GOL user manual
Contents
1. iii 33 Table 11 Description of log data transmission Settings rr 36 Table 12 Commands available for GOIDB management rr 46 Clusterpark Ltd 5 52 gol Users manual Version 1 0 a GOL installation Date 28 04 2014 1 GOL and its components GOL is Clusterpark developed powerful log data consolidation solution with open XML standard document oriented data base that provide very fast data analysis With GOL can be detected the security breaches software related and technical problems in IT infrastructure computers servers network devices etc GOL can be used as complementary solution to other analysis tools for deeper understanding of processes in different systems for investigation and quick decisions for preventive activities GOL has following components e golLoader agent for log entry collection from files and sending them to database golIDB for consolidation from local network or within WAN GOL installation has two agents one for collection of logs from Linux based systems and another one for log data collection from devices with Windows operating systems e golibB consolidated log entry database that has been built on Clusterpoint XML document oriented NoSQL database engine e GOL GUI user interface GOL web oriented user interface for access of consolidated log data search of information in them data representation in graphical form and event monitoring in real time with dashboa2. e To continue installation type y and press Enter e To cancel golLoader installation type n and press Enter Clusterpark Ltd 16 52 gol Users manual Version 1 0 z bar GOL installation Date 28 04 2014 After installation of loader its initial configuration is needed It is required to use already installed golLoader settings ompletet Installation complete will perform configuration now lusterpoint server Host localhost 192 168 808 197 lusterpoint server Port 5558 btorage name goldb Ser name root name Will be used for displaying records from this server name 0 description will be used in UI interface to describe loader description Description of settings is available in Table 4 Table 4 Description of golLoader installation settings Settings field Description of the activities Clusterpoint Server Host Type in golDB server address and press Enter Clusterpoint Server Port Specifies the network port through which golLoader send data By default the port 5550 is used Confirm with Enter Storage name Specifies the name of database By default the golDB Username Type in the username for connection to golDB By default the root or enter the username that was specified in the GOL configuration Password Type in the password for connection to golDB By default the y2sP or enter the password that was specified in the GOL configuration Lo
3. iii 24 Window for list of log data SOUFCES ii 24 Log data source configuration WINdOW 25 List of configured log data SOUFCES eee eeeeeeeeeeeeeeeeeeenennnnnngs 27 List with configured POSTS ii 27 WinGol installation starting WiNdOW iii 28 Window for input of host name and description iii 29 Window for input of GOIDB connection Settings iii 29 Window for input of WinGol installation folder iii 30 Dialog for approval of WinGol installation folder iii 30 Window for input of folder where log data will be collected 31 Window with overview of installation foldefS iii 31 Installation status WINGOW iii 32 Windows with list of newly installed 0A0Eers iii 32 Window for configuration of WINGO main settings ccccccccccceeee cece eeeeeeeeeeennees 33 List of automatically recognized MS Windows events iii 34 Log data transmission configuration WINCOW s sssssssssssssssssnnsrennenrsreneenne 35 List with enabled for transmission data SOUFCES ii 36 List with configured hOS S iii 36 List of devices registered in GOL rr 38 Example of list with disconnected device ri 38 Dialog window for approval of device removing LL 39 List of hosts without deleted device ri 39 L WTO T E reg Aare E en ee eee ae 39 WINGO GHINSEAIAU
4. e Configuration of GOL general settings GOL GUI is created by using HTML5 and it can be used with smart phones and tablets Clusterpark Ltd 7 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 a 2 Requirements for GOL installation GOL should be installed on Linux operating systems 32 and 64 bit Linux OS is Supported Currently GOL could be installed on Debian Fedora CentOS and Suse GOL can be installed on Windows or Mac OS too In this case the virtualization environment like Oracle Virtual Box with supported by GOL Linux OS installed must be used MS Windows event log file agent can be installed on MS Windows 2000 Vista XP 7 8 workstation and MS Windows Server operating systems Hardware requirements for using GOL largely depend on amount of log files that should be consolidated and analyzed Minimum requirement is to have at least 2 CPU cores 4Gb RAM and 10Gb free disk space golIDB management system can be used for monitoring of resources and planning of them taking into account the time how long the data should be stored GOL trial can be used for evaluation of resources and functionality before purchase of licensed solution Clusterpark Ltd 8 52 GOL installation Ol Users manual Version 1 0 Q bi Date 28 04 2014 3 GOL installation sequence GOL is prepared and available as Linux installation package Package contains all components for GOL as described in chapter
5. Clusterpark Ltd 22 52 Ol Users manual Version 1 0 Q hi Date 28 04 2014 GOL installation 5 Linux golLoader configuration This chapter describes the sequence for Linux operating systems golLoader agent configuration 5 1 Initialization of new golLoader agent In order to connect new golLoader agent to GOL in window with GOL configuration elements Picture 2 choose a category Hosts Configuration My profile Change password Hosts Alerts Dashboards Picture 2 Window with GOL configuration elements The windows for list with installed agents will be opened move to New hosts tab Example is shown in Picture 3 Back to configuration Hosts list New hosts 1 Name Code Description Enable Edit Remove GOL_demo GOL server loader NEW 0 o Picture 3 Example with new GOL golLoader agents e For further configuration of golLoader on the host click icon Window for configuration of golLoader general settings will be opened Picture 4 Clusterpark Ltd 2529 52 GOL installation Date 28 04 2014 gOl Users manual Version 1 0 i IPC TO MOSE Edit host Code Pool count 200 Mame Sleep time sk GOL_demo 20 Description Enable loading files from this host GOL server o Save Picture 4 Window for configuration of golLoader main settings Configuration settings will be offered by default but they can be changed if necessary Description of changeable settings fields o Pool
6. e Specified log file do not have entries yet When all necessary log files are configured with link Back to host list return to the list of configured hosts Picture 8 Hosts list Hosts 1 Name Code Description GOL demo h1 GOL server loader Picture 8 List with configured hosts Clusterpark Ltd Back to configuration Enable O Edit Remove 27 52 gol Users manual Version 1 0 a GOL installation Date 28 04 2014 6 Installation and configuration of Windows golLoader agent WinGol Installation package can be downloaded to hard disk from the internet address provided by developer From there it can be copied to other media for installation on Windows servers and computers hosts 6 1 Preparing for WinGol installation Prior installation the golDB IP address database login name and password must be identified In order to do that e Start GOL GUI and login with administrators rights e In main menu open Configuration e Inthe window with configuration elements chose General e Open the tab Storages e Settings necessary for installation are specified in section golcfg oposit the names o Address golDB IP address o Username login name for connection to the database by default root o Password password for connection to the database by default y2SP 6 2 Installation of WinGol After download of installation package open the folder where it is located a
7. gOl Users manual GOL installation Version 1 0 V4 CLUSTERPARK 2014 GOL installation Date 28 04 2014 gol Users manual Version 1 0 a Content 1 GOL and IES COMPONGENUS wicstansccowsdstorexsassannnadadanenaaserssoiastanswaassaaesedetansasasseaiaaeeeesseasaaas 6 1 1 Description of golLoader agents iii 6 I 2 Description CF IONOB vq auras sa vevceessessagusnaarrascassrccesaqurs EA sane red asaeuvasesaqnveosseoereoaiat 6 I LE PONO GOGU ric 7 2 Requirements for GOL installatioN eee cece eee e eee e eens sees sees sees dene eee e eee eeenaas 8 3 GOL installation Sequence 9 3 1 Preparing for GOL MStallaviOn ascritto 9 3 2 Installation of golDB GOL GUI and Linux golLoader cece eee ia 10 3 2 1 golDB installation and initial configuration i 10 2 260 GU LN Sla Nl O uaaa i E E a a a 11 3 2 3 Linux golLoader installation and initial configuration 12 3 2 4 Linux golLoader configuration file sirios 14 3 3 Installation and initial configuration of individual golLoader on other Linux hosts 16 3 4 Additional configurations for CentOS operating system eeeeeeeeeeeeee eee enees 17 3 5 Configuration of SNMP trap 19 4 GOL configuration after installation i 21 4 1 Detection of golDB IP address rrrrrrrrrriri riser eri e rire ei eee riser eri ri risi ri rire ri eee risente 21 5 2 CURING Started WIIN GOL garcia nera 22 4 5 PINS te VEFWVUOO
