Updating configurations after changing the domain name

Complete these steps after updating the domain name for the system. This is important when the td-agent is used for sending logs to Insight and the external SIEM over TLS. These steps update the bind key in the INPUT_forward_external.conf file with the updated domain name.

Before you begin:

Ensure that the following prerequisites are complete:

  • The ESA is configured to forward logs to Insight and the external SIEM.

    For more information about forwarding logs to a SIEM, refer here.

  • The external syslog server is available and running.

  • If certificates are used, ensure that the certificates are updated with the required information.

    For more information about updating the certificates, refer here.

Perform the following steps to update the configuration:

  1. Open the CLI Manager on the Primary ESA.

    1. Log in to the CLI Manager of the Primary ESA.

    2. Navigate to Administration > OS Console.

    3. Enter the root password and select OK.

  2. Run the following command to update the configuration files.

    /opt/protegrity/td-agent/scripts/update_bindaddress_td_agent_INPUT_forward_external.sh $(hostname)

    The bind address in INPUT_forward_external.conf is updated with the hostname.domainname.

  3. Restart the td-agent service.

    1. Log in to the ESA Web UI.

    2. Navigate to System > Services > Misc > td-agent,

    3. Restart the td-agent service.

  4. Complete the steps on the remaining ESAs where the domain name must be updated.

  5. If td-agent is used to receive logs on the ESA or are using an external SIEM, then update the upstream.cfg file on the protector using the following steps.

    1. Log in and open a CLI on the protector machine.

    2. Navigate to the config.d directory using the following command.

      cd /opt/protegrity/logforwarder/data/config.d

      Protectors v9.2.0.0 and later use the /opt/protegrity/logforwarder/data/config.d path. Use the /opt/protegrity/fluent-bit/data/config.d path for protectors v9.1.0.0 and earlier.

    3. Back up the existing upstream.cfg file using the following command.

      cp upstream.cfg upstream.cfg_updating_host_backup

      Protectors v9.2.0.0 and later use the upstream.cfg file. Use the upstream_es.cfg file for protectors v9.1.0.0 and earlier.

    4. Open the upstream.cfg file using a text editor.

    5. Update the Host value with the updated IP address of the ESA.

      The extract of the code is shown here:

      
[UPSTREAM]
    Name       pty-insight-balancing

[NODE]
    Name       node-1
    Host       <IP address of the ESA>
    Port       24284
    tls        on
    tls.verify off

      The code shows information updated for one node. If multiple nodes are present, then ensure that the information is updated for all the nodes.

      Do not leave any trailing spaces or line breaks at the end of the file.

      Protectors v9.2.0.0 and later use the Name parameter as pty-insight-balancing. Use the Name parameter as pty-es-balancing for protectors v9.1.0.0 and earlier.

    6. Save and close the file.

    7. Restart logforwarder on the Protector using the following commands.

      /opt/protegrity/logforwarder/bin/logforwarderctrl stop
/opt/protegrity/logforwarder/bin/logforwarderctrl start

      Protectors v9.2.0.0 and later use the /opt/protegrity/logforwarder/bin path. Use the /opt/protegrity/fluent-bit/bin path for protectors v9.1.0.0 and earlier.

    8. Complete the configurations on the remaining protector machines.

Last modified : November 18, 2024