On-premises Installation Using Docker¶

On-premise Installation on Windows¶

LogSentinel SIEM can be installed on-premise on Windows servers.

Prerequisites¶

Before you begin installation, you should make sure the following prerequisites are met:

You have downloaded the JDK installer (jdk-11.0.2_windows-x64_bin.exe)
You have downloaded the ElasticSearch installer
You have downloaded the Cassandra installer
You have downloaded the Apache Kafka package
You have downloaded the NSSM service manager
You have downloaded the logsentinel installer zip (obtained via your LogSentinel account manager)

Installing Java¶

Run the JDK installer (jdk-11.0.2_windows-x64_bin.exe) and follow the instructions.
Make sure the PATH is configured properly
To make sure Java is installed, run cmd and type java -version

Installing Cassandra¶

Cassandra for Windows is packaged in the Datastax DCC. Run the installer (datastax-ddc-64bit-3.9.0.msi) and follow the instructions.

Cassandra installation

If the proprety cdc_raw_directory is not set in $CASSANDRA_HOME/conf/cassandra.yaml, set it to $CASSANDRA_HOME/data/cdc_raw_data

To make sure Cassandra is installed and running, run cqlsh.

CQLSH check

Finally, create a keyspace: CREATE KEYSPACE IF NOT EXISTS logsentinel WITH REPLICATION = { 'class': 'SimpleStrategy', 'replication_factor': 1 } AND DURABLE_WRITES = true;

Installing Elasticsearch¶

Run elasticsearch-7.10.2.msi and follow the instructions.

To make sure ElasticSearch is installed and running, open http://localhost:9200/ in a browser

You may need to create a log folder under C:\Program Files\Elastic\Elasticsearch\7.10.2

Installing Apache Kafka¶

Unarchive Apache Kafka in a directory of your choice (e.g. C:\servers\kafka_2.13-2.6.1)

Unarchive the NSSM service manager in a directory of your choice (e.g. C:\tools\nssm-2.24)

edit C:\servers\kafka_2.13-2.6.1\config\server.properties and add the following at the bottom:

delete.topic.enable=true
log.retention.hours=6

Open cmd and go type cd c:\tools\nssm-2.24\win64.

Type nssm install Zookeeper and select the C:\servers\kafka_2.13-2.6.1\bin\windows\zookeeper-server-start as an application to launch. In the "Arguments" box specify C:\servers\kafka_2.13-2.6.1\config\zookeeper.properties

Type nssm install Kafka and select the C:\servers\kafka_2.13-2.6.1\bin\windows\kafka-server-start as an application to launch. In the "Arguments" box specify C:\servers\kafka_2.13-2.6.1\config\server.properties. In the "Dependencies" tab specify Zookeeper as a dependency.

Start both the Zookeeper and Kafka services.

Installing LogSentinel SIEM¶

Extract the logsentinel-installer.zip archive in c:\logsentinel and run install.bat (you need to have administrative privileges). Then make sure the service has been installed.

Edit application.properties by setting the appropriate propertees

Go to "Services" and start the LogSentinel service.

Open http://localhost:8080 (or the address that you configured)

Finally, use default@logsentinel.com/{default password} to log in to the default account. Change the password from the User Prorile menu.