8. 1 GOL and its components excluding WinGol agent for Windows OS that could be installed separately Recommended GOL installation sequence is following e Prepare for installation and download GOL installation package Described in chapter 3 1 Preparing for GOL installation e Install golDB GOL GUI and Linux golLoader Described in chapter 3 2 Installation of goliDB GOL GUI and Linux golLoader o perform additional configuration of the CentOS operating system if necessary Described in chapter 3 4 Additional configurations for CentOS operating system e Configure SNMP trap Described in chapter 3 5 Configuration of SNMP trap e Perform configuration of GOL settings Described in chapter 4 GOL configuration after installation e Connect to GOL on golDB server installed golLoader Described in chapter 5 Linux golLoader configuration Step can be omitted if golLoader on golDb server was not installed e Optional installation of other golLoader Linux agents Described in chapter 3 3 Installation and initial configuration of individual golLoader on other Linux hosts e Optional installation of WinGol MS Windows agents Described in chapter 6 Installation and configuration of Windows golLoader agent WinGol 3 1 Preparing for GOL installation Before GOL installation the hardware or virtual machine with supported Linux OS must be prepared During installation the SMTP server settings will be asked to enter chapter 3 2 1 go DB installat
9. Stop and then reactivated with command Start rootWlyltpuh cmsZ cpoint 02 log fetc init d gqol load stop stopping GOL log lo rootWlywltpuh cmsZ cpoint 02 log fetc finit d gol load start starting GOL log loader process If the previous approach does not succeed golLoader process can be stopped with command Kill using golLoader process ID and then reactivated For example is used the case a with specified ID number 17281 Following commands must be executed kill 9 17281 and then executing command etc init d gol load start roothlwltpub cms2 cpoint O2 log kill 9 17261 roothlwltpub cmsz cpoint O2 log jf fetc init d qgol load starting GOL log loader process 10 3 GOL GUI stops after login If after entering correct user name and password in the browser blank page is displayed it is possible that golDB is not running In order to activate database service in Linux terminal mode take following steps 1 Switch to user root su l Clusterpark Ltd 50 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 e eol sol demo suy Password root ol demo 2 Execute cps2 server service etc init d cps2 server start Other available for cps2 server service parameters e Start Activates Clusterpoint database engine e Stop Stops the Clusterpoint database engine e Restart Stops and then reactivates Clusterpoint database engine e Reload St
10. database Status Single Storages CLUSTERS amp Unknown w Users Create new user Remove user Edit user Join group Leave group Permissions Bb Bb amp fa fa Groups ClusterPoint 2006 2014 Cluster Storages Administration Tools Logout User manage Login FullName Description Member of Built in root user root Root user gol v2 3 0 71p 64 bit Dec 11 2013 18 25 25 Picture 38 List with golDB users In order to change the password check the box and press Edit User e New window for changing of the password will be opened Clusterpark Ltd 47 52 Ol Users manual Version 1 0 Q la Date 28 04 2014 GOL installation e New password must be entered in to the both Password fields and saved by pressing button Save Picture 39 CL Login Name gol Full Name Description Password Password confirm User Type None E mail Enabled i Save wt Cancel Picture 39 Window for change of golDB user password Other settings can be edited in this window as well e User name can be changed by writing new one in the field Login name e Full name of the user can be specified in the field Full name e From items in the drop down menu User Type the user rights can be chosen e User can be enabled or disabled by adding or removing the check in the Enabled field box 9 7 Database license and its extension If the database licen
11. lt cps storage gt goldb lt cps storage gt lt cps command gt search lt cps command gt lt cps user gt root lt cps user gt lt cps password gt root123 lt cps password gt lt cps content gt lt query gt error lt query gt lt cps content gt lt cps request gt Version 1 0 Date 28 04 2014 Response lt cps reply xmlns cps www clusterpoint com xmlns cpse www clusterpoint com gt lt cps storage gt goldb lt cps storage gt lt cps command gt search lt cps command gt lt cps content gt lt hits gt 9380 lt hits gt lt more gt 9370 lt more gt lt results gt lt d gt lt b gt lt D20140225 gt Tue Feb 25 12 33 50 2014 span class hgl Jerror span client 192 168 31 3 File does not exist var www favicon ico lt D20140225 gt lt b gt lt results gt lt found gt 10 lt found gt lt from gt 0 lt from gt lt to gt 10 lt to gt lt cps content gt lt cps seconds gt 0 0065 lt cps seconds gt lt cps reply gt Picture 37 Example with changed values in golDB 9 6 goIDB users and passwords In order to create or edit golDB users press the menu User management item Administration The list with current users will be opened Picture 38 By default in GOL are to users 1 User root with password password is used for golDB administration 2 User gol with password y2sP provides golLoader authentication to the server for sending of log entries to the
12. new loader dropdown menu Picture 33 and from the list choose the appropriate loader Link to a new loader New loaders DM New loaders DEMO PC Picture 33 Drop down list with available loaders e The button Save Picture 32 must be pressed for confirmation of configuration Now the host connection to the GOL has been restored Clusterpark Ltd 43 7 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 i 9 goIDB management environment golDB has been created using the Clusterpoint XML document oriented NoSQI database engine To help manage golDB servers user friendly database management environment is available 9 1 Access to the golIDB user s environment To get to the golDB user s environment a web browser program can be used In to the browser address field e onthe same host where GOL was installed enter ocalhost 5580 e for access from another host enter http IP 5580 IP indicates the host address on which GOL is installed golDB terminal user access form will be opened Picture 34 Authentification Username root Password Login Picture 34 go DB terminal user access form Default administrator s name and password already has been set by golDB installation User name root Password password When the corresponding access parameters are entered press the button LOGIN 9 2 Overview of the golDB server resources After authentication in golDB user envir
13. v1 v2 example authCommunity log execute net nvpublic SNMP v3 TRAP user createUser e ENGINEID myuser SHA my_auth_pass AES my_encryption_pass createUser e Ox8000000001020304 v3trapuser SHA v3password AES v3coding SNMP v3 INFORM user createUser v3trapuser SHA v3password AES v3coding SNMP v3 Authorizing your user to do things with the received notifications authUser log execute net v3trapuser SNMP v3 If you want to receive v3 traps or informs sent with noAuthNoPriv authUser log execute net myuser noauth e Execute the command Clusterpark Ltd 19 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 a start snmptrapd e Check the configuration by executing following commands snmptrapd v 3 n a SHA A v3password x AES X v3coding l authPriv u v3trapuser e 0x8000000001020304 localhost 0 linkUp 0 snmptrapd C v 3 a SHA A v3password x AES X v3coding l authPriv u v3trapuser localhost 0 linkUp 0 e Create PHP command file for SNMP process For this the graphical or PHP command line editor can be used lt php The file we will be writing to It s best to specify a full path to avoid any confusion over the current working directory outFile data disk trap snmp_trap_ date Ymd log First we ll open our outfile if ofp fopen outFile a exit Oh No I couldn t open my out file and write the current timestamp to it so we are ce
14. ARK Before proceeding with golLoader restart it is necessary to ensure that the appropriate Linux host is connected to a computer network or can access the golDB server In order to verify golLoader status in Linux terminal mode take following steps 1 Switch to user root by entering appropriate password su l fol ol demo su l Pas root ol demo 2 Execute the command ps aux grep gol roothlvyltpub cms2 cpoint Oz2 log ps aux grep gol Command can return two kinds of results a golLoader is running as a process with assigned to it ID In example lower the ID is marked with yellow background 17281 Clusterpark Ltd 49 52 gol Users manual Version 1 0 no GOL installation Date 28 04 2014 root eee 0 0 0 0 130512 7040 pts o S 14 17 0 00 usr local GoL loader php php cli usr local GOL loader gol loader php root 19425 0 0 236 576 pts f0 S 14 24 grep gol 14 24 0 00 grep gol In case when golLoader agent is not running case b it can be activated by executing the command etc init d gol load start root g ol demo fetc finit d ol load start Starting GOL log 1 Available parameters for gol oad and gol alerts commands e Start Activate the service e Stop Stop the service e Restart Stop and then reactivate service In case when golLoader process is active but data to golDB are not transmitted case a process can be stopped with
