Manually Install MineMeld on Ubuntu 14.04

Printer Friendly Page

WARNING: This article is out of date

Please use follow this article to install MineMeld on a recent Ubuntu 16.04 distribution:



If for some reasons the supplied MineMeld cloud-init loaders for VMWare, EC2 and Azure could not work in your environment, you can fall back to the good ol' manual installation of MineMeld.


Supported distributions

Ubuntu Server LTS 14.04


1. Hardening the instance

First thing you should harden your new instance. MineMeld won't take off this for you. A good tutorial is this one.


2. Setting up iptables

You can use the following commands to configure iptables to allow sessions on ports used by MineMeld. Port 13514/tcp is for sending syslog messages to the MineMeld instance and it is optional. Also these rules drop all IPv6 traffic, if you are running MineMeld in an IPv6 network make sure you change the suggested rules.


sudo apt-get update && sudo apt-get install -y iptables-persistent
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 13514 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo bash -c "iptables-save > /etc/iptables/rules.v4"
sudo ip6tables -A INPUT -i lo -j ACCEPT
sudo ip6tables -P INPUT DROP
sudo ip6tables -P FORWARD DROP
sudo bash -c "ip6tables-save > /etc/iptables/rules.v6"


3. Adding the repo GPG key

Add the MineMeld repo GPG key to the APT trusted keyring:


 wget -qO - | sudo apt-key add -


Double check the GPG key fingerprint, to make sure it is matching the official MineMeld GPG key (fingerprint should match characters in bold):


$ apt-key adv --fingerprint DD0DA1F9
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.W74MaAG3pI --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --fingerprint DD0DA1F9
pub 4096R/DD0DA1F9 2016-07-15
Key fingerprint = E558 CE6E 3968 0F31 8F6C BFAC B401 E02E DD0D A1F9
uid Palo Alto Networks, MineMeld Team <>


4. Adding the MineMeld APT repo

Add the MineMeld APT repo to the system list:


sudo add-apt-repository "deb trusty-minemeld main"


5. Installing MineMeld

Install the MineMeld infrastructure package via apt-get. This will also automatically trigger the download of the latest MineMeld packages. 


sudo apt-get update && sudo apt-get install -y minemeld rsyslog-minemeld rsyslog-mmnormalize


6. Checking if MineMeld is running

Check if the 3 MineMeld services are up and running:


$ sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/local/supervisor/config/supervisord.conf status
minemeld-engine RUNNING pid 3727, uptime 0:08:50
minemeld-traced RUNNING pid 3728, uptime 0:08:50
minemeld-web RUNNING pid 3729, uptime 0:08:50


7. BAM!

Done! Check the Quick Tour article to get started.


Difficulty install  on 14.04.lts enviornment.


1)Following  the instructions got all the way thru the apt-get of the product  but experience some errors at the end of the  install, and subsequently the  check via the minemeld account to see what was running failed.


Comments/advice on these errors appreciated.





* Starting message broker rabbitmq-server [ OK ]
Setting up redis-tools (2:2.8.4-2) ...
Setting up redis-server (2:2.8.4-2) ...
Starting redis-server: redis-server.
Setting up minemeld (0.9.5-14) ...
2016-07-27 07:50:24,351 ERROR:0.9.5 Symbolic link current in /opt/minemeld/engin
e not found: [Errno 2] No such file or directory: '/opt/minemeld/engine/current'

2016-07-27 07:50:24,351 ERROR:0.9.5 Symbolic link current in /opt/minemeld/www n
ot found: [Errno 2] No such file or directory: '/opt/minemeld/www/current'
2016-07-27 07:50:24,351 ERROR:0.9.5 Symbolic link current in /opt/minemeld/proto
types not found: [Errno 2] No such file or directory: '/opt/minemeld/prototypes/
2016-07-27 07:50:24,351 INFO:0.9.5 Current status:
2016-07-27 07:50:24,351 INFO:0.9.5 minemeld-engine: current: None latest: None
2016-07-27 07:50:24,351 INFO:0.9.5 minemeld-webui: current: None latest: None
2016-07-27 07:50:24,351 INFO:0.9.5 minemeld-prototypes: current: None latest: No
curl: (22) The requested URL returned error: 503 Service Unavailable
2016-07-27 07:50:24,432 CRITICAL:0.9.5 Error running curl:
Traceback (most recent call last):
File "/usr/sbin/minemeld-auto-update", line 553, in <module>
File "/usr/sbin/minemeld-auto-update", line 525, in main
File "/usr/sbin/minemeld-auto-update", line 235, in update_package_list
verify_cert=config.get('verify-cert', False)
File "/usr/sbin/minemeld-auto-update", line 128, in download_via_curl
File "/usr/lib/python2.7/", line 573, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command 'curl -k -f -s -A "MineMeld/0.9.5" --show
-error -o /tmp/mmaupack
ages2ARYbF' returned non-zero exit status 22
* Restarting nginx nginx [ OK ]
* Restarting statistics collection and monitoring daemon collectd [ OK ]
rsyslog stop/waiting
rsyslog start/running, process 6008
Setting up rsyslog-minemeld (8.16-0) ...
Setting up liblognorm1 (1.1.3-0adiscon1trusty1) ...
Setting up rrdtool (1.4.7-2ubuntu5) ...
Setting up rsyslog-mmnormalize (8.17.0-0adiscon2trusty1) ...
Processing triggers for libc-bin (2.19-0ubuntu6.9) ...


