Logsign SIEM Installation Guide [EN]

LOGSIGN SIEM INSTALLATION GUIDE v1.0.0

 

1.1. Installing Logsign SIEM with VMware ISO

VMware ESXi the latest hypervisor offered by VMware is the virtualization architecture. It has ultra-slim architecture, therefore it has a remarkable performance on all operating systems. Let’s begin installation process of Logsign SIEM on VMware ESX.

1.2. Before the Beginning:

#The selected fields after this row “{ }” applies "Installing Logsign SIEM with VMware ISO, Installing Logsign SIEM on Bare Metal and Installing Logsign SIEM via Hyper-V" parts.

 

{

You need to make sure that there is no restriction on the access to the Internet which that you will assign to Logsign SIEM. If you are using firewall, UTM, WebFilter, IPS, IDS, Application Control Module or other third party security hardware or software, you need to authorize internet access (full access) which that you will assign to Logsign SIEM. Because Logsign SIEM installation should be able to access to the internet for software updates.

The disk will be formatted that you have allocated for Logsign SIEM. The ISO file contains Logsign SIEM software integrated with Ubuntu 64 Bit. Logsign SIEM will be installed on the Ubuntu operating system. For this reason we recommend you should not install Logsign SIEM which is an important server on datastore. Otherwise, you may lose all your data.

{

If you have not downloaded the ISO file, you can download from here.

1.3. Connecting to the ESX Server

#The selected fields after this row “{ }” applies "Installing Logsign SIEM with VMware ISO, Installing Logsign SIEM on Bare Metal and Installing Logsign SIEM via Hyper-V" parts.

 

{

We are launching our vSphere Client application and fill out the information of your server completely and click on "Login" button.

IP Address / Name: Server name or IP address

User Name: Username

Password: Password

Click on the "Install this certificate and do not display any security warnings" button in the warning that appears on the screen.

}

1.4. Creating VM and Installing Logsign SIEM via ISO

We are connected to our server and we recommend you read the steps after this step more carefully. In the "Basic Tasks" window, we click on the "Create a New Virtual Machine" button and  we are starting to build our server with the following wizard.

a. On the configuration tab, select Typical and proceed to Next.


b. On the Name and Location tab we set a name for our Logsign SIEM and proceed with Next.


c. On the Storage tab, select the datastore partition where you will install Logsign SIEM product and proceed to Next.


d. On the Guest Operating System tab, select Linux and Ubuntu Linux (64-bit) respectively and proceed to Next.


e. On the network tab we select the network adapter to enable Logsign SIEM to access the network and mark the Connect at Power On check box to define the system's network adapter at boot-up and proceed to Next.


f. On the Create a Disk tab we will set the disk size at which to install Logsign SIEM. Here are three (3) options.

Thick Provision Lazy Zeroed: It allocates all of the disk space you allocate from the datastore. If you select this option, the blocks in the disk will be reset as data is written. For this reason it occurs in a short time.

Thick Provision Eager Zeroed: It allocates all of the disk space you allocate from the datastore. If we choose this option, the blocks in the disc will be reset directly without writing any data.

Thin Provision: It differs from our previous two (2) methods. They do not allocate disk space from the datastore. As the disc is used, it expands itself.

Ready to Complete: It's a screen that we can preview the settings we made. With Finish we are terminating the wizard.

Once you have created your machine, you will need to mount your ISO file on the CD ROM after modifying the amount of CPU and RAM by modifying it.

Right-click on the virtual machine we created and click Edit Settings.

On the Memory tab we will set the amount of RAM for Logsign SIEM.

On the CPUs tab, we will set the amount of CPU that we specify set for our virtual machine.

On the CD/DVD Drive tab we will mount Logsign SIEM ISO file. In the right side as you see select the option of the Datastore ISO and click the Browse button. Select the folder where your ISO file is located and click OK button. Then do not forget to check Connect at Power On in the Device Status  section above. Then we click on the OK button to complete the configuration.

Right-clicking on the virtual machine we created and turning and respectively Power -> Power On will enable the virtual machine to receive energy.

Our virtual machine booted up and the loading scenario started. To see what's happening, click on the Console tab from the right-hand side and you can see the images of the installing on the screen.

While the installation is in progress, you will come across different screens and we tried to show below what you need to do on these steps.

#The selected fields after this row “{ }” applies "Installing Logsign SIEM with VMware ISO, Installing Logsign SIEM on Bare Metal and Installing Logsign SIEM via Hyper-V" parts.

{

#Please note that: Your keyboard language may be "EN" during installation.

