Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
The Indeed Log Server component allows recording events from all Indeed Certificate Manager servers in a Unified Windows Event Log or Microsoft SQL Database.
Info |
---|
The component is installed on one of Indeed CM servers or on a separate workstation (in the domain or outside it). The system requirements for installing the component are the same as the Indeed CM server. |
Installation Indeed Log Server
- Sign in to the workstation as a local administrator.
- Install the Indeed Log Server by running Indeed.LogServer-x64.msi installer (located in the Indeed.Log.Server directory).
- Сopy the cmSchema.config file from the Copy the following files from Indeed.Log.Server directory:
- File cmSchema.config — to the C:\inetpub\wwwroot\ls directory.Copy the
- Files cmEventLogTarget.config and cmSqlTarget, cmMsSqlTarget.config files from the Indeed.Log.Server\targetConfigs directory to the , cmPgSqlTarget.config and cmSysLogTarget.config — to the C:\inetpub\wwwroot\ls\targetConfigs targetConfigs directory.
Note |
---|
Indeed Log Server works with one Read storage (<ReadTargetId>) and with multiple Write storages (<WriteTargets>). |
Warning |
---|
IIS role restart is required to apply changes in configuration files. |
Configuring reading and writing events to the Windows event log
Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) as follows:
In the Application section, add:
Code Block language xml firstline 35 <Application Id="cm" SchemaId="cmSchema"> <ReadTargetId>cmEventLogTarget</ReadTargetId> <WriteTargets> <TargetId>cmEventLogTarget</TargetId> </WriteTargets> <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>
In the Targets section add a new element:
Code Block language xml <Targets> ... <Target Id="cmEventLogTarget" Type="eventlog"/> </Targets>
- Save the changes and close the configuration file.
Configuring event reading and writing in MS SQL
The database for storing Indeed Log Server data is created manually, and it is filled automatically.
- Create a database with an arbitrary name in the SQL Management Studio environment:
- In the Object Explorer right-click the Databases tab.
- Select New database... item from the context menu.
- Specify the Database name: , e.g., LogServer.
In the Owner: field, define the owner of the database being created.
Info Create a new account (say, servicesql) or use any internal SQL account or Active Directory account (e.g., service account to be used with Indeed CM: servicecm). After the database is created, this account would possess db_owner, public privileges and shall be used by the system to perform read/write operations from/to the database.
Save the created database by clicking ОК.
Scroll Pagebreak
Image Modified
- Edit the cmSqlTargetcmMsSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmSqlTargetcmMsSqlTarget.config) according to the settings below:
<Settings> … </Settings>:- Data Source - this defines the server instance. The parameter is mandatory for all connections. Admissible values are: network name or server IP address, local or localhost for local connections
- Database - database name (ILS)
- User Id - the service account name to connect to the database
Password - service account password
Code Block language xml <Settings> <ConnectionString>Data Source=DCMSSQL\SQLEXPRESS;Database=LogServer;User Id=servicesql;Password=P@ssw0rd</ConnectionString> </Settings>
Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to working with cmSqlTargetcmMsSqlTarget.config as follows:
In the Application section, add:
Code Block language xml <Application Id="cm" SchemaId="cmSchema"> <ReadTargetId>cmSqlTarget<<ReadTargetId>cmMsSqlTarget</ReadTargetId> <WriteTargets> <TargetId>cmSqlTarget<<TargetId>cmMsSqlTarget</TargetId> </WriteTargets> <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>
In the Targets section add a new element:
Code Block language xml <Targets> <Target Id="cmMsSqlTarget" Type="mssql"/> </Targets>
- Save the changes and close the configuration file.
Configuring event reading and writing in PostgreSQL
The database for storing Indeed Log Server data is created manually, and it is filled automatically.
- Create the database in PostgreSQL (for example, via pgAdmin):
- In Browser section right-click on the Databases menu item, select Create > Database...
<SCREENSHOT> - Enter database name, for example LogServer,in the Name field on General tab. Select the service account (for example, servicepg) in the Owner list which will be used to connect to the database, then click Save.
<SCREENSHOT>
- In Browser section right-click on the Databases menu item, select Create > Database...
- Grant privileges to service account on database tables:
- Select created database and go to the Query Tool (by clicking on <SCREENSHOT> button or by pressing ALT+SHIFT+Q).
Enter the text of the request, specifying the account name in it:
Code Block language sql GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "service account without quotes";
- Select Execute/Refresh in Query Tool to grant privileges.
<SCREENSHOT>
By default PostgreSQL allows only localhost connections, so there is changes in configuration are required to grant access from other host:
Open the pg_hba.conf in PostgreSQL directory.
Info title Pg_hba.conf file location: For Windows —
C:\Program Files\PostgreSQL\<version number>\data
For *nix —
/etc/postgresql/<version number>/main
Add a line with the following format:
Code Block CONNECTIONTYPE DATABASE USER ADDRESS METHOD
Where:
- CONNECTIONTYPE - Connection type. "host" specified, TCP/IP connection will be used.
- DATABASE - Name of the database (ALL to permit connections to all databases).
- USER - Database user account (ALL to permit connections from all accounts).
- ADDRESS - IP-address of the Indeed Certificate Manager server (0.0.0.0/0 to permit connections from any IP-address).
METHOD - User account authentication method (for example, md5, scram-sha-256).
Code Block title Examples: host LogServer servicepg 192.200.1.0/24 md5 host ALL servicepg 10.0.0.0/8 md5 host ALL ALL 0.0.0.0/0 scram-sha-256
- Edit the cmPgSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmPgSqlTarget.config) according to the settings below:
<Settings> … </Settings>:- Host - Name of the PostgreSQL server.
- Port - The TCP port that PostgreSQL server listens on (5432 by default).
- Database - Database name created in step 1.
- Username - Service account with access to the database.
Password - Service account password.
Code Block language xml <Settings> <ConnectionString>Host=SRV-POSTGRESQL;Port=5432;Database=LogServer;Username=servicepg;Password=P@ssw0rd</ConnectionString> </Settings>
Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to working with cmPgSqlTarget.config as follows:
- In the Application section, add:
Code Block | ||
---|---|---|
| ||
<Application Id="cm" SchemaId="cmSchema"> <ReadTargetId>cmPgSqlTarget</ReadTargetId> <WriteTargets> <TargetId>cmPgSqlTarget</TargetId> </WriteTargets> <AccessControl> <!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> --> </AccessControl> </Application> |
- In the Targets section add a new element:
Code Block | ||
---|---|---|
| ||
<Targets> <Target Id=" |
cmPgSqlTarget" Type=" |
pgsql"/> </Targets> |
Configuring event writing in Syslog
Note |
---|
Indeed Log Server supports only event writing to Syslog (<WriteTargets>) due to restrictions of Syslog protocol. Example below complements configuration from PostgreSQL case. |
- Edit the cmSysLogarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmSysLogTarget.config) according to the settings below:
<Settings> … </Settings>:- HostName - Name or IP-address of the Syslog server.
- Port - Specify port that Syslog server listens on (514 by default).
Protocol - connection type to the Syslog server: UDP, TCP, TCPoverTLS.
- Format - optional, specify logs format: Plain, CEF, LEEF.
SyslogVersion - optional, specify protocol of the Syslog: RFC3164, RFC5424.
Code Block language xml <Settings HostName="SRV-SYSLOG" Port="514"
Protocol="udp"/>
- Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to work with cmSysLogTarget.config as follows:
- In the Application section, add:
Code Block | ||
---|---|---|
| ||
<Applications>
<Application Id="cm" SchemaId="cmSchema">
<ReadTargetId>cmPgSqlTarget</ReadTargetId>
<WriteTargets>
<TargetId>cmPgSqlTarget</TargetId>
<TargetId>cmSysLogTarget</TargetId>
</WriteTargets>
<AccessControl>
<!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> -->
</AccessControl>
</Application>
</Applications> |
- In the Targets section add a new element:
Code Block | ||
---|---|---|
| ||
<Targets>
<Target Id="cmPgSqlTarget" Type="pgsql"/>
<Target Id="cmSysLogTarget" Type="syslog"/>
</Targets> |
Attachments | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Divbox | ||||
---|---|---|---|---|
| ||||
|