- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- How to regenerate certificates for Site Collector Core
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
How to regenerate certificates for Site Collector Core
You need to regenerate Site Collector Core main certificates that include Site Collector Core web server certificates, Site Collector Core communication certificate, and Syslog default certificates in the following two scenarios:
If you change the Site Collector Core VM IP address or hostname
If the Windows Event Log Collector cannot use certificates from the Exabeam Security Operations Platform Web user interface to communicate with Site Collector Core
If you want to fix any issues associated with certificates
Use the following script to regenerate the certificates.
sudo /opt/exabeam/nifi/nifi_scripts/regenerate_certificate.sh
The scripts runs after your confirmation to run. If you run this script, you must reinstall all the Windows Event Log Collector instances and reconfigure Syslog clients that use certificates for TLS communication.
Here is an example of a successful execution of the script.
[exabeam@ihor-ngsc-centos-7 ~]$ sudo /opt/exabeam/nifi/nifi_scripts/regenerate_certificate.sh The existing collectors that use certificates won’t work anymore and you have to redeploy them. Are you sure you want to regenerate certificates and restart SC? Y/N? y Support: --tlsv1.2 --tls-max 1.2 Generating new certificates for NGSC Core Generate certificates Hostname: ihor-ngsc-centos-7 IP List: 10.70.2.12,172.17.0.1 Alternative names: localhost,ihor-ngsc-centos-7,10.70.2.12,172.17.0.1,ihor-ngsc-centos-7.c.ngsc-experiments.internal Creating new certificates [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine - Using /opt/exabeam/nifi/nifi_conf/nifi.properties as template. [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Running standalone certificate generation with output directory /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Generated new CA certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/nifi-cert.pem and key /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/nifi-key.key [main] WARN org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Hostname count does not match given alternate name count. Verify names in resulting certificate. [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Writing new ssl configuration to /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/ihor-ngsc-centos-7 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Successfully generated TLS configuration for ihor-ngsc-centos-7 1 in /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/ihor-ngsc-centos-7 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Generating new client certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/CN=ihor-ngsc-centos-7_OU=NIFI.p12 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Successfully generated client certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/CN=ihor-ngsc-centos-7_OU=NIFI.p12 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - tls-toolkit standalone completed successfully Backing up current certificates Moving new certificates Extracting certificates from keystore and truststore Importing keystore /opt/exabeam/nifi/nifi_conf/truststore.jks to /opt/exabeam/nifi/nifi_conf/truststore.p12... Entry for alias nifi-cert successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Importing keystore /opt/exabeam/nifi/nifi_conf/keystore.jks to /opt/exabeam/nifi/nifi_conf/keystore.p12... Entry for alias nifi-key successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Preparing certificates archives adding: ca.pem (deflated 28%) adding: cert.pem (deflated 28%) adding: key.pem (deflated 24%) Preparing copy certificates to GCP bucket Certificates were generated Generating new certificates for NGSC Core was completed successfully Enabling SSL Certificates Upload for NiFi SSL Certificates Upload completed Support: --tlsv1.2 --tls-max 1.2 Stopping NGSC Core Stop all Exa processors Checking if NiFi queue is empty NGSC was stopped successfully Support: --tlsv1.2 --tls-max 1.2 Starting NGSC Core Start all Exa processors NGSC Core was started successfully
Following are the key phrases that indicate successful execution.
SSL Certificates Upload completed
NGSC Core was started successfully