Version: 2.9.0

Easy Auditor Installation

Deploy the latest versions of Eyeglass and ECA OVF. After downloading, install the Easy Auditor for each, and run the installation.

In release 2.9, we introduced SQL-based Easy Auditor support for VAST clusters. This feature supports two SQL variants: PostgreSQL and MSSQL. You will need to select one of these options.

To get Easy Auditor running with your VAST Clusters, follow the steps below. For more detailed instructions, refer to the accompanying documentation.

info

Recommendation: We recommend creating an SQL user specifically for Eyeglass with general permissions to process tables (read, write, and alter the database). This user needs to be manually added to both Eyeglass and ECA, as these applications require the user credentials to decrypt and access the database.

Prerequisites - Easy Auditor

A Linux server with SUSE 15.5 (recommended) and an installed database.
Network access between the database server, Eyeglass, and ECA appliances.

Using an Existing SQL Database
Installing a New PostgreSQL Server

Using an Existing SQL Database

MSSQL Database:
- User: Your Database User
- Password: Your Database Password
- Database Name: Your Database Name
- IP Address: Your Database IP Address
- Ensure the database IP is reachable from both the Eyeglass and ECA appliances.
PostgreSQL Database:
- User: Your Database User
- Password: Your Database Password
- Database Name: Your Database Name
- IP Address: Your Database IP Address
- Ensure the database IP is reachable from both Eyeglass and ECA appliances.

Installing a New PostgreSQL Server

Deploy SUSE 15.5 VM:
- Ensure the VM has sufficient resources and network access.
Install PostgreSQL:
- Follow the installation guide for PostgreSQL on SUSE 15.5.
- Ensure PostgreSQL is running.
Set Up Users:
- Create a new user with the required rights to create tables, indexes, sequences, insert, and query data.

Configure pg_hba.conf File:

Modify the pg_hba.conf file to allow access from remote locations.

Sample Configuration:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    all             all             10.152.1.0/24           trust

Reload PostgreSQL configuration:
```
SELECT pg_reload_conf();
```

Final Steps:
- Ensure the PostgreSQL server is reachable from both Eyeglass and ECA appliances.

Installation Process

Pre-Installation Checks:
- Verify all requirements.
- Check network connectivity between the appliance and the Database Server.

Configuration on ECA:

Define SQL usage environment variables:

export ECA_EVTARCHIVE_USE_SQL=true
export ECA_EVTARCHIVE_USE_HBASE=false
export ECA_EVTARCHIVE_SQL_BATCH_SIZE=10000
export ECA_EVTARCHIVE_SQL_TIME_WINDOW_SECS=5

Add the ECA database server to the configuration:

For PostgreSQL:

ecactl db add --ip Your Database IP Address --port 5432 --username Your Database User --dbname Your Database Name --db-type POSTGRES
igls adv sqldb add --ip Your Database IP Address --port 5432 --username Your Database User --dbname Your Database Name --dbType POSTGRES --dbpass Your Database Password

For MSSQL:

ecactl db add --ip Your Database IP Address --port 50523 --username Your Database User --dbname Your Database Name --dbparams encrypt=false trustServerCertificate=false --db-type MSSQL
igls adv sqldb add --ip Your Database IP Address --port 50523 --username Your Database User --dbname Your Database Name --dbparams=encrypt=false trustServerCertificate=false --dbType MSSQL --dbpass Your Database Password

Verification:
- Check the logs to confirm that events are being logged into the database:
```
Events Saved: <number>
```
- Look for any connection errors in the logs.

Initial Server Configuration

After configuring the server, run the following settings and commands to complete the setup:

Choosing Encryption Method for DB Password

To ensure security, the DB password should be stored using a strong encryption method. Follow these commands to select and verify your preferred encryption method:

show password_encryption;
set password_encryption ='scram-sha-256';
select rolpassword from pg_authid where rolname=<your Role Name>;

info

Postgres supports several encryption methods, with SHA-256 and MD5 being the most popular. For added security, make sure your database is configured to use one of these methods.

Postgres SQL - Settings and Commands
MS SQL Server - Settings and Commands

Postgres SQL - Settings and Commands

If you choose Postgres as your database option, you'll need to add both the ECA and Eyeglass IP addresses to your configuration file for Client Authentication. Follow these steps:

Access the Postgres server CLI:
```
sudo -u postgres psql -d eyeglass
```
Find the pg_hba.conf file:
```
SHOW hba_file;
```
Edit the pg_hba.conf file for remote access:
- The file is usually located at /etc/postgresql/14/main/pg_hba.conf.
- Exit the Postgres CLI by typing exit.
- Open the file for editing:
```
sudo vi /etc/postgresql/14/main/pg_hba.conf
```

Add a host entry for your ECA and Eyeglass IP addresses:

# TYPE  DATABASE        USER     ADDRESS                      METHOD
  host  <dbName>        <user>   <Each and every eca node and eyeglass Ip>   <your encryption method>

Use this format when adding the host entry:

host database  user  address auth-method  [auth-options]

Configure the Port for Postgres SQL:
- You can change the port value in the configuration file if necessary (the default port is 5432, and changing it is not recommended unless required).
- After making changes, you must either restart the Postgres server or reload the configuration file using:
```
pg_reload_conf();
```
- To find the current configuration file, use the following command:
```
psql -U postgres -c 'SHOW config_file'
```
- Modify the port value in the configuration file to your desired port:
```
port = <>
```
info
For more detailed instructions, refer to the PostgreSQL documentation.

