This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Command Line Options

Run the commands to configure the ESA.

1 - Forwarding system logs to Insight

When the logging components are configured on the ESA or the appliance, system logs are sent to Insight. Insight stores the logs in the Audit Store. Configure the system to send the system logs to Insight.

  1. Log in to the CLI Manager on the ESA or the appliance.

  2. Navigate to Tools > PLUG - Forward logs to Audit Store.

  3. Enter the password for the root user and select OK.

  4. Enter the IP address of all the nodes in the Audit Store cluster with the Ingest role and select OK. Specify multiple IP addresses separated by comma.

    To identify the node with the Ingest roles, log in to the ESA Web UI and navigate to Audit Store > Cluster Management > Overview > Nodes.

  5. Enter y to fetch certificates and select OK.

    Specifying y fetches td-agent certificates from target node. These certificates can then be used to validate and connect to the target node. They are required to authenticate with Insight while forwarding logs to the target node. The passphrase for the certificates are stored in the /etc/ksa/certs directory.

    Specify n if the certificates are already available on the system, fetching certificates are not required, or custom certificates are to be used.

  6. Enter the credentials for the admin user of the destination machine and select OK.

    The td-agent service is configured to send logs to Insight and the CLI menu appears.

2 - Forwarding audit logs to Insight

The audit logs are the data security operation-related logs, such as protect, unprotect, and reprotect and the PEP server logs. The audit logs from the appliance, such as, the DSG are forwarded through the Log Forwarder service to Insight. Insight stores the logs in the Audit Store on the ESA.

The example provided here is for DSG. Refer to the specific protector documentation for the protector configuration.

  1. Log in to the CLI Manager on the appliance.

  2. Navigate to Tools > ESA Communication.

  3. Enter the password of the root user of the appliance and select OK.

  4. Select the Logforwarder configuration option, press Tab to select Set Location Now, and press Enter.

    The ESA Location screen appears.

  5. Select the ESA to connect with, then press Tab to select OK, and press ENTER.

    The ESA selection screen appears.

    ESA selection screen

To enter the ESA details manually, select the Enter manually option. A prompt is displayed to enter the ESA IP address or hostname.

  1. Enter the ESA administrator username and password to establish communication between the ESA and the appliance. Press Tab to select OK and press Enter.

    The Enterprise Security Administrator - Admin Credentials screen appears.

    Enterprise Security Administrator - Admin Credentials screen

  2. Enter the IP address or hostname for the ESA. Press Tab to select OK and press ENTER. Specify multiple IP addresses separated by comma. To add an ESA to the list, specify the IP addresses of all the existing ESAs in the comma separated list, and then specify the IP for the additional ESA.

    The Forward Logs to Audit Screen screen appears.

  3. After successfully establishing the connection with the ESA, the following summary dialog box appears. Press Tab to select OK and press Enter.

    ESA Communication - Summary screen

  4. Repeat step 1 to step 8 on all the appliance nodes in the cluster.

3 - Applying Audit Store Security Configuration

The Apply Audit Store Security Configs setting is available for configuring the Audit Store security. This setting must be used after upgrading from an earlier version of the ESA when custom certificates are used. Run the following steps after the upgrade is complete and custom certificates are applied for td-agent, Audit Store, and Analytics, if installed.

  1. From the ESA Web UI, navigate to System > Services > Audit Store.

  2. Start the Audit Store Repository service.

  3. Open the ESA CLI.

  4. Navigate to Tools.

  5. Run Apply Audit Store Security Configs.

4 - Setting the total memory for the Audit Store Repository

The Set Audit Store Repository Total Memory tool is used to specify the total RAM allocated for the Audit Store Repository on the ESA.

The RAM allocated for the Audit Store on the appliance is set to a optimal default value. If this value is not as per the existing requirement, then use this tool to modify the RAM allocation. However, when certain operations are performed, such as, when the role for the node is modified or a node is removed from the cluster, then the value set is overwritten. Additionally, the RAM allocation reverts to the optimal default value. In this case, perform these steps again for setting the RAM allocation after modifying the role of the node or adding a node back to the Audit Store cluster.

  1. From the ESA Web UI, navigate to System > Services > Audit Store.

  2. Start the Audit Store Repository service.

  3. Open the ESA CLI.

  4. Navigate to Tools.

  5. Run Set Audit Store Repository Total Memory.

  6. Enter the password for the root user and select OK.

  7. Specify the total memory that must be allocated for the Audit Store Repository and select OK.

  8. Select Exit to return to the menu.

  9. Repeat the steps on the remaining nodes, if required.

5 - Rotating Insight certificates

Rotate the Insight certificates after the the ESA certificates are rotated. This refreshes the Insight-related certificates that is required for the Audit Store nodes to communicate with the other nodes in the Audit Store cluster and the ESA.

For more information about rotating the Insight certificates, refer here.