On the Configure the Network section, you need to assign the IP address of Logsign SIEM. It's a good idea to make sure that you do not have an IP address used on your network. Then we continue with "arrow keys" using Continue.

The Netmask section comes up and in this section we continue with Continue by typing our network mask.

In the gateway section, we write the address of the network gateway that you use on your network.

In our next step, the installation will ask you to enter the Name Server Address, which is the DNS address. After completing this part, we continue with Continue in the same way.

In this step will copy all the necessary files and install Logsign SIEM along with the operating system.

 

During installation, a screen will appear titled "Partition Disks" and will ask for approval to perform the operations performed on the disk. In this step, we choose Yes.

Once our installation process is complete, your virtual machine will automatically restart and install the required services/components. Let's wait for an average of three (3) minutes (which may vary by CPU, RAM and DISK speed) to finish the installation process.

The display will show the name of the host operating system and the IP address of your machine.

1.5. Accessing via WEB Browser

#The selected fields after this row “{ }” applies "Installing Logsign SIEM with VMware ISO, Installing Logsign SIEM on Bare Metal and Installing Logsign SIEM via Hyper-V" parts.

{

Open the WEB browser and write http://LOGSIGN_IP_ADDRESS to the address bar. Then you will be directed to the installation wizard when you write Logsign SIEM IP address.

You will see two (2) different options:

I have a License Key: If you have a license key that you have purchased, you are choosing this option.

Free Edition: As you know free version

 

1.6. License

Host ID: Unique identification number of Logsign SIEM.

Serial Key: This section is the the serial number given to you when you purchased Logsign SIEM (this requirement will not be asked if you choose Free Edition).

Name: Name of the person who will use Logsign SIEM.

Last Name: Last name of the person who will use Logsign SIEM.

Company Name: Name of the company to use Logsign SIEM.

E-mail: E-mail address of the person who will use Logsign SIEM.

Phone: Phone number of the person who will use Logsign SIEM.

Once the above information has been completely filled in, click the Activate button in the lower right corner of the window and the next step is executed after the activation of the product is performed

#Please note that: Once you have filled in the information under the “License” tab in the setup wizard, you can not return to the license registration information window, which is the previous step from the password setting screen.

1.7. Password

There are points to note in this section that you will set the password for the admin user for use in the WEB interface.

Password: WEB interface password that you specified.

Verify Password: You need to rewrite your password in this section, which is required for validation of the WEB interface password that you specified.

After you specify your password, click the Next button in the lower right corner to move to the next step.

#Please note that: When the password creation process of Logsign SIEM is carried out, the name, date of birth, football team, etc. should not contain easily guessable spoken words. It is recommended that you use a combination of at least one (1) uppercase, lowercase, digit (not consecutive), and special characters.

1.8. System Password

In this section Logsign SIEM allows you to change the password of the iadmin user, which is required to provide access via the CLI, as well as the password creation policies specified in the WEB interface.

Password: CLI password that you specified.

Verify Password: You need to rewrite your password in this section, which is required for validation of the CLI password that you specified.

#Please note that: When the password creation process of Logsign SIEM is carried out, the name, date of birth, football team, etc. should not contain easily guessable spoken words. It is recommended that you use a combination of at least one (1) uppercase, lowercase, digit (not consecutive), and special characters.

After you specify your Logsign SIEM CLI password, click the Next button in the lower right corner to move to the next step.

1.9. Email

Use SMTP Authentication: We mark this box to use the SMTP authenticator.

Username: The username of the person who will use SMTP authentication.

Password: The password for the username that will be doing SMTP authentication.

SMTP Port: The port address to use for SMTP authentication (may vary depending on the email provider).

Use TLS: This box should be checked if your email provider is using the TLS service.

SMTP Server: The server name of the SMTP e-mail provider.

From Mail: The e-mail address that will send the information messages about Logsign SIEM.

Destination Mail: The e-mail address that will receive the information messages about Logsign SIEM.

Click on the Test Mail button below and you will see Success on the screen if your configurations are correct.

Then we go to the next step with the Next button in the bottom right corner.

#Please note that: You can skip with the Skip button in the bottom right corner and reconfigure it at another time.

2.0. Finish

This is where the configuration of your setup wizard ends.

Once you click Launch Logsign button, you will be redirected to the WEB interface login page.

}

2.1. Installing Logsign SIEM with VMware OVA

VMware ESXi the latest hypervisor offered by VMware is the virtualization architecture. It has ultra-slim architecture, therefore it has a remarkable performance on all operating systems. Let’s begin installation process of Logsign SIEM on VMware ESX.

2.2. Before the Beginning:

#Please go to 7-21. line.

If you have not downloaded the OVA file, you can download from here.