15. CEPT 8 8 INPUT m state state KELATED ESTABLISHED j ACCEPT INPUT p icmp j ACCEPT INPUT i lo j ACCEPT INPUT p tcp m state state NEW m tcp dport 242 j ACCEPT INPUT p tcp m state state NEW m tcp dport 23 j ACCEPT INPUT m state state NEW m tcp p tcp dport GH j ACCEPT INPUT State state NEW m tcp p tcp dport 5588 jJj ACCEPT INPUT State state NEW m tcp p tcp dport 5558 j ACCEPT INPUT j REJECT re ject with icmp host prohibited FORWARD j REJECT reject with icmp host prohibited OMMIT t Completed on Tue Dec 17 16 33 52 2H13 After saving of table execute the command etc init d iptablesrestart e Add to the httpd process rights for writing in log folder Execute following command chcon v type httpd_sys_content_t usr local GOL gui apps logs e Allow the httpd process the usage of network connections Execute the command setsebool P httpd_can_network_connect 1 e If Apache does not start at Linux boot time than run levels must be installed by executing commands chkconfig listhttpd chkconfig level 2 httpdon chkconfig level 3 httpdon chkconfig level 4 httpdon Clusterpark Ltd 18 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 sf i a chkconfig level 5 httpdon 3 5 Configuration of SNMP trap GOL has capability to download the network equipment s internal log entries using SNMP trap To activate this capability some additional conf
16. GOL was successfully removed From your computer Picture 29 Window with message about successful WinGol uninstallation To close the message window press button OK After uninstallation the WinGol folders will remain on hard drive They must be deleted manually if they won t be needed anymore 7 2 Linux golLoader and GOL uninstallation In order to uninstall golLoader and GOL appropriate to Linux version commands must be executed Debian 1 Switch to user root su geol sol demo su l Password root ol demo _ 2 Uninstall golLoader packages and remove folders dpkg P gol loader amp amp rm rf usr local GOL loader 3 Uninstall GOL packages and remove folders dpkg P gol gui amp amp rm rf usr local GOL gui 4 Uninstall golDB packages and remove folders dpkg P cps2 server amp amp rm rf usr local cps2 Fedora 1 Switch to user root su eol gsol demo su l Password rootesol demo 2 Uninstall golLoader packages and remove folders Clusterpark Ltd 40 52 gol 3 4 CentOS 1 2 3 4 Users manual Version 1 0 GOL installation Date 28 04 2014 yum remove gol loader noarch amp amp rm rf usr local GOL loader Uninstall GOL packages and remove folders yum remove gol gui noarch amp amp rm rf usr local GOL gui Uninstall golDB packages and remove folders yum remove cps2 server x86_64 amp amp rm rf usr local c
17. K This address must not be changed Otherwise golLoader agents will not be able to send log data to golDB and their reconfiguration should be done manually Clusterpark Ltd 21 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 i 4 2 Getting started with GOL To get started with GOL for further configuration in internet browser command line e On same server or computer where GOL is installed enter ocalhost gol e On any other computer in network enter http IP gol IP indicates the server address on which GOL is installed GOL GUI access form opens Picture 1 QOL LOGIN Picture 1 GOL access form To start GOL configuration it should be accessed with Administrator rights GOL installation already had set up default Administrator login and password Username admin Password password The username should be written in the field with i icon but password in the field with icon P Press LOGIN button The GOL GUI work screen opens and the user can start working according to the rights granted The access rights with which the user has accessed the GOL are shown on menu line Logged in For example user with administration rights will be displayed as admin Logged in admin 4 3 Finishing the work with GOL To finish and log out from GOL GUI at the end of menu line icon ci could be pressed GOL GUI access form opens again and tab in internet browser can be closed
18. L na 22 5 Linux golLoader configuration cece eee eee eee Deen e EEE EEE EASE SEES S SEES E SEES 23 5 1 Initialization of new golLoader agent ii 23 5 2 Configuration of log data SOUICES sprint 25 6 Installation and configuration of Windows golLoader agent WiNnGol 28 6 1 Preparing for WinGol installation ccc cece cece teen eee e ee eee eee e ee eeeeeeeeee eee e nee eeennnas 28 6 2 Installation Of WINGO iiini ee ee rere 28 655 VIGO COMMOGUEALION I GO Lara 32 7 WinGol and Linux golLoader uninstallation iii 38 7 1 Preparing GOL prior WinGol uninstallation iii 38 7 2 Linux golLoader and GOL uninstallation ii 40 8 Restore WINGO installati n pisirmeniscziz asini din niia iia 42 9 golDB management environment een n nee eeeeeeeeeeeeeeeeennaanneeeeseeeeeeeaaees 44 9 1 Access to the golDB user s environment cesses ee eee eee e ee eeeeeeeeeeeeeeeeeeeeeeneeas 44 9 2 Overview of the golDB server resources rr 44 9 3 Database Maderna 45 9 3 1 Stop and activation of individual databaSes rr 45 9 3 2 Deleting documents from database i 45 9 3 3 Commands that can be executed in database ii 46 9 6 golDB users and P955WOrdSrnin RR RR 47 Clusterpark Ltd 2 52 GOL installation Ol Users manual Version 1 0 Q Date 28 04 2014 9 7 Dat
19. N cPART _ 0 9 8 8 log 19z 0 1 1 bz2 0 1 Small training how to create regular expressions can be found at http regexone com The above described configuration steps should be performed for each log file that is meant to store in database The statuses of configured log data files can be checked in tab Sources Example is shown in Picture 7 Clusterpark Ltd 26 52 GOL installation gol Users manual i i Configure host GOL demo e Q GOL server loader Sources 6 Name Code Description messages h_1_src_1 System generated messages yum h_1_src_2 Yum messages for installed packages cron h_1_src_3 Cron process messages Secure h_1_src_4 Access messages Apache error h_i_src_6 Apache error messages Apacheaccess h_1_src_7 Apache server access messages Picture 7 List of configured log data sources Type syslog LC syslog syslog apache2err apache2acc File Alias messages yum cron secure error access Version 1 0 Date 28 04 2014 Storage main main main main main main G D D D a a Back to host list Enable Edit Remove o 00000 O 000000 Icon is indicating that golLoader agent is active and sending the log entries from corresponding log files to database Icon is indicating that log entries from corresponding log file are not sent Possible reasons may be e The log file name or folder has been entered incorrectly
20. ON 00 00 39 Window with message about successful WinGol uninstallation cccccceeeeeeeeeeee 40 EISE WIE FEIMOCVeG MOSES croatia 42 FIOSE coni gura ON WINGOW visione 42 Host connection configuration WINdOW i 43 Drop down list with available loadefS iii 43 golDB terminal user ACCESS form 44 Overview of GoIDB server resources 11 rr 44 Database information WINdoW cent eee e eee n nnn n AE EEE EEE E EEE E EEE E EERE EERE BEES 45 Example with changed values in g0IDB iii 47 ESE WIG OO DGS USES ideali 47 Window for change Of golDB user password iii 48 Clusterpark Ltd 4 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 4 List of tables Table 1 Description golDB database inStaNCes rr 6 Table 2 Description of golLoader installation Settings 13 Table 3 Full description of golLoader configuration Settings rr 14 Table 4 Description of golLoader installation Settings cccccccccccccccessecceeceeeesecneeeeeenneggenngs 17 Table 5 Description of log data source Settings rr 25 Table 6 Examples for Linux log data SOUFCES rr 26 Table 7 Examples of log file names as regular EXDFESSIONS iii 26 Table 8 Description of input parameters for host name rr 29 Table 9 Description of GOIDB connection Settings rr 30 Table 10 Description of loader configuration Settings
21. Version 1 0 bar After installation of GOL GUI additional configuration is not necessary and in next step installation of golLoader is offered 3 2 3 Linux golLoader installation and initial configuration golLoader agent can be installed on any Linux computer or server It is recommended to install loader on golDB server as well for monitoring its Linux environment onfiguration complete ackage gol loader This package provides log files loading functionality This is client for gol qui package which must be installed on this server or somewhere else ould you like to install gol loader package YESZNO e To continue installation of loader on golDB server type Yes and press Enter e If golLoader installation on GoIDB server is not necessary type No and press Enter If golLoader installation on golDB server is confirmed than after checking of necessary components a list of golLoader software setup and installation size will be displayed to user Dependencies Resolved gol loader noarch 1 gol loader 1 1 B noarch ransaction Summary e To continue installation type y and press Enter e To cancel golLoader installation type n and press Enter After installation of loader its initial configuration is needed It is required to use already installed golLoader parameters or configure them ompletet Installation complete will perform configuration
