Skip to main content
Version: 2.8.3

Easy Auditor Installation

Deploy the latest versions of Eyeglass and ECA OVF. After downloading, install the Easy Auditor for each, and run the installation.

In release 2.9, we introduced SQL-based Easy Auditor support for VAST clusters. This feature supports two SQL variants: PostgreSQL and MSSQL. You will need to select one of these options.

To get Easy Auditor running with your VAST Clusters, follow the steps below. For more detailed instructions, refer to the accompanying documentation.

info

Recommendation: We recommend creating an SQL user specifically for Eyeglass with general permissions to process tables (read, write, and alter the database). This user needs to be manually added to both Eyeglass and ECA, as these applications require the user credentials to decrypt and access the database.

The currently supported versions and links are below:

PackageLink
Eyeglass OVFUse Support Portal for download
ECA OVFUse Support Portal for download
Eyeglass InstallerUse Support Portal for download
ECA InstallerUse Support Portal for download

Prerequisites - Easy Auditor

  • A Linux server with SUSE 15.5 (recommended) and an installed database.
  • Network access between the database server, Eyeglass, and ECA appliances.

Using an Existing SQL Database

  1. MSSQL Database:

    • User: Your Database User
    • Password: Your Database Password
    • Database Name: Your Database Name
    • IP Address: Your Database IP Address
    • Ensure the database IP is reachable from both the Eyeglass and ECA appliances.
  2. PostgreSQL Database:

    • User: Your Database User
    • Password: Your Database Password
    • Database Name: Your Database Name
    • IP Address: Your Database IP Address
    • Ensure the database IP is reachable from both Eyeglass and ECA appliances.

Installation Process

  1. Pre-Installation Checks:

    • Verify all requirements.
    • Check network connectivity between the appliance and the Database Server.
  2. Configuration on ECA:

    • Define SQL usage environment variables:

      export ECA_EVTARCHIVE_USE_SQL=true
      export ECA_EVTARCHIVE_USE_HBASE=false
      export ECA_EVTARCHIVE_SQL_BATCH_SIZE=10000
      export ECA_EVTARCHIVE_SQL_TIME_WINDOW_SECS=5
    • Add the ECA database server to the configuration:

      • For PostgreSQL:

        ecactl db add --ip Your Database IP Address --port 5432 --username Your Database User --dbname Your Database Name --db-type POSTGRES
        igls adv sqldb add --ip Your Database IP Address --port 5432 --username Your Database User --dbname Your Database Name --dbType POSTGRES --dbpass Your Database Password
      • For MSSQL:

        ecactl db add --ip Your Database IP Address --port 50523 --username Your Database User --dbname Your Database Name --dbparams encrypt=false trustServerCertificate=false --db-type MSSQL
        igls adv sqldb add --ip Your Database IP Address --port 50523 --username Your Database User --dbname Your Database Name --dbparams=encrypt=false trustServerCertificate=false --dbType MSSQL --dbpass Your Database Password
  3. Verification:

    • Check the logs to confirm that events are being logged into the database:

      Events Saved: <number>
    • Look for any connection errors in the logs.

Initial Server Configuration

After configuring the server, run the following settings and commands to complete the setup:

Choosing Encryption Method for DB Password

To ensure security, the DB password should be stored using a strong encryption method. Follow these commands to select and verify your preferred encryption method:

show password_encryption;
set password_encryption ='scram-sha-256';
select rolpassword from pg_authid where rolname=<your Role Name>;
info

Postgres supports several encryption methods, with SHA-256 and MD5 being the most popular. For added security, make sure your database is configured to use one of these methods.


