circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Director Deployment Overview

The Logpoint Director setup process requires the installation of the Director components separately and in a specified order, ensuring compatibility between the versions of Logpoint, LPSM, and Director Fabric for proper configuration.

Director components can be deployed using ISO or any of the available Virtual Images. Installation of Director components using ISO is outlined in Installation Sequence of Director Components using ISO.

There are three options available for deploying Director components using virtual images:

circle-info

Director OVA and VHD deployment is not supported in Director v2.9.x.

  • Director OVAs

  • Director VHDs

hashtag
Installation Sequence of Director Components using ISO

  1. Install Fabric Server(s). Go to Installation of Fabric Server for more details.

  2. Install an API Server. Go to Installation of API Server/Director Console for more details.

  3. Install an LPSM. Go to Installation of Logpoint Search Master for more details.

  4. Install a Logpoint. Go to Installation of Logpoint for more details.

After individually installing the Fabric Servers, API Server, Logpoint Search Master, and Logpoint, the Director setup is ready.

  • During the initial boot of the installation process, you may encounter multiple warning messages pertaining to the setup of the Live DVD environment. These can be safely disregarded, as they do not affect the installation process.

  • In case of a failed or incomplete installation, it is crucial to go to the BIOS menu and wipe the disk data before attempting a second installation with the ISO. If you do not do so, the second installation attempt will also fail.

  • While upgrading the Director components to newer versions, we recommend you follow the same sequence.

Director Installation Sequence

hashtag
Version Compatibility for Logpoint Director

Go to Logpoint SIEM and Director to learn about the version compatibility for Director with Logpoint SIEM.

hashtag
System Requirements

hashtag
Hardware Requirements

The minimum required hardware specification for the Director setup should be:

For Fabric Servers and API Server/Director Console:

Component

Requirement

Number of vCPU

Minimum 4

RAM

Minimum 8 GB

HDD

Minimum 100 GB

For LPSM:

Component

Requirement

Number of vCPU

Minimum 2

RAM

Minimum 8 GB

HDD

Minimum 100 GB

For Fabric-enabled LogPoint instances:

Component

Requirement

Number of vCPU

Minimum 4

RAM

Minimum 8 GB

HDD

Minimum 100 GB

circle-info

  • All components of the Director setup must be installed in a Virtual Environment.

  • Depending on log volume, hardware requirements are subject to change.

  • The ZFS (Zettabyte File System), used in the LogPoint Director, itself provides a software-defined solution for disk-based redundancy (Mirror, RAIDZ). Hence, it is not recommended to use hardware-based RAID. Doing so limits the ZFS to perform self-healing on checksum failures.

  • When selecting the RAIDZ mode, the first three disks are used for OS and Application installation. The remaining disks, if any, can be used to extend the disk space or used as L2ARC (Level 2 Adjustable Replacement Cache) or ZIL (ZFS Intent Log) for enhancing the read/write performance of ZFS. This can be done using ZFS commands.

hashtag
Supported Browsers

The following browsers best support LogPoint Director components:

  • Safari (latest)

  • Google Chrome (latest)

  • Firefox (latest)

hashtag
Port information of the Director setup

To establish a connection within or outside the Director setup when using a network firewall:

Description

Ports required

Connection from Director components to other servers (NTP, DNS, and for support connection)

  • UDP: 123 (NTP), 53 (DNS), 1193 (support connection)

Connection between the Fabric Servers (in a cluster setup)

  • ICMP: To ping

  • TCP: 22, 88, 464, 749, 750, 754, 2181, 2121, 8485, 9000, 10004, 10006, 50020, 50475, 51070, 2888, 3888

  • UDP: 88, 464, 750, 1194

Connection from the Fabric Server to the API Server, LPSM or LogPoint

  • ICMP: To ping

Connection from the API Server to the Fabric Server

  • ICMP: To ping

  • TCP: 22

  • UDP: 1194

Connection from the LPSM to the Fabric Server

  • ICMP: To ping

  • UDP: 1194

Connection from the LogPoint to the Fabric Server

  • ICMP: To ping

  • UDP: 1194

Access to LPSM UI, Director Console API, and Director Console UI

  • ICMP: To ping

  • TCP: 443

Connection to SNMP

  • ICMP: To ping

  • UDP: 161

hashtag
Version specific requirements

Director v2.6.0

To install LPSM v2.6.0, your CPU must support Advanced Vector Extensions (AVX). You can check your CPU’s AVX compatibility using the following command:

If there is no output after running the command, your CPU doesn’t support AVX.

hashtag
Establish an SSH Connection

After successfully installing the Director setup, you can access the Fabric Servers and API Server through the console as the cmdr-admin user and the LPSM through the console as the li-admin user. Go to SSH Key Pair for li-admin to establish an SSH connection for li-admin.

You must establish an SSH connection to upgrade the Director patches.

hashtag
Configuring an SSH pair for cmdr-admin

  1. Log into the Fabric Servers or API Server using cmdr-admin.

  2. Create a directory in the Server using the following command:

  3. Create an SSH pair in the Server using the following command:

  4. Copy the public key to authorized_keys using the following command:

  5. Use addadminip command to add remote device IP address to the Server. The command will add a firewall rule required to access the Server through the remote device IP.

