Managing Edge Nodes

If you have an Enterprise or Standard license, you can click the Manage tab in the left nav to open the Manage Fleets page. This page has three upper tabs: Fleets, Edge Nodes and Mappings.

Fleets Tab

The Manage Fleets page provides a list of all configured Fleets and Subfleets in the instance.

Manage Fleets
Manage Fleets

The top header now shows you the number of configured Fleets (2), along with other statistics. Clicking on the Fleet’s Name redirects you to its Fleet Landing Page where you can explore more information for each of your configured Edge Nodes.

Edge Nodes Tab

The Edge Nodes tab on the Manage Edge Nodes page provides status information for each Edge Node in the selected Fleet.

Edge Node tab
Edge Node tab
  • To export the list of Edge Nodes, click the Export list as drop-down. Select JSON or CSV as the export file format. If you filter the list before exporting, the exported list will also be filtered. You can export the entire list by removing all filters.
  • To display additional details and controls, click each row.
  • To teleport from the Leader into the Edge Node, click the Edge Node GUID link.

Add/Update Edge Nodes

You can use the Add/Update Edge Node control at upper right to update an existing Node, or to add a new Node by generating a bootstrap script. Cribl Edge admins can use the UI to concatenate and copy/paste the bootstrap script, automating several steps below. You can use an adjacent option to grab a script that updates an Edge Node’s Fleet assignment. You also have the option of generating a bootstrap script for the following Edge Nodes:

Options to add or update an Edge Node
Options to add or update an Edge Node

The Update option in the UI adjusts the Leader connection details for the currently installed software. To upgrade the Edge Node – that is, install a newer version of the software – see Upgrading.

Add/Bootstrap a New Edge Node

All Edge Nodes’ hosts must enable ongoing outbound communication to the Leader’s port 4200, to enable the Leader to manage the Nodes. While the bootstrap script runs, firewalls on each Nodes’s host must also allow outbound communication on the following ports:

  • Port 443 to https://cdn.cribl.io.
  • Port 443 to a Cribl.Cloud Leader.
  • Port 9000 to an on-premises Leader.

The details below differ slightly depending on which deployment option you select.

  1. From Cribl Edges’s top nav, select Manage > Edge Nodes.

  2. On the resulting Edge Nodes tab, click Add/Update Edge Node at the upper right.

  3. Select the deployment option as shown in the composite screenshots below.

  4. In the resulting modal, the Install package location defaults to Cribl CDN. If desired, change this to Download URL.

  5. As needed, correct the target Fleet, as well as the Leader hostname/IP (URI).

  6. As needed, correct the User to run Cribl as. Defaults to cribl.

  7. As needed, correct the Installation directory. Defaults to /opt/cribl.

  8. Optionally, add Tags that you can use for filtering and grouping in Cribl Edge. Use a tab or hard return between (arbitrary) tag names.

  9. Copy the resulting script to your clipboard.

  10. Click either Done or X to close the modal.

Paste the script onto your Edge Node’s command line and execute it, to add the Edge Node.

Generating a script to bootstrap an Edge Node on Linux
Generating a script to bootstrap an Edge Node on Linux

Below is a composite screenshot of adding an Edge Node on Windows.

Generating a script to bootstrap an Edge Node on Windows
Generating a script to bootstrap an Edge Node on Windows

Troubleshooting the Display

If you see unexpected results on the Edge Nodes tab, keep in mind that:

  • Edge Nodes that miss 5 heartbeats, or whose connections have closed for more than 30 seconds, will be removed from the list.
  • For a newly created Fleet, the Config Version column can show an indefinitely spinning progress spinner for that Fleet. This happens because the Edge Nodes are polling for a config bundle that has not yet been deployed. To resolve this, click the Deploy option to force a deploy.
  • For details on collocating multiple Cribl products, see Cribl Edge and Cribl Stream on the Same Host.
  • For details on overriding default ports, see Overriding Default Ports.

Mappings Tab

Click the Mappings tab (Manage > Mappings) to display status and controls for the active Mapping Ruleset. This page displays a maximum of 10,000 results.

Mappings status/controls
Mappings status/controls

To manage and preview the Rules in a Ruleset, click into it.

Managing Ruleset page
Managing Ruleset page

Collecting AWS EC2 Tag Metadata

If Edge is connected to an AWS EC2 instance, the Mappings tab can gather metadata for AWS instance tags. You can use tags to map EC2 nodes to the correct Edge Fleet. You must allow access to tags in the EC2 instance metadata for Cribl Edge to obtain them.

How Edge Nodes and Leader Work Together

The Leader Node has two primary roles:

  1. Serves as a central location for Edge Nodes’ operational metrics. The Leader ships with a monitoring console that has a number of dashboards, covering almost every operational aspect of the deployment.

  2. Serves as a central location for authoring, validating, deploying, and synchronizing configurations across Fleets.

Leader Node/Edge Nodes relationship
Leader Node/Edge Nodes relationship

Network Port Requirements (Defaults)

  • UI access to Leader Node: TCP 9000.
  • Edge Node to Leader Node: TCP 4200. Used for Heartbeat/Metrics/Leader requests/notifications to clients (for example: live captures, teleporting, status updates, config bundle notifications, and so on).
  • Edge Node to Leader Node: HTTPS 4200. Used for config bundle downloads.
  • Edge Node boostrapping/update: TCP 443.

Leader/Edge Node Communication

Edge Nodes will periodically (every 10 seconds) send a heartbeat to the Leader. This heartbeat includes information about themselves, and a set of current system metrics. The heartbeat payload includes facts – such as hostname, IP address, GUID, tags, environment variables, current software/configuration version, etc. – that the Leader tracks with the connection.

The failure of an Edge Node to successfully send two consecutive heartbeat messages to the Leader will cause the respective Edge Nodes to be removed from the Nodes page in the Leader’s UI until the Leader receives a heartbeat message from the affected node.

When an Edge Node checks in with the Leader:

  • It sends a heartbeat to Leader with “facts” about itself.
  • The Leader uses Edge Node’s facts and Mapping Rules to map it to a Fleet.
  • The Edge Node pulls its Fleet’s updated configuration bundle, if necessary.

The Leader is unaware of Edge Nodes’ platforms (i.e, Linux or Windows) within a Fleet. So the ConfigHelper omits platform-specific limitations. Therefore, when you manage Edge Nodes on heterogeneous platforms, create a Windows-specific Fleet and mapping. See Managing Edge Nodes on Multiple Platforms.

Config Bundle Management

Config bundles are compressed archives of all config files and associated data that an Edge Node needs to operate. The Leader creates bundles upon Deploy, and manages them as follows:

  • Bundles are wiped clean on startup.
  • While running, at most 5 bundles per group are kept.
  • Bundle cleanup is invoked when a new bundle is created.

The Edge Node pulls bundles from the Leader and manages them as follows:

  • Last 5 bundles and backup files are kept.
  • At any point in time, all files created in the last 10 minutes are kept.
  • Bundle cleanup is invoked after a reconfigure.