Postgres SQL - Settings and Commands

If you choose Postgres as your database option, you'll need to add both the ECA and Eyeglass IP addresses to your configuration file for Client Authentication. Follow these steps:

  1. Access the Postgres server CLI:

    sudo -u postgres psql -d eyeglass
  2. Find the pg_hba.conf file:

    SHOW hba_file;
  3. Edit the pg_hba.conf file for remote access:

    • The file is usually located at /etc/postgresql/14/main/pg_hba.conf.
    • Exit the Postgres CLI by typing exit.
    • Open the file for editing:
    sudo vi /etc/postgresql/14/main/pg_hba.conf
  4. Add a host entry for your ECA and Eyeglass IP addresses:

    # TYPE  DATABASE        USER     ADDRESS                      METHOD
    host <dbName> <user> <Each and every eca node and eyeglass Ip> <your encryption method>

    Use this format when adding the host entry:

    host database  user  address auth-method  [auth-options]
  5. Configure the Port for Postgres SQL:

    • You can change the port value in the configuration file if necessary (the default port is 5432, and changing it is not recommended unless required).
    • After making changes, you must either restart the Postgres server or reload the configuration file using:
    pg_reload_conf();
    • To find the current configuration file, use the following command:
    psql -U postgres -c 'SHOW config_file'
    • Modify the port value in the configuration file to your desired port:
    port = <>
    info

    For more detailed instructions, refer to the PostgreSQL documentation.


Creating Tables on the Postgres SQL Server

To create the necessary tables on the Postgres SQL server, follow these steps:

  1. Create a new user:

    eyeglass=# CREATE USER eyeglass;
    • This command will create a new user named eyeglass.
  2. Grant permissions on all tables in the public schema:

    eyeglass=# GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO eyeglass;
    • This grants the user eyeglass the permissions to select, insert, update, and delete records in all tables within the public schema.
  3. Grant all privileges on the database:

    eyeglass=# GRANT ALL PRIVILEGES ON DATABASE eyeglass TO eyeglass;
    • This command grants all privileges on the eyeglass database to the user eyeglass.
  4. Set a password for the user:

    eyeglass=# ALTER USER eyeglass WITH PASSWORD 'Choose_your_password';
    • This sets the password for the user eyeglass to 'Choose_your_password'.

    info

    Replace placeholders like eyeglass and 'Choose_your_password' with your desired username and password.

ECA Environment Variables and Configuration

After completing the server setup, follow these steps to configure the environment variables on ECA. These settings will enable the use of the SQL server for saving events from VAST:

  1. Enable VAST Auditing:

    • Mount the VAST audit folder, similar to the RWD solution.
    • Set the environment variable to enable SQL-based event archiving:
    export ECA_EVTARCHIVE_USE_SQL=true
    warning

    This should be set to true only if you plan to add a VAST cluster that supports Easy Auditor. If this is set to true but the server is not configured correctly, the evtarchive service will restart in a loop.

  2. Configure the SQL Batch Size:

    • Set the batch size for SQL performance. This defines the maximum number of events that can be written at once:
    export ECA_EVTARCHIVE_SQL_BATCH_SIZE=10000
    • The value of 10000 is near the optimal setting for efficient writing in both MSSQL and PostgreSQL.
  3. Set the SQL Time Window:

    • Define the time window in seconds for batching events:
    export ECA_EVTARCHIVE_SQL_TIME_WINDOW_SECS=5
    • If the batch is not filled within this time, a write operation will be sent regardless.

Commands to Add SQL to Eyeglass and ECA

Once the environment variables are changed as described above, you can proceed to cluster up and add your configured servers to both Eyeglass and ECA separately. This allows them to connect and save/get user events and reports.

info

If the parameters for the server are incorrect, it will result in a connection error, and the server will be skipped. Additionally, at any given time, you can have only one server configured.

The DbType will be either POSTGRES or MSSQL.

ECA

Run the following command on your master ECA node:

ecactl db add --ip <IP on which SQL Server is hosted> --port <PORT> --username eyeglass --dbname eyeglass --db-type POSTGRES --dbparams encrypt=<dbParms needed to make connection>

You will be prompted for the password here.

Eyeglass

Run the following command on your Eyeglass. Make sure SCA is running:

igls adv sqldb add --ip <IP on which SQL Server is hosted> --port <PORT> --username <USERNAME> --dbname <DATABASE NAME> --dbparams=<dbParms needed to make connection> --dbType MSSQL --dbpass <PASSWORD>