Hi Jack,

could you try doing "curl" from the Ubuntu Server shell to see if you can reach the server ?

From the log it looks curl can't retrieve the JSON manifest file but it works in my environment.

good Catch!


Firewall is blocking it.  (Palo URL filtering calls it  WEB ADVERTISING)  ;-)


Will see if i can an exception for it.




Thanks for reporting the problem ! I have submitted a request for changing the category :-)

These instructions worked great for installing MineMeld on Ubuntu 14.04 running on VirtualBox.  The default username/password is admin/minemeld.

Facing issues post to the installation. The service is up and running and wheneve I use the default Username and Password and click Login , it gives me an error "Error Checking credientials - gateway timed out"..


Can someone help me on this.

Thanks in Advance... 

Hi maltwist,

happy to help, could you open a discussion under MineMeld Discussions describing your issue ? Could you also check the file /opt/minemeld/log/minemeld-web.log for errors ?

Hi lmori,

   Thanks for your reply.. Will post the descussion under MineMeld Discussions. Also i checked the file /opt/minemeld/log/minemeld-web.log for errors could not see any error details logged on it.. 


I followed these steps, but I cannot log in to the web console with the default admin credentials.



When performing a status check on the processes, I see this:


minemeld-engine RUNNING pid 13072, uptime 0:00:03
minemeld-traced FATAL Exited too quickly (process log may have details)
minemeld-web RUNNING pid 977, uptime 2:10:45



When checking the log files for traced, I find:


Traceback (most recent call last):
File "/opt/minemeld/engine/current/bin/mm-traced", line 11, in <module>
File "/opt/minemeld/engine/0.9.18/local/lib/python2.7/site-packages/minemeld/traced/", line 135, in main
File "/opt/minemeld/engine/0.9.18/local/lib/python2.7/site-packages/minemeld/comm/", line 541, in start
File "/opt/minemeld/engine/0.9.18/local/lib/python2.7/site-packages/amqp/", line 165, in __init__
self.transport = self.Transport(host, connect_timeout, ssl)
File "/opt/minemeld/engine/0.9.18/local/lib/python2.7/site-packages/amqp/", line 186, in Transport
return create_transport(host, connect_timeout, ssl)
File "/opt/minemeld/engine/0.9.18/local/lib/python2.7/site-packages/amqp/", line 299, in create_transport
return TCPTransport(host, connect_timeout)
File "/opt/minemeld/engine/0.9.18/local/lib/python2.7/site-packages/amqp/", line 95, in __init__
raise socket.error(last_err)
socket.error: [Errno 111] Connection refused


I'm not sure what is broken.

Hi Jonathan,

it seems RabbitMQ is not running. Did you see any error during the installation ? Could you post the output of "netstat -an | grep LISTEN" in a new Discussion under MineMeld Discussions ?



Got all the way through flawlessly, (or so it seems) thanks! 

Hey guys,


Here's a vagrant script to automate the process above via Virtualbox (minus the hardening):


Vagrant.configure(2) do |config|
  config.vm.define "minemeld" do |minemeld| = "ubuntu/trusty64"
    minemeld.vm.hostname = "minemeld" "forwarded_port", guest: 443, host: 8443

    minemeld.vm.provider "virtualbox" do |vb|
      # Display the VirtualBox GUI when booting the machine
      vb.gui = false
      # Customize the amount of memory on the VM:
      vb.memory = "4096"
      # Customize the number of vCPUs on the VM:
      vb.cpus = "2"

    minemeld.vm.provision "shell", inline: <<-SHELL
      sudo sh -c "wget -qO - | sudo apt-key add - "
      sudo add-apt-repository -y "deb trusty-minemeld main"
      sudo apt-get update
      sudo apt-get install -y minemeld rsyslog-minemeld rsyslog-mmnormalize


@nbilal that is awesome ! Would you mind creating a new discussion about your Vagrant file ? Thanks !

OK - posted here.

