Securolytics
            Solutions Securolytics Log Management Getting Started

            Getting Started


            Table of Contents

             

            1.0 Create an Account

            Send an e-mail to sales@securolytics.io requesting a account to be created for you. Provide the following information:

            Organization Name,  First Name, Last Name, e-mail address, phone number

            You will receive an e-mail with instructions for how to activate your account and access our Cloud Portal.

            2.0 Setup log forwarding on your devices

            We encourage you engage our Professional Services team prior to starting your implementation.  Our engineers have a decades of expertise supporting enterprise organizations and are here to help. They can help you create an implementation plan or simply provide feedback on your existing plan.

            Please contact your account team to schedule your 1-hour Implementation Planning Session.

            Syslog

            You may forward logs using syslog if it is native to the device

            Linux Host Forwarder

            System Requirements: CentOS 5 + or Red Hat Enterprise Linux 4 +

            Step 1.  Download the forwarder.  The download includes the RPM package for our Log Forwarder and our public certificate.

            Step 2. Install Forwarder and certificate

            Create a temporary folder.
            # mkdir loganalysis-forwarder

             

            Move tarball into the temporary folder.

             

            # mv loganalysis-forwarder.tar.gz -t loganalysis-forwarder/
            # cd  loganalysis-forwarder/

             

            Extract tarball.

             

            # tar xzf loganalysis-forwarder.tar.gz

             

            Install RPM package

             

            # rpm -ivh loganalysis-forwarder-0.4.0-1.x86_64.rpm

             

            Copy certificate

             

            # cp -pr loganalysis_2050.crt /opt/loganalysis-forwarder/

              

            Step 3. Configure the Forwarder

            Make the following changes (highlighted in red) in the configuration file: /etc/loganalysis-forwarder.conf

             

            loganalysis-forwarder.conf

             

            {
              # The network section covers network configuration :)
              "network": {
                # A list of downstream servers listening for our messages.
                # loganalysis-forwarder will pick one at random and only switch if
                # the selected one appears to be dead or unresponsive
                "servers": [ "<Secure Cloud Connector Host>:514" ],
                # The path to your client ssl certificate (optional)
                #"ssl certificate": "./loganalysis-forwarder.crt",
                # The path to your client ssl key (optional)
                #"ssl key": "./loganalysis-forwarder.key",
                # The path to your trusted ssl CA file. This is used
                # to authenticate your downstream server.
                "ssl ca": "/opt/loganalysis-forwarder/loganalysis_2050.crt ",
                # Network timeout in seconds. This is most important for
                # loganalysis-forwarder determining whether to stop waiting for an
                # acknowledgement from the downstream server. If an timeout is reached,
                # loganalysis-forwarder will assume the connection or server is bad and
                # will connect to a server chosen at random from the servers list.
                "timeout": 15
              },
              # The list of files configurations
              "files": [
              #{
                # "paths": [
                # "/var/log/messages"
                # ],
                # "fields": { "type": "test" }
                #}
                # An array of hashes. Each hash tells what paths to watch and
                # what fields to annotate on events from those paths.
                #{
                  #"paths": [
                    # single paths are fine
                    #"/var/log/messages",
                    # globs are fine too, they will be periodically evaluated
                    # to see if any new files match the wildcard.
                    #"/var/log/*.log"
                  #],
                  # A dictionary of fields to annotate on each event.
                  #"fields": { "type": "syslog" }
                #}, {
                  # A path of "-" means stdin.
                  #"paths": [ "-" ],
                  #"fields": { "type": "stdin" }
                #}, {
                  #"paths": [
                    #"/var/log/apache/httpd-*.log"
                  #],
                  #"fields": { "type": "apache" }
                #}
              ]
            }

             

            Step 4. Start the Forwarder

            From the command line, enter the following:

             

            # /etc/init.d/loganalysis-forwarder start
            # chkconfig --add loganalysis-forwarder

             

            Windows Host Forwarder

            System Requirements: Microsoft Windows Server 2003 or higher

             

            Step 1: Download & Run the installation.

            Install the forwarder by clicking on the EXE file.

             

            Step 2: Installation

            The only interaction required during the install are the Keys requested during the install process.  The Keys will be provided prior to the installation by your sales team.

             

            Step 3: Verification

            After installation two services will be running on the server.  Verify “AD-ExpressForwarder” and “ExpressForwarder” are registered and running.



            3.0 Add Data Source

            Log into Cloud Portal and click on Collect

             

             Click on ADD DATA SOURCE

             

            Enter required information into the Add New Data Source configuration and click Save.

            Instructions for each field are provided below.

            .

            Name: Enter the name of the device that logs are being sent from

            (i.e. Firewall 1, Active Directory)

            Forwarder: Select the type of log forwarder used on the device

            Data Type: Select data type for the logs to be forwarded

            Application: Select the applicable application logs are from

            Format:  Select the desired format. There may be only one option depending on Data Type and Application selected

            Fields: This will be populated automatically depending on Format selected. Do not enter anything to this field manually

            Delimiter: This will be populated automatically depending on Format selected. Do not enter anything to this field manually

            Source IP Address:  Enter the public IP address of the device sending logs

            Protocol:  Select the applicable protocol used by the Forwarder

            Destination Port: Enter the destination port used by the Forwarder.  You may need to get this from Support.

            Timezone:  ETC/UTC is selected by default.  Do not change without consulting with Support

            Token:  This is will be generated automatically after new data source is saved

            Index Name:

            4.0  Verify Log Collection

            Wait 5 minutes and refresh screen by clicking on Collect.  You should see the data sources and number of logged transactions that have been collected. 

            Single-click on the Transactions number for the data source. 

            This will display the collected log timeline and raw logs below the timeline. 

             

             The timeline can be expanded or reduced using the slider above the timeline.

             

               

             

            Updated: 16 Apr 2019 09:55 AM
            Helpful?  
            Help us to make this article better
            0 0