Quick start guide for Virtual Logmamager
In this guide, you will learn all the steps you need to take to start and configure Virtual Logmanager for the first time.
Logmanager is delivered as an OVA file for VMWare or as a virtual VHDX disk Microsoft Hyper-V.
After installing the virtual machine on VMWare or in Microsoft Hyper-V, a second disk will need to be added to the VM. This disk will act as the storage area for the VM. The original provided disk contains the operating system, but the secondary disk will serve as the storage for Logmanager’s logs and other system information. The secondary storage can be increased by adding more space or disks, if more storage for logs is needed.
Virtual Logmanager uses static IP addresses, which will need to be set from the limited Logmanager command line.
- Decide on the network information that you will need
- for example IP 192.168.1.29 and mask 255.255.255.0, using a gateway located at 192.168.1.1.
- Open a virtual console from your VM software.
- The default account is admin/admin. This can be changed later.
The set ip command uses the following syntax:
set ip ip_address network vlan
To set the IP address using the example data above, use:
set ip 192.168.1.29 255.255.255.0 default_vlan
The delete route command uses the following syntax:
delete route target netmask gw
To delete the default route, use:
delete route 0.0.0.0 0.0.0.0 192.168.0.1
The set route command uses the following syntax:
set route target netmask gw
To delete the default route, use:
add route 0.0.0.0 0.0.0.0 192.168.1.1
The delete ip command uses the following syntax:
set route target netmask gw
To delete the default ip, use:
delete ip ip_address network vlan
If you are running the virtual Logmanager forwarder, you should continue to the chapter Logmanager Forwarder for information on adding your forwarder to a Logmanager server.
Now you can log in to the web administration on the address of virtual Logmanager. (The virtual forwarder does not have a web interface.)
https://YOURIP/
Networking changes can now be made from the web interface, if you are running virtual Logmanager and you have configured the network through the Logmanager command line.
YOURIP is the IP address that was set from the cli using the commands above.
- Change the IP address according to your requirements using the chapter IP addresses.
- Now re-set the IP address of your PC so you can access the web administration of the Logmanager server again.
- Put a new IP address of your Logmanager server into your browser and log in again.
A default gateway is important for correct communication of the system in your network, and is now necessary to be set up using the chapter Routes.
Set an IP address of your default gateway, which the Logmanager server will use.
Setting the DNS servers is necessary for example to get additional info from your messages.
Proceed with the setting up using the chapter DNS.
Add the addresses of your DNS servers, which the Logmanager will use, and click the Apply button.
Time servers are important for correct functionality of the whole system. Every message stored to the Logmanager server has a timestamp, which will be shifted, if the system has a shifted time.
Set up the NTP using the chapter NTP.
To send email messages from the Logmanager server, it is necessary to set up the server for sending emails using the chapter SMTP.
To test the SMTP server, click the test button.
If you own more Logmanager servers, which you want to connect to a cluster, use the chapter Cluster.
By building a cluster, the nodes of the cluster are connected. Automatic synchronization between the cluster participants also happens. Setting has to be done on both nodes with identical name and password. IP address will always be the address of the second partner in the cluster.
Set user names, groups, and their permissions.
If you are using user accounts in a domain, connect them using LDAP.
See the chapter Users list.
Now you have to set all network devices to send their audit messages to the Logmanager.
Select data sources from following chapters:
Devices that send audit messages through syslog need to have their IP addresses set to the Logmanager server, as in chapter IP prefix lists.
For most cases, it is enough to have the IP address in the prefix list for correct setting of the device.
- Click on
Logs ‣ Dashboards ‣ Log overviewin the left menu. - Filter messages stored in the database using the table Device IP.
- Check the table ALL EVENTS to see if the individual records are accordingly parsed and saved.
- In case of an incorrect classification of the device to the IP prefix list and a subsequent change, this change will only be used for new incoming messages.