Running into issues during the last part of the documented install process when the minemeld packages are installed. I'm following the instructions completely and have doublechecked for missing steps of syntax, but if bombs out at this step: 


sudo apt-get update && sudo apt-get install -y minemeld rsyslog-minemeld rsyslog-mmnormalize


I continue to get the following error:


E: Unable to locate package minemeld

E: Unable to locate package rsyslog-minemeld

E: Unable to locate packge rsyslog-mmnormalize


The step to add the Minemeld APT repo competed successfully so I'm not sure what's happening.


Any advice or gauidance would be greatly appreciated.


Thanks so much!



@jnewsome please, could you open a discussion in the MineMeld discussion section and include a full log of "sudo apt-get update" ? 


Thanks !


@jnewsome I ran into the same issues as what you describe. My issue was because I tried to install on Ubuntu 16.04. 

Issue solved when I performed manual installed in Ubuntu Trusty.

Can someone please provide the minimum server specs for MineMeld implementation?

Has anyone placed MineMeld on SUSE Distro rather than Ubuntu?

Hi @pjames_ucla,

minimum requirements are 1vCPU, 1GB of RAM and 8GB of disk.

@lmori thanks for the information. 

Any support for Ubuntu 16.04 LTS planned?  Our current Ubuntu server deployments have been 16.04 since 16.04.1 came out on 7/21/2016.

 After installation, I end up not having supervisorctl file istalled, all my 


 directory is emptly,

The whole installation seems like went well no errors were throwning thru

Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
minemeld is already the newest version.
rsyslog-minemeld is already the newest version.
rsyslog-mmnormalize is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 84 not upgraded.

Any ideas?

@Yuri_WekslerI had the same issue. I ran into this issue because I had created a minemeld account. Once I deleted that account and used a new admin account to install Minemeld it worked.

Hi @Yuri_Weksler did the solution from @vdnguy2help? I'm now facing the same issue, /engine/ folder is empty and no errors during the installation :(

I've tried to create new account and tried to run the install again, although I'm not aware that my accound is actual minemeld account, but the folder is still empty.


Seems like the Ubuntu 14* setups isn't working anymore?


Setting up minemeld (0.9.11-2build1) ...
2018-06-04 17:02:42,576 ERROR:0.9.11 Symbolic link current in /opt/minemeld/engine not found: [Errno 2] No such file or directory: '/opt/minemeld/engine/current'
2018-06-04 17:02:42,576 ERROR:0.9.11 Symbolic link current in /opt/minemeld/www not found: [Errno 2] No such file or directory: '/opt/minemeld/www/current'
2018-06-04 17:02:42,576 ERROR:0.9.11 Symbolic link current in /opt/minemeld/prototypes not found: [Errno 2] No such file or directory: '/opt/minemeld/prototypes/current'
2018-06-04 17:02:42,576 INFO:0.9.11 Current status:
2018-06-04 17:02:42,576 INFO:0.9.11 minemeld-engine: current: None latest: None
2018-06-04 17:02:42,576 INFO:0.9.11 minemeld-webui: current: None latest: None
2018-06-04 17:02:42,576 INFO:0.9.11 minemeld-prototypes: current: None latest: None


Best regards,


I found this:

So to change your running Minemeld network address you have to change it on:

  1. /etc/hosts
  2. /etc/network/interfaces


Anycomplete instrction from install and then how to run it would be great!! I am running from Virtual Box, so how do I access the webui?





I followed the steps to instal minemeld on vmware desktop and after several attempts I was never able to get any message that stated that the system was installed or running. I found that there is a way to see if MineMeld is running (step 6) and the result I got is this:


sudo: unknown user: minemeld

sudo: unknown to initialize policy plugin


I would appreaciate some help.




Step 3 fails if I am sitting behind coporate network.

Solution : Need to add --no-check-certificate option as follows

wget --no-check-certificate -qO - | sudo apt-key add -



Are there some updated manual isntall instructions?

This leaves out you have to manually create a user "minemeld"

Also, when installing iptables it does not automatically create the /etc/iptables directory and the bash command does not create it for you.

I was able to get past those two items by creating a minemeld user and putting it into the adm group (hope that is the right thing) and then creating the iptables directory under /etc (again hope that was correct)

However, step 6 the check...there is no /opt/minemeld directory...i fear that may be bigger then me just creating that directory....


