You need to recycle Indeed.LS application pool after every change to the configuration file. You can do this in IIS Manager snap-in, or with powershell command 

Restart-WebAppPool Indeed.LS

Indeed Identity Log Server supports:

  • Microsoft SQL Server
  • PostgreSQL, PostgreSQL Pro
  • Syslog server (Plain, CEF, LEEF formats)

Event reading is supported from only one storage (<ReadTargetId>). Event writing is supported in several storages (<WriteTargets>) simultaneously.

Setting up reading and writing events in the DBMS

Microsoft SQL Server

  1. Go to the C:\inetpub\wwwroot\ls\targetConfigs folder, reate a copy of the file sampleDb.config and rename it to mssqlDb.config, then edit the file according to the settings below:
    <Settings> … </Settings>:
    • Data Source - name of the Microsoft SQL Server or named instance of Microsoft SQL Server
    • Initial Catalog - database name (ILS)
    • User ID - service account for working with the database

    • Password - service account password

      <Settings>
	<ConnectionString>Data Source=sql.domain.local; Initial Catalog=ILS; Integrated Security=False; User ID=IPAMSQLServiceOps; Password=Password</ConnectionString>
</Settings>

      If using a named instance of Microsoft SQL Server, the value of the Data Source parameter must be set in the format <server name>\<instance name>.

      <Settings>
	<ConnectionString>Data Source=sql\Named instance; ... </ConnectionString>
</Settings>

  2. In the file C:\inetpub\wwwroot\ls\clientApps.config edit the pam section for work with the mssqlDb.config file:

        <Application Id="pam" SchemaId="Pam.Schema">
      <ReadTargetId>mssqlDb</ReadTargetId>
      <WriteTargets>
        <TargetId>mssqlDb</TargetId>
      </WriteTargets>
      <AccessControl>
        <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
      </AccessControl>
    </Application>

  3. Here, in the Targets section add a new element:

      <Targets>
    ...
    <Target Id="mssqlDb" Type="mssql"/>
  </Targets>

PostgreSQL, PostgreSQL Pro

  1. Go to C:\inetpub\wwwroot\ls\targetConfigs directory, create a copy of the file sampleDb.config rename it to postgresDb.config, then edit the postgresDb.config file similar to the settings for Microsoft SQL Server.
    <Settings> … </Settings>:
    • Host - name of the PostgreSQL, PostgreSQL Pro or named instance of PostgreSQL
    • Database - database name (ILS)
    • Username - service account for working with the database

    • Password - service account password

      <Settings>
	<ConnectionString>Host=sql.domain.local; Database=ILS; Integrated Security=False; Username=IPAMSQL; Password=Password</ConnectionString>
</Settings>

  2. In the C:\inetpub\wwwroot\ls\clientApps.config file edit pam section for work with the postgresDb.config file:

        <Application Id="pam" SchemaId="Pam.Schema">
      <ReadTargetId>postgresDb</ReadTargetId>
      <WriteTargets>
        <TargetId>postgresDb</TargetId>
      </WriteTargets>
      <AccessControl>
        <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
      </AccessControl>
    </Application>

  3. In the Targets section add a new element:

      <Targets>
    ...
    <Target Id="postgresDb" Type="pgsql"/>
  </Targets>

Configuring Event Logging to Syslog

  1. Go to the C:\inetpub\wwwroot\ls\targetConfigs folder, create a copy of the file sampleDb.config and rename it to Syslog.config, then edit thefile according to the settings below:
    <Settings> … </Settings>    :
    • HostName -Syslog server name 
    • Port - Syslog port number 
    • Protocol - Syslog connection type: TCPoverTLS, TCP, UDP
    • Format - logging format: Plain, CEF, LEEF

    • SyslogVersion - select syslog protocol: RFC3164, RFC5424

      <Settings HostName="localhost" Port="5081" Protocol="TCP" Format="CEF" SyslogVersion="RFC3164" />

  2. In the C:\inetpub\wwwroot\ls\clientApps.config file edit pam section for work with the Syslog.config file. Add a new TargetId for the WriteTarget:

        <Application Id="pam" SchemaId="Pam.Schema">
      <ReadTargetId>mssqlDB</ReadTargetId>
      <WriteTargets>
        <TargetId>mssqlDB</TargetId>
        <TargetId>Syslog</TargetId>
      </WriteTargets>
      <AccessControl>
        <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
      </AccessControl>
    </Application>

  3. In the Targets section add a new element:

      <Targets>
    ...
	<Target Id="mssqlDb" Type="mssql"/>
    <Target Id="Syslog" Type="syslog"/>
  </Targets>

Setting up writing events both to the PostgreSQL and Syslog

  1. Go to the C:\inetpub\wwwroot\ls\targetConfigs folder, create files  postgresDb.config, Syslog.config according to the instructions above.

  2. In the C:\inetpub\wwwroot\ls\clientApps.config file edit pam section 

        <Application Id="pam" SchemaId="Pam.Schema">
      <ReadTargetId>postgresDb</ReadTargetId>
      <WriteTargets>
        <TargetId>postgresDb</TargetId>
        <TargetId>Syslog</TargetId>
      </WriteTargets>
      <AccessControl>
        <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
      </AccessControl>
    </Application>

  3. In the Targets section add new strings for postgresDB and Syslog:

      <Targets>
	...
    <Target Id="postgresDb" Type="pgsql"/>
    <Target Id="Syslog" Type="syslog"/>
  </Targets>

  • No labels