- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- How to regenerate certificates for Site Collector Core
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Set up a VM Using OVA File
An Open Virtual Appliance (OVA) file is used for packaging and sharing virtual machines (VMs), and for facilitating quick distribution and deployment of virtual environments across various virtualization platforms. For the Site Collectors service, you can import the OVA file into your preferred hypervisor such as VMWare, GCP, and AWS to quickly generate a VM that meets all the installation requirements. Alternatively, you may choose to create a VM with specific hardware and software requirements manually which requires comparatively more time. Importing an OVA file simplifies and speeds up the VM set up process and minimizes errors.
The OVA for Site Collectors supports VMWare, GCP, and AWS hypervisors. Refer to the following sections:
Note
If you want to set up a VM manually, refer to Set up GCP VM for Site Collector Installation, Set up AWS VM for Site Collector Installation, and Set up Azure VM for Site Collector Installation.
Use the OVA file to Set up a VM on VMware for Site Collector Installation
Complete the Requirements to Install Site Collector on a VMware VM
Ensure that you complete the following requirements.
Storage |
|
CPU |
|
Memory | 16GB minimum(reserved) |
Network | Egress access to public internet access |
Note
For VMWare hypervisor, OVA supports only ESXi8 or later.
Import OVA into the VMware Hypervisor
To import the OVA file into the VMware hypervisor, perform the following steps.
Download the latest OVA file to set up a VM. Use the following links to import the OVA file for setting up your VM for Site Collector installation:
Log in to the VMware ESXi hypervisor.
Right click Virtual Machine, then click Create/Register VM.
Click Deploy a virtual machine from OVF or OVA file, then click Next.
Specify a name for your VM, upload your OVA file, then click Next.
In the Select Storage section, click the preferred storage option not similar to that of ESX host a VMWare hypervisor.
Update the deployment options as follows.
Network mappings – Configure the network to appropriate network adapter.
Disk provisioning – Click Thick.
Power on automatically – Clear the check box.
Verify the details and click Finish.
Wait until the VM import process completes. The progress is displayed at the bottom of the page.
After the VM is imported, to configure the CPU and clock speed reservation, select the imported VM and click Edit.
After importing the VM, configuring CPU and clock speed helps you to ensure higher performance of the VM.
For example, if your host machine has 3.4Ghz CPU, add 4 CPU and 13.6Ghz(4x3.4Ghz) clock speed. If your host machine has 2.4Ghz CPU, add 5 CPU and 12Ghz(5x2.4Ghz) clock speed.
Expand the Memory section, and select Reserve all guest memory (All locked).
(For RHEL operating system only) Add private IP with hostname to /etc/hosts.
Proceed to configure the VMware host network.
Configure the VMware Host Network
After you import the OVA file, configure the VMware host network settings. Refer to the following information about the VMware Host Network configuration. Network configurations may vary for each organization.
To run the network interface card (NIC), refer to the following steps.
To verify whether any NIC is running already, use the command
ip a
.Refer to the network interfaces that are not named as
docker0
orlo
.If the state of the network interface is not
UP
, use the commandifconfig
to bring the network interface up.ip link set dev <interface> up ex. ip link set dev ens160 up
Verify if the interface is UP by using the command
ip a
and acquires an IP address.
Obtain a private IP address.
If DHCP is not available, an IP address is not automatically assigned to the VM. Contact your network administrator to get a static IP address for the VM.
Run the command
hostname -I
. It must display an IP address in addition to 172.17.0.1 and 127.0.0.1.If this command does not display an output that shows IP address in addition to 172.17.0.1, you can set up the VM with a static IP or Dynamic Host Configuration Protocol (DHCP).
For more information about configuring the networks, refer to Configuring networks for Ubuntu in the Ubuntu documentation or Configuring and managing networking Red Hat Enterprise Linux 8 in the Red Hat documentation.
Connect local host name to docker.
sudo docker run -it --network host busybox ping ngsc
Refer to the following screenshot that displays successful configuration.
Refer to the following screenshot that displays failed configuration.
It the network is not set up for public internet access to pull busybox image, proceed to Site Collector installation and check if installation completes.
The Pull busybox image command uses Docker to create and run a BusyBox container on the host's network, then uses the ping command within that container for testing the network connectivity to a host named ngsc.
Import OVA into the GCP Hypervisor
Use the following steps to import OVA file into the GCP hypervisor. For more information see Import an OVA Files in the GCP documentation.
Download the latest OVA file to set up a VM. Use the following links to import the OVA file for setting up your VM for Site Collector installation.
Install the Google Cloud CLI.
Log in to the Google Cloud CLI (gcloud cli) using the command
gcloud auth login
.Create a GCS bucket.
Upload the OVA file to the GCS bucket that you created.
Edit and execute the following commands to import the OVA to generate a VM instance.
Use the following command for the Ubuntu operating system.
gcloud compute instances import ngsc-ubuntu --source-uri=gs://<location-to-bucket-ova> --os=ubuntu-2004
Use the following command for the RHEL operating system.
gcloud compute instances import ngsc-rhel9 --source-uri=gs://<location-to-bucket-ova> --os=rhel-9 --timeout="6h"
For RHEL, add a private IP with hostname to
/etc/hosts
.
Import OVA into the AWS Hypervisor
Use the following steps to import OVA file into the AWS hypervisor. For more information see Import an OVA Files in the AWS documentation.
Download the latest OVA file to set up a VM. Use the following links to import the OVA file for setting up your VM for Site Collector installation.
Install AWS CLI.
Create an S3 bucket with an appropriate name and region for the AWS bucket.
Create the required service role. For instructions, see Required service role in the AWS documentation.
Import the OVA file using the following steps.
Create
containers.json
using the following command.[ { "Description": "My Server OVA", "Format": "ova", "Url": "s3://bucket-name/iported-path-of-ova.ova" } ]
Use the following command to import a disk. The user who runs this command for import must have the required permission with the required service role as mentioned in step 3.
aws ec2 import-image --description "exabeam ngsc ova import" --disk-containers "containers.json"
Following is an example of the successful output.
{ "Description": "exabeam ngsc ova import", "ImportTaskId": "import-ami-0ca6503698b0caf00", "Progress": "1", "SnapshotDetails": [ { "Description": "NGSC OVA", "DiskImageSize": 0.0, "Format": "OVA", "Url": "s3://bucket-name/iported-path-of-ova.ova", "UserBucket": { "S3Bucket": "ngscova", "S3Key": "ngsc-ubuntu-v4-20231027.ova" } } ], "Status": "active", "StatusMessage": "pending" }
To check the progress of the file import process, use the following command.
aws ec2 describe-import-image-tasks --import-task-ids import-ami-0ca6503698b0caf00
Launch the instance from AMI.
(For RHEL operating system only) Add private IP with hostname to /etc/hosts.
Add the RHEL License
Add your RHEL license after the VM is set up. Refer to the RedHat Documentation for the instructions on adding your RHEL license and subscriptions. For example:
SSH into the Site Collector Core VM.
Register RHEL with subscription-manager using the following commands.
Use the following command to register RHEL with subscription-manager using the RHEL Username and Password.
subscription-manager register --username <username> --password <password> --auto-attach
Use the following command to register RHEL with subscription-manager using the RHEL Org ID and Activation Key.
subscription-manager register --org=ORG ID --activationkey=Key Name
Use Access Credentials to Log on to the VM
After you import the OVA file into the hypervisor and generate a VM instance successfully, use the following username and password to log on to the VM.
Username – exabeam
Password – Welcome2Exabeam!!