22. WinGOL BOS Server Connection Settings Server Connection Settings where to load data Server IP 0 0 0 0 Username rook Password rootiz3 Cancel Picture 11 Window for input of golDB connection settings Clusterpark Ltd 29 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 a Description of input settings for connection to golDB is available in Table 9 Table 9 Description of goIDB connection settings Name of field Description Server IP Input IP address where golDB is located ST i a e Input password The username and password can be can be found in main menu under Configuration General Storage corresponding fields Username and Password After input of information press button Next or button Back if previously entered information should be changed After pressing on Next window for input of WinGol installation folder will be opened Picture 12 Folder can be specified from the list of existing folders by pressing the button Browse Default folder name C WinGol is already specified in input field ie Setup WinGOL Select Destination Location Where should W inGOL be installed Setup will install WinGOL into the Following Folder To continue click Next IF you would like to select a different Folder click Browse csi O O O At least 41 9 MB of free disk space is required Picture 12 Window for input of WinGol installation folder After
23. abase license and its extension eens eee e eee e nese eeeeeeeeeeeee ee eeneeeeeenags 48 10 gellje cee og O Lucia 49 10 1 GOL SV Stem TONGCKS iccenaantnenetnecaqriniacntasanaceorasednsantiaisseianetaeersiaiiienaiattensseaseess 49 10 2 Linux golLoader agent is seen as inactive in GOL GUI network chart 49 10 3 GOL GUI stops after login cece cece eee e eee eee eee seen eee e eee e eee eeeeeeeaaaaaaes 50 LO GOLGOTO UNNI ici eo i 51 10 5 List with available log types in golLoader configuration window is empty 51 Clusterpark Ltd 3 52 gol Picture 1 Picture 2 Picture 3 Picture 4 Picture 5 Picture 6 Picture 7 Picture 8 Picture 9 Picture 10 Picture 11 Picture 12 Picture 13 Picture 14 Picture 15 Picture 16 Picture 17 Picture 18 Picture 19 Picture 20 Picture 21 Picture 22 Picture 23 Picture 24 Picture 25 Picture 26 Picture 27 Picture 28 Picture 29 Picture 30 Picture 31 Picture 32 Picture 33 Picture 34 Picture 35 Picture 36 Picture 37 Picture 38 Picture 39 Users manual Version 1 0 GOL installation Date 28 04 2014 List of pictures COL ACCESS TOTI rn siete ceeemiaeagiaraardautineateuane 22 Window with GOL configuration elements ccccccccceee eee e eee e eee e eee eeeeeeeeeen eee eennees 23 Example with new GOL golLoader agents iii 23 Window for configuration of golLoader main settings
24. ader name Type the name of server or computer on which the loader will be installed This name will be used to identify host in golDB and GOL GUI Confirm with Enter Loader description Field is not mandatory In this field description of host can be written Confirm with Enter Now golLoader agent installation has been completed and further configuration of settings can be carried out in GOL GUI configuration section as described in chapter 5 Linux golLoader configuration 3 4 Additional configurations for CentOS operating system If Linux CentOS operating system has been used it is recommended to perform following additional operations Following commands should be entered in terminal mode e Add firewall rules Before input of firewall rules it is recommended to become familiar with the iptables program editing commands Clusterpark Ltd 17 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 bat A z Execute the command vi etc sysconfig iptables Add following lines to the firewall settings table A INPUT m state state NEW m tcp p tcp dport 80 j ACCEPT AINPUT m state state NEW m tcp p tcp dport 5580 j ACCEPT A INPUT m state state NEW m tcp p tcp dport 5550 j ACCEPT Generated by iptables save v1 4 7 on Tue Dec 17 10 33 52 26135 filter INPUT ACCEPT 6 6 FORWARD ACCEPT 6 8 OUTPUT ACCEPT 2665 389153 H RH Firewall 1 INPUT 6 8 OUTPUT AC
25. agent on other hosts can be performed only after initial configuration of GOL For installation of golLoader on other hosts the GOL full installation package must be used just omit the unnecessary parts as golDB and GOL GUI For installation of golLoader follow the instructions described in chapter 3 1 Preparing for GOL installation or start it from storage HDD flash disk where it was stored after initial download elcome to installation wizard his wizard will ask you few simple questions and perform initial configuration at vetcrtimezone No such file or directory Package gol gui This package provides indexing and analysis functionality and requires Clusterpoint Server ve ould you like to install gol qui package YES NO no ackage gol loader This package provides log files loading functionality This is client for gol gui package which must be installed on this server or somewhere else ould you like to install gol loader package YES NO During installation the questions about golDB and GOL GUI installation must be answered with n because these components already are installed In next step on question Would you like to install gol loader package type yes and press Enter After checking of necessary components a list of golLoader software setup and installation size will be displayed to user Dependencies Resolved gol loader noarch ransaction Summary
26. ange them otherwise the loader won t work correctly and log data won t be sent to golDB Parameters that can be changed at this step are described in Clusterpark Ltd 34 52 GOL installation gOl Users manual i e Table 11 Edit source Host DEMO PC Source name Application Description File directory CWinGol_demo Qutput File name output Duplicate Type Windows Events Storage main Load previous logs a Enable load this source files cp Version 1 0 Date 28 04 2014 Back to host Picture 20 Log data transmission configuration window Clusterpark Ltd 35 7 52 Ol Users manual Version 1 0 Q hi GOL installation Date 28 04 2014 Table 11 Description of log data transmission settings Name of the field Description Source name Specify the name of event according the MS Windows classification Not recommended to change Load previous logs l l D E Switch in position inform that historical events prior current time and date will be sent to the golDB as well If that is not necessary press on it and switch will be moved to position off 05 Enable load this source file To start transmission of the data switch must be pressed disabled by default Switch icon will be changed to indicating that data transmission is enabled Configuration settings must be saved by pressing button Save The above steps can be performed
27. ase database golDB All log entries received from golLoader agents are stored there golcfg Contains information about all sorts of GOL configuration parameters golLoader settings are stored there as well golstat There are stored the settings necessary for operation of dashboards and alerts golDB has its own web oriented management system that allows configuration of clusters and monitoring of resources used Clusterpark Ltd 6 52 gol Users manual Version 1 0 a GOL installation Date 28 04 2014 1 3 Description of GOL GUI GOL GUI provides access to information collected in golDB and functionality for its analysis e Time graphs for highly interactive visual evaluation of log entry amounts within selected time periods for finding of periods with increased or decreased amounts of log entries that can indicate the potentially anomalous activity e Network graphs for visualization of all log sources their cross links and statuses e Broad possibilities for Google like information search by using simple words phrases Boolean expressions and structured queries e Dashboards for real time IT infrastructure and software monitoring with time graphs and selective search queries e Real time alerts about crucial events by using selective search queries and set of rules for their identification e Preservation of search queries for later reuse of them e Centralized configuration and management of golLoader agents
28. ation about device will be moved to the tab Removed hosts Picture 27 Picture 26 shows the list of hosts without deleted entry E Back to configuration Hosts list Hosts 1 Name Code Description Enable Edit Remove GOL demo h1 GOLserver loader OQ g Picture 26 List of hosts without deleted device Removed hosts index 1 indicates the number of records currently in tab Picture PN Back to configuration Hosts list Removed hosts 1 Name Code Description Enable Edit DEMO PC h2 DemoPCW8 2 Picture 27 List with deleted entry The inscription HALY ih Enable column indicates that the host has been successfully removed from GOL and MS Windows log records are no longer sent In the next step find the appropriate folder with installed WinGol on the host default folder C WinGol and run the program unins000 exe WinGol uninstallation window will be opened Picture 28 e In order to start WinGol uninstallation process press button Yes By pressing on button No uninstallation will be terminated WinGOL Uninstall Picture 28 WinGol uninstallation dialog Clusterpark Ltd 39 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 e e The program will automatically stop all processes and remove WinGol and its components from hard disk e After successful WinGol uninstallation the window with appropriate message will be displayed Picture 29 WinGOL Uninstall Lui A 1 j Win
