Deploy SexiLog on VMware vSphere 6.7 to collect logs from your ESXi hosts and VCSA

6. SexiLog Console (SexiMenu)

Start the "SexiLog" virtual machine and you will see a "GRUB" boot menu.

Once the virtual machine is started, you will arrive on a login screen: sexilog login.

Log in as root and you will arrive on the home screen (named "SexiMenu") of SexiLog.
The default identifiers are "root / Sex!Log" and are referenced on the "QuickStart" page of the official SexiLog website.

Please note: the keyboard used by default is a QWERTY keyboard.
Which means that to type the character "!" of SexiLog's default password, you will need to activate the capital letter and press the number "1" (located at the top left of the keyboard) if you have an AZERTY keyboard.

Thanks to this SexiMenu, you will be able to:

• 0) Logout: log out of this menu.
• 1) Shell: access the shell of the Linux distribution (Debian) on which SexiLog is based.
• 2) Reboot system: restart this “SexiLog” virtual machine.
• 3) Halt system: stop this virtual machine.
• 4) Restart SexiLog services: restart the SexiLog services.
• 5) Network settings: modify the SexiLog network configuration.
• 6) Change console keymap (for Frenchies): change the keyboard layout to use an AZERTY keyboard "French (France)" instead of the QWERTY keyboard used by default.
• 7) Riemann (e-mail) settings: configure SMTP settings to automatically receive email alerts based on the logs that you transfer to your SexiLog virtual machine.

6.1. Access the Linux shell from SexiLog

To access the Linux shell of your SexiLog virtual machine, simply enter the number "1" and press Enter.
To return to the SexiLog menu from this shell, type the command:

Bash

/root/seximenu/seximenu.sh

Otherwise, type the Linux command "exit" and log in again as "root".

6.2. Change the keyboard to AZERTY (French - France) instead of QWERTY

Given that SexiLog was developed by 2 French people, they had the good idea to add an option to quickly change the default keyboard to: AZERTY.
The keyboard layout that will be used will be: French (France).
To do this, use option: 6 (Change console keymap (for Frenchies)).

Important : if you decide to change the keyboard layout, remember it when you type the SexiLog password from the console of this VM.

Note: if you are in Belgium, know that the letters will be in the right place. But, the special characters will not be in the right place.
If you have a "French (Belgium)" keyboard, but you change the SexiLog keyboard via this option "6", the character "!" of SexiLog's default password will be in place of the "=" (present at the bottom right of your keyboard).

As you can see, by default, the keyboard layout used is: us.
To change it to a French keyboard (France), answer "y" to the question "Do you want to switch to 'fr' layout?" which is displayed.

The keyboard layout has been updated in French:

Plain Text

Setting preliminary keymap...done.
Default keymap layout have been updated to fr.

6.3. Restart SexiLog services

To restart SexiLog services in case of problems or when modifying configuration files directly from its shell, use option 4 (Restart SexiLog services).

Indeed, SexiLog is based on several components.

Thanks to this option, you will be able to restart all these services on which SexiLog depends:

• riemann: used for sending alert emails.
• logstash: used to parse (analyze) the logs of your VMware servers and send the retrieved data to elasticsearch.
• elasticsearch: used to store data parsed by logstash. Kibana then uses this data to offer you different dashboards (SexiBoards), including graphs based on this data.
• node-app: express Node.js application named "kibana-proxy" to prevent Elasticsearch from making its requests from the client web browser.
• rsyslog: used to pass interrupts to logstash from snmptrapd.

Plain Text

Restarting SexiLog services will restart:
                    /etc/init.d/riemann
                    /etc/init.d/logstash
                    /etc/init.d/elasticsearch
                    /etc/init.d/node-app
                    /etc/init.d/rsyslog

Are you sure you want to restart SexiLog services? (y/N):

Answer “y” to restart SexiLog services.

SexiLog services have been restarted.

6.4. Modify SexiLog network configuration

To modify SexiLog's network configuration and set a static IP address for this virtual machine, use option 5 (Network settings).

By default, SexiLog automatically obtains an IP address from the DHCP server on your network.
To set a static IP address for it (which is required to then specify it as the destination syslog server in your VMware server settings), answer "n" to this question:

Plain Text

Do you want to configure your network with DHCP for this machine?

SexiLog will ask you for the various necessary information one by one (hence the 5 steps):

• IP: the IP address to assign to this "SexiLog" virtual machine.
• Netmask: the associated subnet mask.
  Typically "255.255.255.0" for "192.168.1.x" IP addresses or "255.0.0.0" for "10.x.x.x" IP addresses.
• Gateway: the gateway (router / Box) to use to access the Internet.
• DNS: the address of your local DNS server (if you have one), that of your ISP or that of Google (8.8.8.8).
• Hostname: the name of your server. By default "sexilog", but this can be useful to prevent an alert from occurring due to its original name.

Once you have validated the last information (the hostname), SexiLog will tell you that updating the network settings will restart your server.
Answer "y" to the question that appears to save the new network configuration and restart the SexiLog virtual machine.

Plain Text

Updating your network settings will reboot your appliance.

Are you sure you want to update network settings of this machine? (y/N): y

Then, press "Enter" to validate the restart of SexiLog.

Plain Text

New network settings applied.
[SEXILOG] Your system will now reboot.
Press [Enter] key to continue...

Your SexiLog virtual machine restarts.

Then the GRUB boot menu will appear.
Wait 5 seconds or press Enter directly.

The SexiLog login screen appears.

Warning : if you previously changed the keyboard layout to "fr", remember that the character "!" of SexiLog's default password has moved.
On the "French (France)" AZERTY keyboard, this character "!" is located just to the left of the "Shift" (right) key.

And there you have it, the network configuration has been updated.
As you can see at the top of the screen.

6.5. Configure sending email alerts

If you want to receive email alerts based on logs analyzed by SexiLog, use option 7 (Riemann (email) settings).

Then answer "y" and follow the wizard.

6.6. Change root account password

To change SexiLog's default password, first access the Linux shell using option 1 (Shell).

Then use this Linux command:

Bash

passwd root

And indicate twice the new password to use for this root account.

Plain Text

Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

6.7. Change the default time zone

To get started, check the current date (including its time zone).

Bash

date

As you can see, by default, the time zone used is: UTC.

Plain Text

Mon Nov  1 16:14:47 UTC 2021

To change the time zone used by default, access the shell using option 1.

Then, locate the list of available continents using the command:

Bash

ls /usr/share/zoneinfo

Then, list the capitals (of countries) available in the desired continent by adding the name of the desired continent at the end of the command above.
For example, for Europe, type this:

Bash

ls /usr/share/zoneinfo/Europe

Save the current time zone:

Bash

mv /etc/localtime /etc/localtime.old

Then, use the "Paris" time zone if you are in France:

Bash

cp /usr/share/zoneinfo/Europe/Paris /etc/localtime

Use the "Brussels" time zone if you are in Belgium:

Bash

cp /usr/share/zoneinfo/Europe/Brussels /etc/localtime

Finally, verify that the time zone has been changed by typing:

Bash

date

As you can see, the time zone used is now: CET.

Plain Text

Mon Nov  1 17:21:09 CET 2021

6.8. Log out of the SexiLog console

To log out of this console, use option 0.

Once disconnected from the console, you will see the login screen again: sexilog login.