 

2.3. Connecting to the ESX Server

#Please go to 23-36. line.

 

2.4. Installing Logsign SIEM via OVA

From the menu bar at the top left of your VMware vSphere Client window, click File -> Deploy OVF Template.

We will try to explain the steps in below.

a. Source: After you have specified the location by clicking on the Browse button of the OVA file that you have downloaded, we move to the next step with the Next button.
b. OVF Template Details: You will see the details of the OVA file in this step. You can see information of the downloaded file such as the product name, the size it covers, the publisher, and the description.

#Please note that: If you want to install Logsign SIEM product with the OVA file, you do not have the possibility to change the disk size. If you want to expand the disk size of Logsign SIEM after the installation, you can apply disk expansion (with LVM).

#Please note that: Contact Logsign SIEM Customer Support Unit on the topic of disk expansion.

c. Name and Location: You can give a name for defining Logsign SIEM product.


d. Storage: Select the datastore partition where you will install Logsign SIEM and proceed to Next.
e. Disk Format: In the disk format section, you should select the format of the disk-size formatting on the datastore where you will install Logsign SIEM.

Thick Provision Lazy Zeroed: It allocates all of the disk space you allocate from the datastore. If you select this option, the blocks in the disk will be reset as data is written. For this reason it occurs in a short time.

Thick Provision Eager Zeroed: It allocates all of the disk space you allocate from the datastore. If we choose this option, the blocks in the disc will be reset directly without writing any data.

Thin Provision: It differs from our previous two (2) methods. They do not allocate disk space from the datastore. As the disc is used, it expands itself.

In this section, we mark Thick Provision Lazy Zeroed and pass the last step with the Next button.

f. Ready to complete: It's a screen that we can preview the settings we made. If the Power on after deployment box is ticked, your Logsign SIEM product will automatically power on after deploy. We are terminating the wizard with Finish.

The setup wizard will close and you will see a small window titled Deploying Logsign SIEM. Logsign SIEM will be configured in accordance with the settings we made in the setup wizard. Average duration is 3-4 minutes and may vary depending on your hardware resources. When the process is completed, the Completed Successfully expression will be written under the Deploying Logsign SIEM article. Then If you check the Power on after deployment box, your Logsign SIEM will automatically power on after this process.

The display will show the name of the host operating system and the IP address of your machine.

2.5. Accessing via WEB Browser

#Please go to 112-185. line.

 

2.6. Installing Logsign on Bare Metal

You need to make sure that there is no restriction on the access to the Internet which that you will assign to Logsign SIEM. If you are using firewall, UTM, WebFilter, IPS, IDS, Application Control Module or other third party security hardware or software, you need to authorize internet access (full access) which that you will assign to Logsign SIEM. Because Logsign SIEM installation should be able to access to the internet for software updates. The disk will be format when Logsign SIEM product is loading. It is recommended that you do not install on an important server before the installation, and if you are installing back up your files.

Please set up Logsign SIEM ISO file to the bootable USB or burn to the DVD. Then plug in installation device to the related slot (CD/DVD ROM or USB).

2.7. BIOS Configuration

Once you start the machine, use one of the ESC, F10, or F9 keys (which may vary depending on the server you are using) to enter the BIOS settings. Go to the BOOT tab. In this section we bring the  CD/DVD or USB option to the first position so that it is the first bootable device. Then we save our settings (Save and Exit) with F10 key (changeable) button and the machine will restart.

The setup screen will comes up.

#Please go to 88-185. line.

 

2.8. Installing Logsign SIEM via Hyper-V

Hyper-V is a virtualization architecture offered by Microsoft. Multiple virtual servers and virtual networks can be created according to the purpose on Hyper-V.

2.9. Before the Beginning

You need to make sure that there is no restriction on the access to the Internet which that you will assign to Logsign SIEM. If you are using firewall, UTM, WebFilter, IPS, IDS, Application Control Module or other third party security hardware or software, you need to authorize internet access (full access) which that you will assign to Logsign SIEM. Because Logsign SIEM installation should be able to access to the internet for software updates. The disk will be format when Logsign SIEM product is loading. It is recommended that you do not install on an important server before the installation, and if you are installing back up your files.

3.0. Connecting to the Hyper-V Server

We are opening the Hyper-V Manager Tool. Then, in our opened application, we click the Connect to Server button under the Action tab on the right side of the window. A window titled Select Computer will come up and you will see two (2) options.

Local computer: Local Computer (available on your local server)

Another Computer: If the server is on another computer, you need to enter the IP address here.

Select the relevant option according to the configuration in your system and click the OK button. Then, on the left side of the window, you will see the server name under the Hyper-V Manager tab that you have connected.