29. b browser and login with administrators rights e Open Configuration in main menu e Inthe window with configuration elements chose Hosts window with list of all registered in GOL devices will be opened Picture 23 Back to configuration Hosts list Hosts 2 Name Code Description Enable Edit Remove DEMO PC h2 DemoPCW8 o Oo GOLdemo h1 GOL server loader gq oO O amp Picture 23 List of devices registered in GOL e In order to disable the log data transmission press the switch in column Enable switch will be changed to indicating that particular device is disconnected from golDB Accordingly the icon opposite the host name in the column Name from will be changed to as additional indication that particular device is disconnected Picture 24 Back to configuration Hosts list Hosts 2 Name Code Description Enable Edit Remove DEMO PC h2 DemoPCW8 Oo GOL demo h1 GOL server loader Oo E Picture 24 Example of list with disconnected device e To remove the device from the list and from network chart it must be deleted by pressing O the column Remove Picture 24 The dialog window for approval of removing will be opened Picture 25 Clusterpark Ltd 38 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 i Are you sure you want to remove this host Picture 25 Dialog window for approval of device removing By pressing OK button inform
30. count the amount of log entries which golLoader is sending to golDB during each session can be specified By default maximum 200 entries will be sent o Sleeptime s interval in seconds between each session can be specified By default interval is set to 20 seconds o In order to activate agent and start log data sending process press on switch disabled by default Switch icon will be changed to a indicating that log data sending is enabled To save the configuration settings button Save must be pressed Now golLoader agent is turned on and is ready for further configuration e After entering of main settings the window for configuration of log data sources will be opened Picture 5 Back to host list Configure host GOL_demo e GOL server loader Sources 0 Name Code Description Type File Alias Storage Enable Edit Remove There are no sources matching the criteria Picture 5 Window for list of log data sources Clusterpark Ltd 24 52 gol Users manual Version 1 0 a GOL installation Date 28 04 2014 5 2 Configuration of log data sources In order to add new log data source press icon O The window for configuration of log data source settings will be opened Picture 6 Back to host New source Host Type GOL_ demo Load Custom v Source name Storage main v Description Load previous logs Enable load this source files File directory File name Save Picture 6 L
31. ecifies the number of records loader sends to golDB each maxrows session By default it is 200 records Clusterpark Ltd 14 52 gol Users manual Version 1 0 a GOL installation Date 28 04 2014 Logs transmission time interval The default is 20 sec goIDB server IP address wide A network protocol used for connection to golDB By default the protocol tcp Specifies the network port through which golLoader send data username Username for connection to golDB Password for connection to golDB The log data source configurations file name and location Type of operating system linux or Windows 5 Start golLoader service by entering command etc init d gol load start root ol demo etc init d ol load start Warning If golloader already was configured in GOL GUI before changes in configuration file than as soon as golLoader connects to the golDB the values in fields name discription sleep and maxrows will be change according the configuration already saved in database There fore changes in these fields directly in configuration file are not necessary and they can be changed in GOL GUI Configuration section Hosts Clusterpark Ltd 15 752 gol Users manual Version 1 0 GOL installation Date 28 04 2014 3 3 Installation and initial configuration of individual golLoader on other Linux hosts Installation of golLoader Linux
32. erver Starting Clusterpoint Server topping Clusterpoint Server ve Stopping Clusterpoint Server Setting up configuration lease enter system e mail address gol mail com lease enter SMTP server address smtp gol com lease enter GOL administrator s e mail address admin gol com_ In requested fields enter information as needed e Please enter system e mail address GOL system e mail address e Please enter SMTP server address SMTP server address e Please enter GOL administrator s e mail address GOL administrator e mail address golDB installation and configuration is finished and in next step installation of GOL GUI is offered 3 2 2 GOL GUI installation After checking of necessary components a list of GOL GUI software setup and installation size will be displayed to user Installing gol gui noarch 1 1 gol gui 2 1 1 noarch Installing for dependencies autoconf noarch 63 5 1 base automake noarch L1 1 4 base php x86 64 3 3 27 updates php cli x86_64 n PET updates php common x86_64 cda updates php devel d d 27 updates php xml ae Pe Cor de updates Transaction Summary 8 Package s Total size 12 M Total download size 5 7 M Installed size 26 M Is this ok y N J e To continue installation type y and press Enter e To cancel GOL GUI installation type n and press Enter Clusterpark Ltd 11 52 GOL installation Date 28 04 2014 gol Users manual
33. file or directory Package gol qui This package provides indexing and analysis functionality and requires Clusterpoint Server ve ould you like to install gol qui package YES NO To continue golDB installation on question install gol gui package enter YES but for cancellation of installation process enter NO After an authorization to begin the installation host will be checked for necessary components All components necessary for GOL are included in installation package and if something will be found missing on host it will be installed izard will now perform some checks for requirements and will offer you to install missing packages Please answer yes to any prompts from package manager Press any key to continue_ To start component checking any key could be pressed After checking of necessary components a list of golDB software setup and installation size will be displayed to user Jependencies Resolved cpse server xdb_b4 3 09 71p_H ransaction Summary 59 M Installed size 59 M Is this ok yz Clusterpark Ltd 10 7 52 GOL installation Date 28 04 2014 gol _ Users manual Version 1 0 e To continue installation type y and press Enter e To cancel golDB installation type n and press Enter After golDB installation initial configuration must be done Installation complete will perform configuration Starting Clusterpoint S
34. guration file If golDB server IP address has been changed or during golLoader installation wrong settings had been entered they can be changed directly in golLoader configuration file It is recommended to do changes in settings in following steps 1 Login to Linux with root user rights by using commands su or sudo S geol sol demo su l Password rootesol demo 2 Stop the golLoader service with command etc init d gol load stop root ol demo fetc finit d ol load stop 3 Open configuration file in Linux text editor vi nano gedit u c Configuration file is located in folder usr local GOL loader conf ini root ol demo vi usr local GO0L loadercont ini 4 Change the setting that was entered wrongly Description of settings is available in Table 3 sThis is loader configuration file general loader_id So 60DICAt bcgc4i name sol demo description sleep database address localhost _ tep 5550 sol Wasp cot_tile_il path log sources ini type linux Table 3 Full description of golLoader configuration settings Settings field Settings description ein Automatically created golLoader identification in golDB Should Loader_id not be changed Name of host on which golLoader was installed This name is used for loader identification in golIDB and GOL GUI Can be changed if name necessary aie I Sp
35. iguration operations must be performed All operations can be performed in Linux terminal mode with root user rights e Open the file etc apt sources st in editor Append to the end of data source IP address line the contrib non free If this file is not found than this step can be ignored e If SNMP process is not found it must be installed by executing following commands apt get update apt get install snmp apt get install snmpd apt get install snmp mibs downloader download mibs For SNMP installation other commands and resources can be used according the current Linux version e Open the file usr share snmp snmp conf in editor Add new line mibs ALL and save the file The location of the file snmp conf may differ from version to version e Settings in file usr share snmp snmptrapd conf should be configured Additional information can be found in http www net snmp org wiki index php TUT Configuring snmptrapd but additional information about SNMP v3 can be found in http www net snmp org wiki index php TUT Configuring snmptrapd to receive SNMPv3_ notificati ons snmpd file location may differ from version to version traphandle all to GOL traps handler script Path is just for example You should specify one where you will save the actual script traphandle default Oadmin snptrap traphandle 02 sh php this disables traps logging to syslog donotlogtraps 1 configure traps authentification SNMP
