Deploying Log Collector VM on a VMWare ESX Server

Useful links:

Security Director Log Collector Overview https://www.juniper.net/documentation/en_US/junos-space18.1/topics/concept/junos-space-sd-lc-overview-installing.html

About Log Collector:

The Junos Space Security Director Logging and Reporting module enables log collection across multiple SRX Series devices and enables log visualization.

Prerequire:

Log Collector can be deployed as:

  • All-in-One Node (almost all our clients use this type)
  • Log Receiver Node (Distributed deployment)
  • Log Indexer Node (Distributed deployment)

Log Collector requires one IP address for management and receive flow from device in All-in-One deployment.

Log Collector does not offer a supported way of firewalling itself. You will want to firewall it in your environment, at a minimum restricting access to internal subnets, better yet restricting access to trusted subnets. This is a list of the services used. Juniper have a KB article on this (KB18148) which might be more accurate.

Our installation will be provided by ovftool so it must be downoladed and installed on the local computer.

Physical IP:

  • inbound for admin console access. Optional Ping inbound.
  • DNS, NTP and SMTP outbound to your DNS/NTP/SMTP servers. Optional Ping outbound.
Lp. Type IP
1 DNS server address
2 NTP server address
3 Time Zone
4 Physical IP and Network Mask
5 Gateway IP
6 root password
7 Database password
8 SMTP server

In our situation we use All-in-One type of deployment.

1.png

Default login and password

Lp Login  Password
CLI/Shell
1 root juniper123
Database
2 admin juniper123

To deploy Log Collector VM on a VMware ESX server:

1. Download the latest Log Collector and open this virtual appliance (OVA) image from the download site.

2. Using VMware vSphere WEB Client or ovftool, deploy the Log Collector OVA image onto the VMware ESX server.

 

# ovftool -ds=datastore1 -n=logcollector-01 -dm=thin –net:”Network 1″=”VM Network” “Log-Collector-18.2R1.26.ova” ‘vi://root:PASSWORD@10.10.146.100’

Option Long Name Option Short Name Relevant Source Types Relevant Target Types Description
–datastore -ds N/A VI Target datastore name for a VI or vSphere

deployment.

–diskMode -dm N/A VMX,

vApprun

,vSphere

Select target disk format. Supported formats

are: monolithicSparse, monolithicFlat,

twoGbMaxExtentSparse,

twoGbMaxExtentFlat, seSparse (vSphere

target), eagerZeroedThick (vSphere target),

thin (vSphere target), thick (vSphere

target), sparse, and flat.

–name -n N/A All Specifies the target name. Defaults to the source name.
–net OVF,

OVA

N/A Sets a network assignment in the deployed OVF

package. For example, –net:=. OVF packages contain

symbolic names for network names which are

assigned with this option. For multiple network

mappings, repeat the option, separating them

with a blank, for example, –net:s1=t1

–net:s2=t2 –net:s3=t3.

 

23

3. Change the CPU and memory for the system requirement when it comes to the required events per second (eps).

4. Power on the Log Collector VM.

Press „8” or other

4

Press „36” or other

5

Press „1” for confirmation

6

Press „Enter”

7

5. Use the default credentials to log in to Log Collector. The username is root and password is juniper123.

8

6. Change the default password of the VM.

9

7. Select one of the following node types:

  • Enter 1 to deploy Log Collector as in All-in-One node.

10

11

12

8. Configure your network settings.

13

After setting up the Log Collector, add the Log Collector node to Security Director.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.