Creating Tables on the Postgres SQL Server

To create the necessary tables on the Postgres SQL server, follow these steps:

Create a new user:
```
eyeglass=# CREATE USER eyeglass;
```
- This command will create a new user named eyeglass.
Grant permissions on all tables in the public schema:
```
eyeglass=# GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO eyeglass;
```
- This grants the user eyeglass the permissions to select, insert, update, and delete records in all tables within the public schema.
Grant all privileges on the database:
```
eyeglass=# GRANT ALL PRIVILEGES ON DATABASE eyeglass TO eyeglass;
```
- This command grants all privileges on the eyeglass database to the user eyeglass.
Set a password for the user:
```
eyeglass=# ALTER USER eyeglass WITH PASSWORD 'Choose_your_password';
```
- This sets the password for the user eyeglass to 'Choose_your_password'.
info
Replace placeholders like eyeglass and 'Choose_your_password' with your desired username and password.

MS SQL Server - Settings and Commands

For MS SQL, follow these steps to configure the necessary settings:

Enable the TCP/IP Protocol:
- You don't need to add the ECA and Eyeglass IP addresses individually on your server, but you must enable the TCP/IP Protocol if it hasn't been done already.
- This can be done through the SQL Server Configuration Manager.
Enable Dynamic TCP Ports:
- After enabling TCP/IP, you need to enable dynamic TCP ports and set them to your desired value.
- The default static port is 1433.

Creating Tables on the MS SQL Server

To create the necessary tables on the MS SQL server, follow these steps:

Create the Database:
- The first step is to create the database where the Eyeglass data will be stored.
- Use the following SQL command:
```
CREATE DATABASE eyeglassdb;
GO
```
Create the Login and User:
- After the database is created, you need to create a login and user that will access the database.
- First, switch to the newly created database:
```
USE eyeglassdb;
```
- Then, create the login and for the user:
```
CREATE LOGIN eyeglassuser WITH PASSWORD = 'Choose_your_password';
```
- Finally, create the user for the login:
```
CREATE USER eyeglassuser FOR LOGIN eyeglassuser;
GO
```
Assign Permissions:
- The final step is to assign the necessary permissions to the user so they can perform operations on the database.
- Assign the db_owner role to the user:
```
ALTER ROLE db_owner ADD MEMBER eyeglassuser;
GO
```
info
When creating the database, login, and user, replace eyeglassdb, eyeglassuser, and 'Choose_your_password' with your actual database name, username, and password.

ECA Environment Variables and Configuration

After completing the server setup, follow these steps to configure the environment variables on ECA. These settings will enable the use of the SQL server for saving events from VAST:

Enable VAST Auditing:
- Mount the VAST audit folder, similar to the RWD solution.
- Set the environment variable to enable SQL-based event archiving:
```
export ECA_EVTARCHIVE_USE_SQL=true
```
warning
This should be set to true only if you plan to add a VAST cluster that supports Easy Auditor. If this is set to true but the server is not configured correctly, the evtarchive service will restart in a loop.
Configure the SQL Batch Size:
- Set the batch size for SQL performance. This defines the maximum number of events that can be written at once:
```
export ECA_EVTARCHIVE_SQL_BATCH_SIZE=10000
```
- The value of 10000 is near the optimal setting for efficient writing in both MSSQL and PostgreSQL.
Set the SQL Time Window:
- Define the time window in seconds for batching events:
```
export ECA_EVTARCHIVE_SQL_TIME_WINDOW_SECS=5
```
- If the batch is not filled within this time, a write operation will be sent regardless.

Commands to Add SQL to Eyeglass and ECA

Once the environment variables are changed as described above, you can proceed to cluster up and add your configured servers to both Eyeglass and ECA separately. This allows them to connect and save/get user events and reports.

info

If the parameters for the server are incorrect, it will result in a connection error, and the server will be skipped. Additionally, at any given time, you can have only one server configured.

The DbType will be either POSTGRES or MSSQL.

ECA

Run the following command on your master ECA node:

ecactl db add --ip <IP on which SQL Server is hosted> --port <PORT> --username eyeglass --dbname eyeglass --db-type POSTGRES --dbparams encrypt=<dbParms needed to make connection>

You will be prompted for the password here.

Eyeglass

Run the following command on your Eyeglass. Make sure SCA is running:

igls adv sqldb add --ip <IP on which SQL Server is hosted> --port <PORT> --username <USERNAME> --dbname <DATABASE NAME> --dbparams=<dbParms needed to make connection> --dbType MSSQL --dbpass <PASSWORD>

Prerequisites - Easy Auditor​

Using an Existing SQL Database​

Installing a New PostgreSQL Server​

Installation Process​

Initial Server Configuration​

Choosing Encryption Method for DB Password​

Postgres SQL - Settings and Commands​

Creating Tables on the Postgres SQL Server​

MS SQL Server - Settings and Commands​

Creating Tables on the MS SQL Server​

ECA Environment Variables and Configuration​

Commands to Add SQL to Eyeglass and ECA​

ECA​

Eyeglass​

Prerequisites - Easy Auditor

Using an Existing SQL Database

Installing a New PostgreSQL Server

Installation Process

Initial Server Configuration

Choosing Encryption Method for DB Password

Postgres SQL - Settings and Commands

Creating Tables on the Postgres SQL Server

MS SQL Server - Settings and Commands

Creating Tables on the MS SQL Server

ECA Environment Variables and Configuration

Commands to Add SQL to Eyeglass and ECA

ECA

Eyeglass