36. input of installation folder press button Next If the new WinGol version is installed over previous one than additional dialog informing that installation folder already exist will appear Picture 13 Folder Exists The folder Ci WinGOL already exists Would you like to install to that folder anyway Yes Picture 13 Dialog for approval of WinGol installation folder Clusterpark Ltd 30 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 a To accept installation in folder that already exist press button Yes If WinGol should be installed in other folder press No and dialog will return to window for input of installation folder Picture 12 By pressing Yes the window for input of folder where log data prepared for sending to golDB will be collected will be opened Picture 14 Folder can be selected from the list of existing folders by pressing button Browse Default name of the folder C WinGol already is specified in input field is Setup WinGOL Bo Select Custom Qutput Directory IF You need to customize output data directories location do it now then click Next MOTE in this directory programm creats additional directories Temporary data and logs directory cw Picture 14 Window for input of folder where log data will be collected After input of folder press button Next In the next window Picture 15 the folders selected for installation will be shown If
37. ion and initial configuration Therefore it is recommended before installation to ascertain the SMTP server address That can be done in several ways For example e In case that on user computer the Outlook or Thunderbird is installed than note e mail sending settings e Ask for SMTP address the system administrator or internet service provider It is highly recommended to assign static IP address to host where GOL installation is planned In order to download GOL package in Linux command line can be entered command wget or curl and link to appropriate Linux package e Debian Ubuntu Suse Use command wget root GOL debian64 03 2014 home gol wget http clusterpark com download gol de bian_amd64 run Clusterpark Ltd 9 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 e CentOs RedHat Fedora Use command curl root Cent0s64 lt curl o root gol centos x86_64 run http wuww clusterpark c G6 bi 3 2 Installation of goIDB GOL GUI and Linux golLoader 3 2 1 goIDB installation and initial configuration After downloading of installation package go to the folder where package is stored For installation of package use command sh or root Cent0s64 sh gol centos xt6_64 run erifying archive integrity All good ncompressing GOL elcome to installation wizard his wizard will ask you few simple questions and perform initial configuration fetc timezone No such
38. le commands chose Reindex and press button Send Open GOL GUI in internet browser and make sure that the problem is fixed Clusterpark Ltd 52 52
39. nd run the installation package WinGol installation starting window will be opened Picture 9 ie Setup WinGOL Cal Welcome to the WinGOL Setup Wizard This will install VinGOL version 1 0 on your computer It is recommended that you close all other applications before continuing Click Next to continue or Cancel to exit Setup Picture 9 WinGol installation starting window To continue installation press on button Next In order to cancel the installation press Cancel button By pressing on Next the window Picture 10 where name of the host and its description must be specified will be opened Clusterpark Ltd 28 52 Ol Users manual Version 1 0 Q hi Date 28 04 2014 GOL installation ie Setup WinGOL Host information Host Name User Host Description User Pi Picture 10 Window for input of host name and description Description of input parameters is shown in Table 8 Table 8 Description of input parameters for host name Name of field Description Host Name Input the name of the host It will be used for identification of host in GOL GUI visualization tools Host name is determined automatically from Windows settings It can be changed if necessary Host Description Input hosts broader description After input of information press Next to continue installation The window for input of golDB server IP address login and password Picture 11 will be opened i Setup
40. ngle Storages MISTE CSS Get Ctl ALEE Ca eee Logout CLUSTERPOINT A m i aes al 4 Unknown Create new storage Start storages Stop storages gt Storage RAM MB Disk MB Docs Words Status Unknown IP 127 0 0 1 golcfg v 42 5 169 1 25 19024 ACTIVE golstat v 32 9 19 7 7 118 ACTIVE goltslice v 0 0 11 0 0 O INACTIVE Start L ClusterPoint 2006 2014 Stop v2 3 0 71p 64 bit Dec 11 2013 18 25 25 Configure storage View log Run command Backup and restore storage Picture 36 Database information window 9 3 1 Stop and activation of individual databases In cases when stop or activation of the database is needed Sto p sto rages a In order to stop all databases press the button b In order to activate all databases press button _ Start storages c To stop or activate individual database press button and chose the items Start or Stop accordingly 9 3 2 Deleting documents from database Deleting of entries from database with keeping of data sources can be executed in following order a Stop the golLoader agents as described in the chapter 7 1 Preparing GOL prior WinGol uninstallation b Open the Cluster Storages item in golDB terminal c In the window that opens press on goldb in the column Cluster storages Clusterpark Ltd 45 52 gol Users manual Version 1 0 i GOL installation Date 28 04 2014 d Chose and pres
41. now ould like t t fi ti for It is recommended to use existing GOL GUI settings by typing Yes and pressing Enter Clusterpark Ltd 12 52 GOL installation ol Users manual Version 1 0 Q ti Date 28 04 2014 lusterpoint server Host localhost lusterpoint server Port 5558 oader name will be used for displaying records from this server oader name Oader description will be used in UI interface to describe loader Oader description Important settings installation will offer by default Description of settings is available in Table 2 Table 2 Description of golLoader installation settings Settings field Input description Clusterpoint Server Host By default localhost Input must be approved by pressing Enter Clusterpoint Server Port Specifies the network port through which golLoader will send data By default the port 5550 will be used Input must be approved b ing Enter Loader name Must be specified the name of server or computer host on which the loader will be installed This name will be used to identify host in golIDB and GOL GUI Input must be confirmed b ing Enter Loader description In this field description of host can be written This field is not mandatory Input must be confirmed by pressing Enter Clusterpark Ltd NG Poy 52 ol Users manual Version 1 0 Q m GOL installation Date 28 04 2014 3 2 4 Linux golLoader confi
42. o position amp if data sending directly after saving of configuration is not necessary It can be turned on later though Before the connection of log data source it is necessary to check their names and location Table 6 Examples for Linux log data sources y Log file keeps the name and work time of installed ai programs and packages Log file keeps entries of executed scheduled software installation activities Log file keeps notifications about user login and logout actions Messages Log file keeps overall performance of the system Log file keeps access to the Apache server data Log file keeps Apache server error notifications Usually Linux log file names are left as they are after installation but sometimes users are configuring the names for rotation files to identify them with date in file name In these cases file names must be specified as regular expressions Examples how to create file names as regular expressions are shown in Table 7 Table 7 Examples of log file names as regular expressions Log types If file name is not modified the name to write in field File name is recognized by specified in left column default messages 0 91 8 8 cPART log 0 1 0 9 1 2 0 1 gz 0 1 bz2 0 1 eps _ 0 cPART _ 0 9 2 2 3 3 log N cPARTY _ d 1 8 9z 0 1 I bz2 0 1 0 1 N cPART _ d 1 8 192 0 1 I bz2 0 1 0 1
