Getting Started

Getting Started


Table of Contents

 

1.0 Create an Account

Send an e-mail to sales@securolytics.io requesting a account to be created for you. Provide the following information:

Organization Name,  First Name, Last Name, e-mail address, phone number

You will receive an e-mail with instructions for how to activate your account and access our Cloud Portal.

2.0 Setup log forwarding on your devices

We encourage you engage our Professional Services team prior to starting your implementation.  Our engineers have a decades of expertise supporting enterprise organizations and are here to help. They can help you create an implementation plan or simply provide feedback on your existing plan.

Please contact your account team to schedule your 1-hour Implementation Planning Session.

Syslog

You may forward logs using syslog if it is native to the device

Linux Host Forwarder

System Requirements: CentOS 5 + or Red Hat Enterprise Linux 4 +

Step 1.  Download the forwarder.  The download includes the RPM package for our Log Forwarder and our public certificate.

Step 2. Install Forwarder and certificate

Create a temporary folder.
# mkdir loganalysis-forwarder

 

Move tarball into the temporary folder.

 

# mv loganalysis-forwarder.tar.gz -t loganalysis-forwarder/
# cd  loganalysis-forwarder/

 

Extract tarball.

 

# tar xzf loganalysis-forwarder.tar.gz

 

Install RPM package

 

# rpm -ivh loganalysis-forwarder-0.4.0-1.x86_64.rpm

 

Copy certificate

 

# cp -pr loganalysis_2050.crt /opt/loganalysis-forwarder/

  

Step 3. Configure the Forwarder

Make the following changes (highlighted in red) in the configuration file: /etc/loganalysis-forwarder.conf

 

loganalysis-forwarder.conf

 

{
  # The network section covers network configuration :)
  "network": {
    # A list of downstream servers listening for our messages.
    # loganalysis-forwarder will pick one at random and only switch if
    # the selected one appears to be dead or unresponsive
    "servers": [ "<Secure Cloud Connector Host>:514" ],
    # The path to your client ssl certificate (optional)
    #"ssl certificate": "./loganalysis-forwarder.crt",
    # The path to your client ssl key (optional)
    #"ssl key": "./loganalysis-forwarder.key",
    # The path to your trusted ssl CA file. This is used
    # to authenticate your downstream server.
    "ssl ca": "/opt/loganalysis-forwarder/loganalysis_2050.crt ",
    # Network timeout in seconds. This is most important for
    # loganalysis-forwarder determining whether to stop waiting for an
    # acknowledgement from the downstream server. If an timeout is reached,
    # loganalysis-forwarder will assume the connection or server is bad and
    # will connect to a server chosen at random from the servers list.
    "timeout": 15
  },
  # The list of files configurations
  "files": [
  #{
    # "paths": [
    # "/var/log/messages"
    # ],
    # "fields": { "type": "test" }
    #}
    # An array of hashes. Each hash tells what paths to watch and
    # what fields to annotate on events from those paths.
    #{
      #"paths": [
        # single paths are fine
        #"/var/log/messages",
        # globs are fine too, they will be periodically evaluated
        # to see if any new files match the wildcard.
        #"/var/log/*.log"
      #],
      # A dictionary of fields to annotate on each event.
      #"fields": { "type": "syslog" }
    #}, {
      # A path of "-" means stdin.
      #"paths": [ "-" ],
      #"fields": { "type": "stdin" }
    #}, {
      #"paths": [
        #"/var/log/apache/httpd-*.log"
      #],
      #"fields": { "type": "apache" }
    #}
  ]
}

 

Step 4. Start the Forwarder

From the command line, enter the following:

 

# /etc/init.d/loganalysis-forwarder start
# chkconfig --add loganalysis-forwarder

 

Windows Host Forwarder

System Requirements: Microsoft Windows Server 2003 or higher

 

Step 1: Download & Run the installation.

Install the forwarder by clicking on the EXE file.

 

Step 2: Installation

The only interaction required during the install are the Keys requested during the install process.  The Keys will be provided prior to the installation by your sales team.

 

Step 3: Verification

After installation two services will be running on the server.  Verify “AD-ExpressForwarder” and “ExpressForwarder” are registered and running.



3.0 Add Data Source

Log into Cloud Portal and click on Collect

 

 Click on ADD DATA SOURCE

 

Enter required information into the Add New Data Source configuration and click Save.

Instructions for each field are provided below.

.

Name: Enter the name of the device that logs are being sent from

(i.e. Firewall 1, Active Directory)

Forwarder: Select the type of log forwarder used on the device

Data Type: Select data type for the logs to be forwarded

Application: Select the applicable application logs are from

Format:  Select the desired format. There may be only one option depending on Data Type and Application selected

Fields: This will be populated automatically depending on Format selected. Do not enter anything to this field manually

Delimiter: This will be populated automatically depending on Format selected. Do not enter anything to this field manually

Source IP Address:  Enter the public IP address of the device sending logs

Protocol:  Select the applicable protocol used by the Forwarder

Destination Port: Enter the destination port used by the Forwarder.  You may need to get this from Support.

Timezone:  ETC/UTC is selected by default.  Do not change without consulting with Support

Token:  This is will be generated automatically after new data source is saved

Index Name:

4.0  Verify Log Collection

Wait 5 minutes and refresh screen by clicking on Collect.  You should see the data sources and number of logged transactions that have been collected. 

Single-click on the Transactions number for the data source. 

This will display the collected log timeline and raw logs below the timeline. 

 

 The timeline can be expanded or reduced using the slider above the timeline.