Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Indeed Log Server component allows recording events from all Indeed Certificate Manager servers in a Unified Windows Event Log or Microsoft SQL Database.

Info

The component is installed on one of Indeed CM servers or on a separate workstation (in the domain or outside it). The system requirements for installing the component are the same as the Indeed CM server.

Installation Indeed Log Server

  1. Sign in to the workstation as a local administrator.
  2. Install the Indeed Log Server by running Indeed.LogServer-x64.msi installer (located in the Indeed.Log.Server directory). 
  3. Сopy the cmSchema.config file from the Copy the following files from Indeed.Log.Server directory
    • File cmSchema.config to the C:\inetpub\wwwroot\ls directory.Copy the
    • Files cmEventLogTarget.config and cmSqlTargetcmMsSqlTarget.config files from the Indeed.Log.Server\targetConfigs directory to the , cmPgSqlTarget.config and cmSysLogTarget.config — to the  C:\inetpub\wwwroot\ls\targetConfigs targetConfigs directory.
Note

Indeed Log Server works with one Read storage (<ReadTargetId>) and with multiple Write storages (<WriteTargets>).


Warning

IIS role restart is required to apply changes in configuration files.

Configuring reading and writing events to the Windows event log

  1. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) as follows:

    • In the Application section, add:

      Code Block
      languagexml
      firstline35
      <Application Id="cm" SchemaId="cmSchema">
      	<ReadTargetId>cmEventLogTarget</ReadTargetId>
          <WriteTargets>
             	<TargetId>cmEventLogTarget</TargetId>
          </WriteTargets>
      	<AccessControl>
      		<!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
      	</AccessControl>
      </Application>


    • In the Targets section add a new element:

      Code Block
      languagexml
      <Targets>
          ...
          <Target Id="cmEventLogTarget" Type="eventlog"/>
      </Targets>


  2. Save the changes and close the configuration file.

Configuring event reading and writing in MS SQL

The database for storing Indeed Log Server data is created manually, and it is filled automatically.

  1. Create a database with an arbitrary name in the SQL Management Studio environment:
    • In the Object Explorer right-click the Databases tab.
    • Select New database... item from the context menu.
    • Specify the Database name: , e.g., LogServer.
    • In the Owner: field, define the owner of the database being created.

      Info

      Create a new account (say, servicesql) or use any internal SQL account or Active Directory account (e.g., service account to be used with Indeed CM: servicecm). After the database is created, this account would possess db_owner, public privileges and shall be used by the system to perform read/write operations from/to the database.


    • Save the created database by clicking ОК.

      Scroll Pagebreak

      Image Modified

  2. Edit the cmSqlTargetcmMsSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmSqlTargetcmMsSqlTarget.config) according to the settings below:
    <Settings> … </Settings>:
    • Data Source - this defines the server instance. The parameter is mandatory for all connections. Admissible values are: network name or server IP address, local or  localhost for local connections
    • Database - database name (ILS)
    • User Id - the service account name to connect to the database
    • Password - service account password

      Code Block
      languagexml
      <Settings>
      	<ConnectionString>Data Source=DCMSSQL\SQLEXPRESS;Database=LogServer;User Id=servicesql;Password=P@ssw0rd</ConnectionString>
      </Settings>


  3. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to working with cmSqlTargetcmMsSqlTarget.config as follows:

    • In the Application section, add:

      Code Block
      languagexml
      <Application Id="cm" SchemaId="cmSchema">
      	<ReadTargetId>cmSqlTarget<<ReadTargetId>cmMsSqlTarget</ReadTargetId>
          <WriteTargets>
             	<TargetId>cmSqlTarget<<TargetId>cmMsSqlTarget</TargetId>
          </WriteTargets>
      	<AccessControl>
      		<!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
      	</AccessControl>
      </Application> 


    • In the Targets section add a new element:

      Code Block
      languagexml
      <Targets>
          <Target Id="cmMsSqlTarget" Type="mssql"/>
      </Targets> 


  4. Save the changes and close the configuration file.

Configuring event reading and writing in PostgreSQL

The database for storing Indeed Log Server data is created manually, and it is filled automatically.