43. og data source configuration window Description of log data source configuration settings is shown in Table 5 but examples with Linux log data sources are shown in Table 6 Table 5 Description of log data source settings Field name Source name A short name of log data source must be written Description The description of data source can be written Not mandatory but recommended File directory The full path to the folder from which log data will be collected must be indicated Filename In this field the unchanging part of log file name must be written For example if the files yumi yum2 yum3 etc which are the rotation files do exist than simply write yum Type Corresponding log file type must be select from the dropdown menu Storage Specify to which of golDB log data storages the entries will be sent By default it is main Load previous logs Switch is indicating should the agent collect and send to the database historical entries from rotation files By default position is a sending of historical data is enabled Can be moved to position 7 historical data won t be sent Enable load this Main switch for initialization of log entry sending process By source files y default switch is in position ay log data sending will be started Clusterpark Ltd 25 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 a immediately after saving of configuration It can be moved t
44. onment initially displays information about server resources in use Picture 35 Single Storages Cluster Storages Administration Tools Logout CLUSTERPOINT cps2 m v Aea aae Server Name cps2 vm Server Load Disk Usage Memory Usage Swap Usage IP Address 127 0 0 1 Disk Total 492 15 GB 2 0 Memory Total 4 016 66 MB i Uptime 84 days 5 hours 16 minutes de 11 seconds 1 0 Version 2 3 0 80 a 0 4 0 2 E 40 6 Used MM 27 0 Used MM 19 2 Used al ba IDAR Ml 59 4 Free MW 21 5 Free M 30 8 Free 051 6 Cached ClusterPoint 2006 2014 v2 3 0 80p 64 bit Jan 03 2014 17 12 13 Picture 35 Overview of golDB server resources Clusterpark Ltd 44 52 Ol Users manual Version 1 0 Q Date 28 04 2014 GOL installation Overview shows information about server CPU load hard disk and memory utilization and the current version of the database Attention should be paid to the amount of memory used its availability is a very important for golDB to work productively This information can be used for planning of the necessary resources 9 3 Database management In the menu items Single Storages and Cluster Storages management of individual databases and creation of new instances is available These sections features detailed information about each database memory and hard disk utilization amount of documents log entries consolidated amount of indexed words and database status Picture 36 Si
45. ops and then reactivates Clusterpoint database engine e Force reload Forcibly stops and then activates Clusterpoint database engine 10 4 GOL GUI is not running Internet browser program can not open the GOL GUI user login dialog In this case it is possible that Apache service is not running Apache service can be activated by taking following steps in Linux terminal mode 1 Switch to user root su l eol sol demo su l Password root ol demo 2 Start Apache service e For Debian and Ubuntu Linux execute command etc init d apache2 start e For Red Hat Fedora and CentOS Linux execute command etc init d httpd start 10 5 List with available log types in golLoader configuration window is empty If in log data configuration window Type dropdown menu is empty it is possible that information about configuration is not stored correctly in golDB In order to avoid that following steps must be executed Clusterpark Ltd 51 52 gol 1 2 3 4 5 6 7 8 Users manual Version 1 0 GOL installation Date 28 04 2014 Open internet browser In the address field enter Attp Server IP 5580 Authentication will be required for golIDB user terminal access Default parameters user root password password In main menu press the item Single storages Press on database name golcfg colored in blue On the left edge press on item run command From list of availab
46. ps2 Switch to user root su geol sol demo su l Password root ol demo Uninstall golLoader packages and remove folders yum remove gol loader amp amp rm rf usr local GOL loader Uninstall GOL packages and remove folders yum remove gol gui amp amp rm rf usr local GOL gui Uninstall golDB packages and remove folders yum remove cps2 amp amp rm rf usr local cps2 Clusterpark Ltd 41 52 gol Users manual Version 1 0 4 GOL installation Date 28 04 2014 8 Restore WinGol installation This chapter describes the installation sequence for WinGol recovery after uninstalling from the computer or server Restoration of WinGol installation may be necessary if the host that has already been registered in GOL is again necessary to connect to GOL for log data transmission REMARK If WinGol on the host was uninstalled than at first WinGol installation must be carried out as described in the chapter6 2 Installation of WinGol It must be noted that the Host Name must be the same as it is registered in GOL Configuration section Hosts tab Removed hosts After the host connection to the network it must be enabled in GOL e Run GOL GUI in web browser and login with administrators rights e Open Configuration in main menu e In the window with configuration elements chose Hosts window with list of all registered in GOL devices will be opened e In system configuration section open tab Removed ho
47. rds and alerts for crucial events e API for integration of data from golDB with other analytics systems or creation of Statistics reports with simple XML requests from applications like MS Excel More information about API and how to use it can be found at Clusterpoint Wiki page 1 1 Description of golLoader agents golLoader agents for Linux operating systems and WinGol for MS Windows OS are installed on devices servers or computers where the log data must be collected for transmission to golDB Agents transmit log data to golDB within time intervals that can be configured centrally from GOL GUI They provide collection of actual and historical rotated log data Besides the transmitting of log data agents contact the golDB at regular time intervals for receiving of configuration changes 1 2 Description of golDB golDB provides indexing and consolidation of log data received from agents in a single database Thanks to technologies built in the Clusterpark database engine golDB provides fast information search by using single words phrases or complex queries with Boolean expressions golDB can be clustered and mirrored thus building systems for ensuring additional data security and increased productivity More about Clusterpark DB engine and its capabilities can be found at www clusterpoint com GOL has several database instances whose role is described in Table 1 Table 1 Description golDB database instances Name of Description of datab
48. rtain the script was invoked You can remove this if you want once you are sure it is working fwrite ofp date Y m d H 1i s t Next we ll write all the trap data to the file We could use stream_copy_to_stream for this but I don t know if it is available on your server so I won t do it here fwrite ofp Data t while feof STDIN string trim fread STDIN 1024 string str_replace n t string string str_replace r string fwrite ofp string t fwrite ofp n We don t actually need a closing PHP tag and in many cases it is better to omit it to avoid unexpected whitespace being output e Save created PHP script in the folder which was specified in snmptrapd conf faile For example 0admin snptrap traphandle 02 sh php e If the snmpd and snmptrapd processes are not started during boot than they must be added to boot manually To perform that execute following commands in terminal mode Chkconfig snmpd on Chkconfig snmptrapd on Now SNMP trap is ready and golLoader can be configured in GOL GUI to start transfer data from a SNMP trap to golDB Clusterpark Ltd 20 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 a 4 GOL configuration after installation 4 1 Detection of golDB IP address If IP address is static and well known than this step can be omitted Before proceeding with further GOL configuration it is neces
49. s the link Run command in the tab More More Contigure storage Run command e New window will be opened where from dropdown chose command clear Command Command search Search Retrieve Lookup List last Delete Status Reindex Rebalance f In order to accept command and delete the entries in database press button a Send in the right edge 9 3 3 Commands that can be executed in database For golIDB management several built in commands can be used How to access them is described in chapter 9 3 2 Deleting documents from database starting from step b Description of commands is available in Table 12 Table 12 Commands available for goIDB management Description Search Command can be used for search of words and phrases in the database and displaying of the results Retrieve Command for finding and retrieval of document with displaying of full content by its ID nr Lookup Command for finding of the document by its ID nr These and other advanced commands can be executed in the menu item Tools In example Picture 37 with a red underline is marked the replaced value in goldb database for finding the word error Clusterpark Ltd 46 52 Users manual GOL installation gol Request GET URI http 127 0 0 1 cgi bin cps2 cgi Request POST URI tcp 127 0 0 1 5550 XML request lt xml version 1 0 encodina utf 8 gt lt cps request xmlns cns www clustervoint com gt