Before start to configuring the virtual machine, we need to create a virtual network adapter and adapt it accordingly.

Right-click on the server name under the Hyper-V Manager tab and select Action -> Virtual Switch Manager from the related menu or from the menu bar on the upper left of the window.

Virtual Switch Manager will comes up. From the options under the Create Virtual Switch heading on the right, select External and click on the Create Virtual Switch button at the bottom.

You will select a name for our virtual network adapter and the windows that will open, then click OK button at the bottom of the window and you will get a warning "Pending changes may disrupt network connectivity". Once you click on the Yes button, the Hyper-V network adapter will restart.

We can build a virtual machine to install Logsign SIEM product.

3.1. Creating Virtual Machine and Installing Logsign SIEM via Hyper-V

We are starting to create our virtual machine by selecting Action -> New Virtual Machine from the menu bar in the upper left corner or by right clicking respectively New -> Virtual Machine on the server under the Hyper-V Manager tab.

The installation wizard will come up that you will create the virtual machine.

a. Before You Begin: First screen is the information page. We continue with Next.
b. Specify Name and Location: You can give a name for defining Logsign SIEM product. If you want to store your virtual machine on a different disk or location, click the Browse button after you have marked the box and then click the Next button.


c. Specify Generation: In this step we will set up our virtual machine's generation information. You will see two (2) options:

Generation 1: It provides the same hardware as previous versions of Hyper-V.

Generation 2: Using the standard network adapter it provides Secure Boot, SCSI Boot and such as PXE Boot support. It supports at least 64-bit versions Windows Server 2012 or Windows 8 of the guest operation system.

#Please note that: The generations of previously created virtual machines can not be changed.

We choose Generation 1 according to the above two options, and we move to the next step with the Next button.
d. Assign memory: In this section we are writing the amount of RAM that we will assign to the virtual machine. After setting it to 16 GB, check the Use Dynamic Memory for this virtual machine box and continue with the Next button.


e. Configure networking: Select the virtual network adapter that we have set up from the list on the Connection tab and click Next button.


f. Connect Virtual Hard Disk: In this section we will assign our virtual machine's name, location and size of the disk.  You will see three (3) different options.

Create a virtual hard disk: Select to create a new virtual disk.

Name: The name of the hard disk that you will create (For ex. Logsign.vhdx).

Location: The location where you will store your virtual machine’s hard disk.

Size: In this partition you need to set the size of your virtual hard disk to minimum of 500 GB.

Use an existing virtual hard disk: Select to use an existing virtual disk.

Attach a virtual hard disk later: Select to add virtual hard disk later.

In this case, we will proceed with the Next button in response to the settings that we made in Create Virtual Hard Disk.

#Please note that: Virtual disk type should be IDE.

g. Installation Options: In this section, we will show the installation file location required by the system to which we will load our virtual machine. You will see four (4) different options.

Install an operating system later: Select this option to install the operating system later.

Install an operating system from a bootable CD/DVD-ROM: Select to install the system via a preloadable CD or DVD drive. There are two (2) different options under this option.

Physical CD/DVD drive: Select to use physical CD/DVD drive.

Image file (.iso): Select to use ISO file.

Install an operating system from a bootable floppy disk: Select to install the system via a preloadable floppy disk.

Install an operating system from a network-based installation server: Select to install the system from the network-based server.

Here you can start with the ISO file you have loaded onto the CD / DVD or you can start the installation process by mounting the direct ISO file from the Image File section to the system. After you have selected one of the above options for booting the device needed to start the installation,  we are going to the last step with the Next button.

You will see a summary page of the configurations that we made in the final step of the setup wizard. We click the Finish button to close the wizard.

In the next step, we need to set the memory availability of our virtual machine. For this reason, we right-click on the virtual machine where we created under the Virtual Machines tab and select the Settings option and a window will appear where we can configure the virtual machine.

We click the Memory tab under the Hardware heading at the bottom of the menu bar on the left. On the right side, the configuration page comes up that we can make about the memory. We are checking the Enable Dynamic Memory box under Dynamic Memory. Then you will see two (2) options as Low and High under the Memory weight. Here we drag the cursor to the High side, ie to the right. Then we are using OK button to save our settings.

Once we have finished configuring the virtual machine, we can start Logsign SIEM installation. Right-click on the virtual machine that we created in the Virtual Machines section on the right-hand side of the Hyper-V Manager tab and click on the Connect button.

You will see with a small window and click on the Action -> Start button to power on your virtual machine. The screen will come up which we will fill the information required for the installation process.



#Please go to 88-185. line.

Have more questions? Submit a request

Comments