  1. Create the database in PostgreSQL (for example, via pgAdmin):
    • In Browser section right-click on the Databases menu item, select Create Database...
      <SCREENSHOT>
    • Enter database name, for example LogServer,in the Name field on General tab. Select the service account (for example, servicepg) in the Owner list which will be used to connect to the database, then click Save.
      <SCREENSHOT>
  2. Grant privileges to service account on database tables:
    • Select created database and go to the Query Tool (by clicking on <SCREENSHOT> button or by pressing ALT+SHIFT+Q).
    • Enter the text of the request, specifying the account name in it:

      Code Block
      languagesql
      GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "service account without quotes";


    • Select Execute/Refresh in Query Tool to grant privileges.
      <SCREENSHOT>
  3. By default PostgreSQL allows only localhost connections, so there is changes in configuration are required to grant access from other host:

    • Open the pg_hba.conf in PostgreSQL directory.

      Info
      titlePg_hba.conf file location:

      For Windows — C:\Program Files\PostgreSQL\<version number>\data

      For *nix — /etc/postgresql/<version number>/main


    • Add a line with the following format:

      Code Block
      CONNECTIONTYPE DATABASE USER ADDRESS METHOD

      Where:

      • CONNECTIONTYPE -  Connection type. "host" specified, TCP/IP connection will be used.
      • DATABASE - Name of the database (ALL to permit connections to all databases).
      • USER - Database user account (ALL to permit connections from all accounts).
      • ADDRESS - IP-address of the Indeed Certificate Manager server (0.0.0.0/0 to permit connections from any IP-address).
      • METHOD - User account authentication method (for example, md5, scram-sha-256).

        Code Block
        titleExamples:
        host LogServer servicepg 192.200.1.0/24 md5
        host ALL servicepg 10.0.0.0/8 md5
        host ALL ALL 0.0.0.0/0 scram-sha-256


  4. Edit the cmPgSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmPgSqlTarget.config) according to the settings below:
    <Settings> … </Settings>:
    • Host - Name of the PostgreSQL server.
    • Port - The TCP port that PostgreSQL server listens on (5432 by default).
    • Database - Database name created in step 1.
    • Username - Service account with access to the database.
    • Password - Service account password.

      Code Block
      languagexml
      <Settings>
        <ConnectionString>Host=SRV-POSTGRESQL;Port=5432;Database=LogServer;Username=servicepg;Password=P@ssw0rd</ConnectionString>
      </Settings>


  5. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to working with cmPgSqlTarget.config as follows:

    • In the Application section, add:
Code Block
languagexml
<Application Id="cm" SchemaId="cmSchema">
    <ReadTargetId>cmPgSqlTarget</ReadTargetId>
             
    <WriteTargets>
        <TargetId>cmPgSqlTarget</TargetId>
    </WriteTargets>
 
    <AccessControl>
        <!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> -->
    </AccessControl>
</Application>
    • In the Targets section add a new element:
Code Block
languagexml
<Targets>
    <Target Id="
cmSqlTarget
cmPgSqlTarget" Type="
mssql
pgsql"/>
</Targets>

Configuring event writing in Syslog

Note

Indeed Log Server supports only event writing to Syslog (<WriteTargets>) due to restrictions of Syslog protocol. Example below complements configuration from PostgreSQL case.

  1. Edit the cmSysLogarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmSysLogTarget.config) according to the settings below:
    <Settings> … </Settings>:
    • HostName - Name or IP-address of the Syslog server.
    • Port - Specify port that Syslog server listens on (514 by default).
    • Protocol - connection type to the Syslog server: UDP, TCP, TCPoverTLS.

    • Format - optional, specify logs format: Plain, CEF, LEEF.
    • SyslogVersion - optional, specify protocol of the Syslog: RFC3164, RFC5424.

      Code Block
      languagexml
      <Settings HostName="SRV-SYSLOG" Port="514" 
    Save the changes and close the configuration file.
    • Protocol="udp"/>


  2. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to work with cmSysLogTarget.config as follows:
    • In the Application section, add:
Code Block
languagexml
<Applications>
	<Application Id="cm" SchemaId="cmSchema">
		<ReadTargetId>cmPgSqlTarget</ReadTargetId>
			
		<WriteTargets>
			<TargetId>cmPgSqlTarget</TargetId>
			<TargetId>cmSysLogTarget</TargetId>
		</WriteTargets>

		<AccessControl>
			<!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> -->
		</AccessControl>
	</Application> 
</Applications>
    • In the Targets section add a new element:
Code Block
languagexml
<Targets>
	<Target Id="cmPgSqlTarget" Type="pgsql"/>
	<Target Id="cmSysLogTarget" Type="syslog"/>
</Targets>



Attachments
previewfalse
uploadfalse
oldfalse
patterns*.config
sortByname


Divbox
styleposition: fixed;

Table of Contents
printablefalse