- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Sign Up for the Early Access Program: Site Collectors
- Set Up Archive Windows Collector
- Set Up Archive Linux Collector
- Set Up EStreamer Collector
- Set Up Fortinet Collector
- Set Up IBM Security QRadar Collector
- Set Up Kafka Collector
- Set Up Splunk Collector
- Set Up Linux File Collector
- Set Up Microsoft SQL Collector
- Set Up MySQL Collector
- Set Up Oracle Collector
- Set Up Syslog Collector
- Set Up Windows Active Directory Collector
- Set Up Windows Event Log Collector
- Set Up Windows File Collector
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Install Site Collector
To install the Site Collector instance on your virtual machine (VM):
Complete the Prerequisites to Install Site Collector.
Note
Ensure that you run the prechecks while completing the prerequisites. When you run prechecks to validate VM configuration, the precheck binary file checks if the hostname resolves to loopback IP address.
Log in to the Exabeam Security Operations Platform with your registered credentials.
Navigate to Collectors > Site Collectors.
Note
Ensure that you have the required administrator permissions for the UI at Exabeam Security Operations Platform. You require /*_repository drivers mounted with read/write/exec permissions for root for your VM.
On Site Collector Instances, click New Site Collector.
On the New Site Collector Instance page, in the Add Basic Info section:
Site Collector Instance Name – Enter a descriptive name to identify the Site Collector in the Exabeam Security Operations Platform and in logs.
Hostname or IP – Enter the hostname or IP address of the VM on which you want to install Site Collector.
Installation Path – Specify a path for the Temp download folder which is used for extraction and execution and the Installation folder which is used for installation and upgrades. The default path for the Temp download folder is
/tmpand for the Installation folder, it is/opt.
Note
The Add Basic Info section displays the deployment type as Single node deployment.
(Optional) Enable proxy, if desired, and then enter the required information as follows:
Proxy Hostname or IP – Enter the hostname or IP address of your proxy server.
Port – Enter the port number of your proxy server. For example: 8080.
Click Next.
The Site Collector app generates an install script that appears as an input in the fields under the Installation section.
Use the installation command for installing and upgrading tmux.
(Optional) If you want to install or upgrade tmux automatically, copy the first curl command displayed on UI, and paste the command on the terminal connected to your VM. If you choose to manage tmux packages manually, you do not need to execute this curl command. However, ensure that you have tmux version 1.9 or later.
Upgrading Site Collector requires tmux version 1.9 or later. For RHEL version 1.7 or older, a confirmation message box provides you with an option to proceed with automatic tmux installation and upgrade, or to cancel the process for manual installation.
Note
Tmux facilitates an uninterrupted installation process and command history. Additionally, tmux ensures easy compilation of command history and uninterrupted other terminal activities.
To initiate the Site Collector installation process, copy the sudo tmux command on the VM.
The installation process starts and displays the status of the pre-checks and packages. After the package is downloaded and executed to install Site Collector Core on your VM, Site Collectors Core is ready to send data to the Site Collector app to track its health.
Site Collector installs under the User Identifier (UID) 9786.
Note
The curl script ensures successful installation, package download from Exabeam Security Operations Platform, and establishment of a secure communication channel between Site Collector’s VM and Exabeam Security Operations Platform tenant.
To provide additional security hardening, Site Collector enforces TLS v1.3 for RHEL 8/9 and Ubuntu, and TLS 1.2 for RHEL 7.
Proceed with setting up any desired collectors.
It is recommended to set up one collector instance for one Site Collector instance at a time. To avoid installation errors, wait until Site Collector completes the process of setting up one collector instance before setting up a new collector instance.
Note
If you need you restart your VM for a specific reason such as for a package update or operating system update, you must stop the ongoing Site Collector processes to avoid the possibility of a corrupted installation.
To stop the Site Collector processes, use the following command:
/opt/exabeam/nifi/nifi_scripts/ngsc_stop.sh
To start the Site Collector processes after the VM is restarted, use the following command:
/opt/exabeam/nifi/nifi_scripts/ngsc_start.sh
If you specified a path for the default installation (/opt) directory, replace the default /opt path with your custom path in the above command.
Install a Site Collector Instance on Red Hat 8
The following video tutorial shows steps to install Site Collector on Red Hat 8 operating system.