50. sary to determine the IP address assigned to the host on which GOL is installed This can be done by executing the command ifconfig in Linux terminal mode root localhost ifconfig ethe Link encap Ethernet HWaddr 08 00 27 66 49 49 inet addr 10 0 2 15 Bcast 10 0 2 255 Mask 255 255 255 0 inet6 addr fes0 a00 27ff fe66 a949 64 Scope Link UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 15 errors dropped 0 overruns 0 frame 0 TX packets 19 errors 0 dropped 0 overruns 0 carrier collisions txqueuelen 1000 RX bytes 10093 9 8 KiB TX bytes 1879 1 8 KiB Link encap Ethernet HWaddr 08 00 27 DC 22 EC Inet addr 192 168 0 195 Bcast 192 168 0 255 Mask 255 255 255 0 inet6 addr fe80 a00 27ff fedc 22ec 64 Scope Link UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 2437 errors 0 dropped 0 overruns 0 frame 0 TX packets 16 errors 0 dropped 0 overruns 0 carrier 6 collisions txqueuelen 1000 RX bytes 258179 252 1 KiB TX bytes 1684 1 6 KiB Link encap Local Loopback Inet addr 127 0 0 1 Mask 255 0 0 0 inet6 addr 1 128 Scope Host UP LOOPBACK RUNNING MTU 16436 Metric 1 RX packets 37992 errors 0 dropped 0 overruns 0 frame 0 TX packets 37992 errors 0 dropped overruns 0 carrler 0 collisions 0 txqueuelen 0 RX bytes 3655763 3 4 MiB Tx bytes 3655763 3 4 MiB golDB IP address is specified in eth1 configuration In example picture above it is seen as inet addr 192 168 0 195 REMAR
51. se term is over the license may be renewed upon receipt of a new license file After receiving of the file it must be uploaded to the database 1 In the menu item Administration press the arrow on the button User management and from the dropdown menu chose item License 2 Windows for license installation will be opened Under Install new license check the radio button with appropriate method for license renewal a In order to upload the file check the item Upload license file and press the Upload licence file button Browse P Browse b In order to renew the license with content from the license file check the item Copy licence content Copy license content and copy the content of the file in the empty field Clusterpark Ltd 48 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 a 10 Troubleshooting GOL 10 1 GOL system folders GOL system files by default are located in the following folders e Folder with GOL GUI interface files usr local GOL gui e Folder with golLoader Linux agent files usr local GOL loader e Folder with Clusterpoint database engine files usr local cps2 10 2 Linux golLoader agent is seen as inactive in GOL GUI network chart If the network chart in GOL GUI is identifying the host as inactive bubble with red ring and log entries are not transmitted to golDB it is possible that agent is either jammed or process is not started for some reason REM
52. sts 1 New hosts 1 Removed hosts 0 Name Code Description Enable Edit Remove DEMO PC DemoPC W8 6 0 Picture 17 Windows with list of newly installed loaders e For further configuration of loader press on icon Q The window for configuration of WinGol general settings will be opened Picture 18 Clusterpark Ltd 32 52 gOl Users manual Version 1 0 a GOL installation Date 28 04 2014 Back to host Edit host Code Pool count 200 Name Sleep time s Artis PC 20 Description Enable loading files from this host Artis work computer xP Picture 18 Window for configuration of WinGol main settings Description of loader configuration input settings is shown in Table 10 Table 10 Description of loader configuration settings Specifies the name of the host where WinGol is installed Broader description of the host Pool count The amount of log entries which WinGol is sending to golDB during each session can be specified By default maximum 200 rows will be sent Sleep time S Interval in seconds between each session can be specified By default interval is set to 20 seconds Switch In order to activate agent and start log data sending process press on switch s disabled by default Switch icon will be changed to indicating that log data sending is enabled Settings must be saved by pressing on button Save Now the WinGol agent is enabled and ready for further configuration e The
53. sts Picture 30 Back to configuration Hosts list Removed hosts 1 Name Code Description Enable Edit DEMO PC h2 DemoPCW8 O Picture 30 List with removed hosts Press on icon Q the column Edit in line with appropriate host e Host configuration window will be opened Picture 31 press on the switch in the line with host name Switch will be changed to P which means that host again is enabled for sending log data Back to host list Configure host DEMO PC co DemoPC W8 Sources 1 Name Code Description Type File Alias Storage Enable Edit Remove Application h_2_src_2 win_ev output main a oO Picture 31 Host configuration window Clusterpark Ltd 42 52 Ol Users manual Version 1 0 Q bee GOL installation Date 28 04 2014 If WinGol on host is installed again it is necessary to specify in GOL configuration the agent s name e Inthe Configure host window Picture 31 press on icon Q the end of line with host name Host connection configuration window will be displayed Picture 32 A Back to host Edit host Code Pool count h_2 200 Name Sleep time s DEMO PC 20 Description Enable loading files from this host DemoPC W8 Link to a new loader New loaders p New loaders DEMO PC Save Picture 32 Host connection configuration window e Inthe dropdown menu Link to a new loader is a record New loaders which means that new loader is available e Open Link to a
54. the names of folders or other settings should be changed press button Back To continue with installation press button Install ie Setup WinGOL Ready to Install Setup is now ready to begin installing WinGOL on your computer a Click Install to continue with the installation or click Back if you want to review or change any settings Destination location CiWinGOL Picture 15 Window with overview of installation folders Clusterpark Ltd 31 52 GOL installation Date 28 04 2014 gol Users manual Version 1 0 e After successful installation the window with overview of WinGol installation status will appear Picture 16 fe Setup WinGOL Completing the WinGOL Setup Wizard Setup has Finished installing WinGOL on your computer Click Finish to exit Setup Picture 16 Installation status window To close it pres Finish AIl WinGol processes necessary for collection and transmission of log data will be started automatically Information about connected host will appear in GOL GUI approximately after 10 sec and will be available for further configuration 6 3 WinGol configuration in GOL To finish configuration of WinGol run GOL GUI in the browser and login with administrator rights e Inmain menu open Configuration e Inthe window with configuration elements chose Hosts e Open tab New hosts Picture 17 with list of newly installed loaders Back to configuration Hosts list Jo
55. to other log data sources which are intended to be transmitted to database as well Status of enabled events can be checked in the tab Sources Picture 21 Icon indicates that loader is transmitting the entries from corresponding data file to the golDB A Back to host list Configure host ack to host lis DEMO PC a DemoPC W8 Sources 1 Name Code Description Type File Alias Storage Enable Edit Remove Application h_2 src2 win_ev output main Picture 21 List with enabled for transmission data sources When all events are enabled with link Back to host list return to the list with configured hosts Picture 22 Back to configuration Hosts list Hosts 2 Name Code Description Enable Edit Remove DEMO PC h2 DemoPCW8 o QO Q GOLdemo h1 GOL server loader ag Oo O Picture 22 List with configured hosts Clusterpark Ltd 36 52 gOl Users manual Version 1 0 i GOL installation Date 28 04 2014 Switch at the position in column Enable indicates that the loader on particular host is enabled but icon Win front of host name indicates that the loader is transmitting data to database Clusterpark Ltd 37 52 gol Users manual Version 1 0 4 GOL installation Date 28 04 2014 7 WinGol and Linux golLoader uninstallation 7 1 Preparing GOL prior WinGol uninstallation Before WinGol uninstallation from the host it must be disconnected from golDB e Run GOL GUI in we
56. window for list of log data sources will be opened To configure the log data sources for particular loader press New sources tab Picture 19 where all automatically recognized MS Windows event types will be listed REMARK If the New Sources tab in configuration window has index 0 the GOL GUI link in the browser should be refreshed Clusterpark Ltd 33 52 GOL installation gOl Users manual 6 Configure host DEMO PC a DemoPC W8 New sources 6 Name Code Description Application h_2_src_2 HardwareEvents h_2_src_3 Internet Explorer h_2_src_4 Key Management Service h_2_src_5 Security h_2_src_7 System h_2_src_8 Picture 19 The name of event is specified in column Name The Type win_ev win_ev win_ev win_ev win_ev win_ev List of automatically recognized MS Windows events NEW File output1 output2 output3 output4 output6 output7 Alias Storage main main main main main main Version 1 0 Date 28 04 2014 Enable EEEE Back to host list Edit Remove o 00000 O 000000 in the column Enable does mean that corresponding log data transmission is not started and it must be enabled That can be done by pressing on icon The window for log data transmission settings configuration will be opened Picture 20 e In the settings fields information received from loader has been already shown It is not recommended to ch
Download Pdf Manuals
Related Search