Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Introduction
  4. /
  5. Quick start guide for Virtual Logmamager

Quick start guide for Virtual Logmamager

In this guide, you will learn all the steps you need to take to start and configure Virtual Logmanager for the first time.

Preparing virtual hardware

Logmanager is delivered as an OVA file for VMWare or as a virtual VHDX disk Microsoft Hyper-V.

After installing the virtual machine on VMWare or in Microsoft Hyper-V, a second disk will need to be added to the VM. This VM will act as the storage area for the VM. The original disk that is shipped contains the operating system but the secondary disk will be storage for Logmanager’s logs and other system information. The secondary storage can be increased by adding more space or disks as more room for logs is needed.

Configuring a IP address

Virtual Logmanager uses static IP addresses and this will need to be set from the limited Logmanager command line.

  • Decide on the network information that you will need, for example 192.168.1.29 and mask 255.255.255.0 using a gateway located at 192.168.1.1.
  • Open a virtual console from your VM software.
  • The default account is admin/admin. This can be changed later.

Step 1: Add the new static IP

The set ip command uses the following syntax:

set ip ip_address network vlan

To set the IP address using the example data above, use:

set ip 192.168.1.29 255.255.255.0 default_vlan

Step 2: Delete the default route

The delete route command uses the following syntax:

delete route target netmask gw

To delete the default route, use:

delete route 0.0.0.0 0.0.0.0 192.168.0.1

Step 3: Add the new route

The set route command uses the following syntax:

set route target netmask gw

To delete the default route, use:

add route 0.0.0.0 0.0.0.0 192.168.1.1

Step 4: Delete the default IP.

The delete ip command uses the following syntax:

set route target netmask gw

To delete the default ip, use:

delete ip ip_address network vlan
If you are running virtual Logmanager forwarder, you should continue on to the chapter on Logmanager Forwarder for information on adding your forwarder to a Logmanager server.

Log into the Web interface.

Now you can log in to the web administration on the address with virtual Logmanager. The virtual forwarder does not have a Web interface:

https://YOURIP/

Networking changes can now be made from the Web interface if you are running virtual Logmanager and if you have first configured the network from the Logmanager command line

YOURIP is the IP address that was set from the cli using the commands above.
  • Change the IP address according to your requirements using the chapter IP addresses.
  • Now re-set IP address of your PC so you can access the web administration of the Logmanager server again.
  • Put a new IP address of your Logmanager server into your browser and log in again.

Configuring a default gateway

Default gateway is important for correct communication of the system in your network.

Now it is necessary to set a default gateway using chapter Routes.

Set a IP address of your default gateway which the Logmanager server has to use.

Configuring the DNS

Setting the DNS servers is necessary for example to get additional info from your messages.

Proceed with the setting using chapter DNS.

Add the addresses of your DNS servers, which the Logmanager has to use.

Configuration of the DNS is applied after a click on the Apply button.

Configuring the NTP

Time servers are important for correct functionality of the whole system. Every message stored to the Logmanager server has a timestamp. If the system has shifted time, timestamp will be shifted against the reality.

Set the NTP using the chapter NTP.

Configuration of the NTP is applied after a click on the Apply button.

Configuring the SMTP

To send email messages from the Logmanager server it is necessary to set the server for sending of the emails using the chapter SMTP.

To test the SMTP server, click on the test button.

Configuring a cluster

If you own more Logmanager servers, which you want to connect to a cluster, use the chapter Cluster.

By building a cluster connection of nodes of the cluster is done and also automatic synchronization between the cluster participants happens. Setting has to be done on both nodes with identical name and password. IP address will be always the address of the second partner in the cluster.

User accounts

Set user names, groups and their rights.

If you are using user accounts in domain, connect them using LDAP.

Use the chapter Users list.

Data sources

Now you have to set all network devices to send their audit messages to the Logmanager.

Select data sources from following chapters:

Devices which are sending audit messages thru syslog need to have IP addresses set in Logmanager server using the chapter IP prefix lists.

For most cases it is enough to have the IP address in the prefix list for correct setting of the device.

Checking the added device

  • Click on Logs ‣ Dashboards ‣ Log overview in the left menu.
  • Filter messages stored in the database using table Device IP.
  • Check the individual records in the table ALL EVENTS if they are accordingly parsed and saved.
  • In case of incorrect classification of the device to the IP prefix list and subsequent change, this change is used only on new incoming messages.