What I needed to get a MineMeld Installation to run on a fresh Ubuntu-Server-14-04 (26.10.2018)


Installation of "software-properties-common" was needed to actually be able to add a repository using "add-apt-repository"

sudo apt-get update
sudo apt-get install software-properties-common

Then follow the guide:

MineMeld did not start properly (minemeld-engine and minemeld-web FAILED)
So apparently PIP needs to be patched ( )

sudo service minemeld stop
sudo -H -u minemeld /opt/minemeld/engine/current/bin/pip install pip==9.0.3
sudo service minemeld start

Now your MineMeld Service should start, you can check that using the statment in the document above:

sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/local/supervisor/config/supervisord.conf status

Probably you want a proper certificate for your MineMeld Installation (if you have a DNS Name associated with your IP you can easily use LetsEncrypt for that ) Since 8.0 apparently it is not possible to import a self signed certificate (Device>Certificate Management> Certificates) to use in a Certificate Profile - so the default Cert of MM will not work.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx 

You may need to adjust your nginx confiugration in /etc/nginx/sites-enabled/minemeld-web to replace the ssl specific configuration for minemeld with the newly generated Certificates by Certbot
In my case i had to delete/comment the original lines for ssl_protocols, ssl_prefer_server_ciphers, ssl_cyphers since otherwise nginx will fail to start.

Finally (optional) you can

Enable authentication for all output nodes

sudo -u minemeld sh -c 'echo "FEEDS_AUTH_ENABLED: True" > /opt/minemeld/local/config/api/30-feeds-auth.yml'

Add Tags to feedusers and output nodes for granular access policy


When I install the minemeld I have the rabbitmq issue

Setting up socat ( ...
Setting up rabbitmq-server (3.6.15-1) ...
 * Starting message broker rabbitmq-server                                                                                                   * FAILED - check /var/log/rabbitmq/startup_\{log, _err\}
invoke-rc.d: initscript rabbitmq-server, action "start" failed.
dpkg: error processing package rabbitmq-server (--configure):
 subprocess installed post-installation script returned error exit status 1
Setting up libc-ares2:amd64 (1.10.0-2ubuntu0.2) ...
Setting up p7zip-full (9.20.1~dfsg.1-4+deb7u3build0.14.04.1) ...
dpkg: dependency problems prevent configuration of minemeld:
 minemeld depends on rabbitmq-server; however:
  Package rabbitmq-server is not configured yet.

dpkg: error processing package minemeld (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
                                                                                                          Processing triggers for libc-bin (2.19-0ubuntu6.14) ...
Processing triggers for ureadahead (0.100.0-16) ...
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)

how can I fix this issue? Thanks!


cat /etc/os-release
VERSION="14.04.5 LTS, Trusty Tahr"
PRETTY_NAME="Ubuntu 14.04.5 LTS"


Python: 2.7.14

When I had trouble with rabbitmq not starting, it was because of an incorrect IP address in /etc/hosts:


If that isn't the issue, you should check the rabbitmq logs in /var/log/rabbitmq and see why it is failing. It's what led me to my solution in that thread.

Seems not the NIC configure issue. I havn't change the IP address. Checked /etc/hosts, /etc/network/interfaces both are good.


Crash dump was written to: erl_crash.dump
Kernel pid terminated (application_controller) ({application_start_failure,kernel,{{shutdown,{failed_to_start_child,net_sup,{shutdown,{failed_to_start_child,net_kernel,{'EXIT',nodistribution}}}}},{k

{error_logger,{{2018,11,8},{15,36,3}},"Protocol: ~tp: register/listen error: ~tp~n",["inet_tcp",econnrefused]}
{"Kernel pid terminated",application_controller,"{application_start_failure,kernel,{{shutdown,{failed_to_start_child,net_sup,{shutdown,{failed_to_start_child,net_kernel,{'EXIT',nodistribution}}}}},{kernel,start,[normal,[]]}}}"}

any idea? Thanks!



I resolved the rabbitmq-server issue.

#vi /etc/default/grub

modify GRUB_CMDLINE_LINUX="ipv6_disable=1"  as GRUB_CMDLINE_LINUX=""

# update-grub

and reboot the Ubuntu.

after reboot I can start rabbitmq-server successfully.

But when I reinstall the minemeld

apt-get install -y minemeld rsyslog-minemeld rsyslog-mmnormalize

 I have the following errors:

Setting up minemeld (0.9.11-3build1) ...
Traceback (most recent call last):
  File "/usr/sbin/minemeld-auto-update", line 15, in <module>
    import grp
ImportError: No module named grp

My python version is 2.7.14

How can I install the minemeld 0.9.50 directly? Thanks!


are you installing 14.04, this only works for Ubuntu 14.04.

Linux version 4.4.0-139-generic (buildd@lcy01-amd64-002) (gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu114.04.4) ) #16514.04.1-Ubuntu SMP Wed Oct 31 10:55:11 UTC 2018

Question on versions:


Looks like Minemeld is supported on Ubuntu 14.04.5, which is EOS in April and 16.04 support is only experimental.  What is the plan for MM?

Hi @brunomason,

working on 16.04/18.04 as we speak. We are in beta and should ship soon.

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
6 of 6
Last update:
‎10-28-2019 10:47 AM
Updated by: