The Indeed Log Server component allows recording events from all Indeed Certificate Manager servers in a Unified Windows Event Log, Microsoft SQL Database, PostgreSQL or Syslog.

The component is can be installed on one of Indeed CM servers or on a separate workstation (in the domain or outside it). The system requirements for installing the component are the same as the Indeed CM server.

Installation Indeed Log Server

  1. Sign in to the workstation as a local administrator.

  2. Install the Indeed Log Server by running Indeed.LogServer-x64.msi installer (located in the Indeed.Log.Server directory).

  3. Copy the following files from Indeed.Log.Server directory: 
    • To the C:\inetpub\wwwroot\ls directory — cmSchema.config.
    • To the C:\inetpub\wwwroot\ls\targetConfigs directory — cmEventLogTarget.configcmMsSqlTarget.config, cmPgSqlTarget.config and cmSysLogTarget.config.

Indeed Log Server works with one Read storage (<ReadTargetId>) and with multiple Write storages (<WriteTargets>).


IIS role restart is required to apply changes in configuration files.

Configuring reading and writing events to the Windows event log

  1. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) as follows:

    • In the Application section, add:

      <Application Id="cm" SchemaId="cmSchema">
	<ReadTargetId>cmEventLogTarget</ReadTargetId>
    <WriteTargets>
       	<TargetId>cmEventLogTarget</TargetId>
    </WriteTargets>
	<AccessControl>
		<!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
	</AccessControl>
</Application>


    • In the Targets section add a new element:

      <Targets>
    <Target Id="cmEventLogTarget" Type="eventlog"/>
</Targets>


  2. Save the changes and close the configuration file.

Configuring event reading and writing in MS SQL

The database for storing Indeed Log Server data must be created manually, and is filling automatically.

  1. Create a database with an arbitrary name in the SQL Management Studio environment:
    • In the Object Explorer right-click the Databases tab.
    • Select New database... item from the context menu.
    • Specify the Database name: , e.g., LogServer.

    • In the Owner: field define the owner of the database being created.

      Create a new account (say, servicesql) or use any internal SQL account or Active Directory account (e.g., service account to be used with Indeed CM: servicecm). After the database is created, this account would possess db_owner, public privileges and shall be used by the system to perform read/write operations from/to the database.


    • Save the created database by clicking ОК.


  2. Edit the cmMsSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmMsSqlTarget.config) according to the settings below:
    <Settings> … </Settings>:
    • Data Source - this defines the server instance. The parameter is mandatory for all connections. Admissible values are: network name or server IP address, local or localhost for local connections
    • Database - database name (ILS)
    • User Id - the service account name to connect to the database

    • Password - service account password

      <Settings>
	<ConnectionString>Data Source=MSSQL\SQLEXPRESS;Database=LogServer;User Id=servicesql;Password=P@ssw0rd</ConnectionString>
</Settings>


  3. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to working with cmMsSqlTarget.config as follows:

    • In the Application section, add:

      <Application Id="cm" SchemaId="cmSchema">
	<ReadTargetId>cmMsSqlTarget</ReadTargetId>
    <WriteTargets>
       	<TargetId>cmMsSqlTarget</TargetId>
    </WriteTargets>
	<AccessControl>
		<!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
	</AccessControl>
</Application>


    • In the Targets section add a new element:

      <Targets>
    <Target Id="cmMsSqlTarget" Type="mssql"/>
</Targets>


  4. Save the changes and close the configuration file.

Configuring event reading and writing in PostgreSQL

The database for storing Indeed Log Server data must be created manually, and is filling automatically.

  1. Create the database in PostgreSQL (for example, via pgAdmin):
    • In Browser section right-click on the Databases menu item, select Create Database...
    • Enter database name (for example, LogServer) in the Database field on General tab. Select the service account (for example, servicepg) in the Owner list which will be used to connect to the database, then click Save.

  2. Grant privileges to service account on database tables:
    • Select created database and open the Query Tool (by clicking on  button or by pressing ALT+SHIFT+Q).

    • Enter the text of the request, specifying the account name in it:

      GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "service account without quotes";


    • Select Execute/Refreshin Query Tool to grant privileges.

  3. By default PostgreSQL allows localhost connections only, so there is changes in configuration are required to grant access from other host:

    • Open the pg_hba.conf in PostgreSQL directory.

      For Windows — C:\Program Files\PostgreSQL\<version number>\data

      For *nix — /etc/postgresql/<version number>/main


    • Add a line with the following format:

      CONNECTIONTYPE DATABASE USER ADDRESS METHOD

      Where:

      • CONNECTIONTYPE -  Specify local or TCP/IP connection type. If "host" specified, TCP/IP connection will be used.
      • DATABASE - Name of the database ("ALL" to allow connections to all databases).
      • USER - Database user account ("ALL" to allow connections from all accounts).
      • ADDRESS - Range of IP-addresses/IP-address/Hostname of the Indeed Certificate Manager server ("0.0.0.0/0" to allow connections from any IP-address).

      • METHOD - User account authentication method (for example, "md5", "scram-sha-256" to use password-based authentication in a secure way).

        host LogServer servicepg 192.200.1.0 md5
host ALL servicepg 10.0.0.0/8 md5
host ALL ALL 0.0.0.0/0 scram-sha-256


  4. Edit the cmPgSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmPgSqlTarget.config) according to the settings below:
    <Settings> … </Settings>:
    • Host - Name or IP-address of the PostgreSQL server.
    • Port - The TCP port that PostgreSQL server listens on (5432 by default).
    • Database - Database name created in step 1.
    • Username - Service account with access to the database.

    • Password - Service account password.

      <Settings>
  <ConnectionString>Host=SRV-POSTGRESQL;Port=5432;Database=LogServer;Username=servicepg;Password=P@ssw0rd</ConnectionString>
</Settings>


  5. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to working with cmPgSqlTarget.config as follows:

    • In the Application section, add:

      <Application Id="cm" SchemaId="cmSchema">
    <ReadTargetId>cmPgSqlTarget</ReadTargetId>
             
    <WriteTargets>
        <TargetId>cmPgSqlTarget</TargetId>
    </WriteTargets>
 
    <AccessControl>
        <!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> -->
    </AccessControl>
</Application>


    • In the Targets section add a new element:

      <Targets>
	<Target Id="cmPgSqlTarget" Type="pgsql"/>
</Targets>


Configuring event writing in Syslog

Indeed Log Server supports only event writing to Syslog (<WriteTargets>) due to restrictions of Syslog protocol. Example below complements configuration from PostgreSQL case.

  1. Edit the cmSysLogarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\cmSysLogTarget.config) according to the settings below:
    <Settings> … </Settings>:
    • HostName - Name or IP-address of the Syslog server.
    • Port - Specify port that Syslog server listens on (514 by default).

    • Protocol - Connection type to the Syslog server: UDP, TCP, TCPoverTLS.

    • Format - Optional, specify logs format: Plain, CEF, LEEF.

    • SyslogVersion - Optional, specify protocol of the Syslog: RFC3164, RFC5424.

      <Settings HostName="SRV-SYSLOG" Port="514" Protocol="udp"/>


  2. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to work with cmSysLogTarget.config as follows:

    • In the Application section, add:

      <Applications>
	<Application Id="cm" SchemaId="cmSchema">
		<ReadTargetId>cmPgSqlTarget</ReadTargetId>
			
		<WriteTargets>
			<TargetId>cmPgSqlTarget</TargetId>
			<TargetId>cmSysLogTarget</TargetId>
		</WriteTargets>

		<AccessControl>
			<!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> -->
		</AccessControl>
	</Application> 
</Applications>


    • In the Targets section add a new element:

      <Targets>
	<Target Id="cmPgSqlTarget" Type="pgsql"/>
	<Target Id="cmSysLogTarget" Type="syslog"/>
</Targets>