  6. Move the private key to your local machine using the following command:

  7. Establish an SSH connection with the API using the following command:

Once you access the system, change the password using the passwd command.

hashtag
Change SSH Keys

For Director API and Fabric servers v2.5.0 and later, we recommend you change the SSH key pair manually and generate an SSH key pair using the RSA algorithm. To change the SSH key pair manually:

  1. Create SSH key pairs using the command:

    A private key named director will be generated.

circle-check

You must repeat the following steps for both API server and Fabric server. If the Director Fabric is a cluster setup, follow these steps for all the cluster nodes.

  1. Copy the generated private key to both API server and Fabric server. If the Director Fabric is a cluster setup, copy the key to all the cluster nodes using the following command:

    <machine-ip> is the IP address of the API or Fabric server where you need to copy the SSH key.

    This copies the director key to the home directory of the server with IP address.

  2. Access each API server and Fabric server individually via SSH.

  3. Execute the following command:

    This will replace the existing SSH key pair with a new SSH key pair.

hashtag
Post-installation Setups For New Deployments

After installing Director 2.8.0 or later, you must set and update specific passwords in the exact order listed below. This sequence is critical to maintain secure communication between the Fabric Server, API Server, and LPSM.

circle-exclamation

Follow the steps listed in their exact order. If you don’t, this may result in Director crashing or a communication failure between the Fabric Server, API Server, and LPSM.

hashtag
Prerequisites

  • SSH access to all Fabric Servers and the API Server.

  • Access to LPSM UI.

hashtag
Fabric Server

  1. SSH into the Fabric Server.

  2. Run the following command to set the Fabric Network VPN password for the API Server:

  3. Run the following command to set the Fabric Network VPN password for LPSM:

  4. Run the following command to set the Fabric Proxy password:

If you’re running a cluster, repeat steps 1 - 4 on every Fabric Server in the cluster and use the same client password and proxy password on each Fabric Server.

After changing the passwords, create a backup using the fabric-app-backup-restore command. We recommend that users store their passwords in a secure password manager.

hashtag
API Server

  1. SSH into the API Server.

  2. Run the following command to set the Fabric Network VPN password:

    Use the same password you used in step 2 above, the password for the Fabric Server for Fabric Network VPN.

  3. Run the following command to set the Fabric Proxy password:

    Use the same password you used in step 4, the password for the Fabric Server for Fabric Proxy.

  4. Run the following command to set the Fabric Authenticator password:

hashtag
LPSM

  1. Log in to LPSM and go to System Settings > Logpoint Director.

  2. In the Fabric Network section, enter the Fabric Network VPN password set on the Fabric Server.

  3. In the Fabric Connect section, enter the Fabric Authenticator password set on the API Server.

  4. In the Sync Pools section, enter the Fabric Proxy password set on the Fabric Server using the username zkacl.

hashtag
Pre-installed Integrations

Starting from Logpoint Search Master v2.1.0, LPSM comes with the following pre-installed authentication integrations:

hashtag
Change Network Information

You can change the network information of the Fabric Server and the API Server using the change-ip command exposed to the cmdr-admin user. The command allows you to change the existing network information such as Hostname, IP Address, Netmask, Gateway, PrimaryDNS, SecondaryDNS and Domain name of the Fabric Servers and the API Server.

circle-exclamation

AWS and Azure environments do not allow changes after launching the instances. For that reason, after setting up network information do not change it for Fabric Server AMI, API Server AMI, Fabric Server VHD and API Server VHD on AWS or Azure.

hashtag
Changing the Network information of the Fabric Server

  1. Execute the change-ip command in the Fabric Server and make the necessary changes.

  2. If you change the IP address of the Fabric Server, you must:

    2.1. Execute the com-appinstaller command in the API Server to update the changes.

    2.2. Update the Fabric Network information of the LogPoint Search Master and the Fabric-enabled LogPoint instances.

  3. If you change the Hostname and the Domain name of the Fabric Server, you must:

    3.1. Execute the get-fabrichosts command in the API Server.

    3.2. Re-configure the Fabric Storage settings of the LogPoint Search Master and the Fabric-enabled LogPoint instances.

    • You can change the Domain name of the network only from the master Fabric Server.

    • You must change the Hostname and IP Address of each server individually.

    • The Domain name for each node of the Fabric Server must be the same. However, the Hostname and IP Address of each Fabric Server node must be unique.

hashtag
Changing the Network information of the API Server

  1. Execute the change-ip command in the API Server and make the necessary changes. The Domain name of API Server and Fabric Server must be the same.

  2. Execute the addfwrule command in the Fabric Server.

hashtag
Configure Public IP for Fabric Server

To configure public IP addresses for Fabric Servers:

  1. Execute the configure-public-ip command in the Fabric Server.

  2. Enter the public IP addresses of the Fabric Nodes in the Public IP Address Assigment panel.

    A confirmation window appears summarizing the public IP addresses assigned to the Fabric Servers.

circle-info

The public IP addresses assigned to the Fabric Servers can be used in the LogPoint’s Fabric Network and the LPSM’s Fabric Network configurations.

Last updated

Was this helpful?