instructions for the Correlator service ([OOTB] Correlator).
- Go to the Setup validation section and copy the command from it to create the service on the KUMA server.
- Go to the KUMA server and run the copied command.
- Repeat the items 2—5 and 11—12 of these instructions for the Collector service ([OOTB] Syslog-CEF).
- Go back to the KUMA interface and check if the Correlator ([OOTB] Correlator) and Collector ([OOTB] Syslog-CEF) services now have the green status.
The operation of the system components will be restored after completing these instructions for all the services.