Skip to content

On-Premises Overivew

LogSentinel SIEM can be used on-premise in multiple ways:

  • Virtual appliance - our team provides the necessary VM images and the required configuration parameters
  • Cloud instances - For AWS, GCP, Azure you can use the same virtual appliance
  • Docker (with docker-compose) - our team provides the necessary containers and scripts
  • Kubernetes - our team provides the required kubernetes configuration
  • Manual installation of the required components - not recommended, but if chosen, our team will assist you with the appropriate scripts

Regardless of the setup option, check the sizing tables to be able to plan the required infrastructure.

Configuration

Regardless of the chosen method of installation, the following properties may need to be configured on the LogSentinel SIEM node. They can be configured from the appliance configuration UI or directly in the /var/logsentinel/app.properties

Properties requried for sending emails from the SIEM

  • spring.mail.* - configure an outgoing mail server
  • registration.email.from, generic.email.from – outgoing mails would be sent from these addresses

Credentials

  • admin.username, admin.password – used to access the admin panel of the system (note: the username is @logsentinel.com, i.e. if you configure admin.username=test, you’d be able to login with test@logsentinel.com)
  • spring.security.user.password – password used to access an application management dashboard
  • hmac.key - an alphanumeric key used for calculating HMACs
  • jwt.secret – a secret alphanumeric key used for JWT session tokens

Working behind a proxy

LogSentinel SIEM optionally needs to call the internet in order to access threat feeds, leaked credentials databases and the SMS sending service Twilio. If a proxy server is needed for succsesful outbound connections, it can be configured in /var/logsentinel/logsentinel.conf by appending the following to JAVA_OPTS:

-Dhttp.proxyHost=your.proxy.host -Dhttp.proxyPort=8080

IP Geolocation

For IP geolocation, LogSentinel SIEM uses the IP2Location LITE data available from https://lite.ip2location.com. You can download updates from here if you choose not to allow outgoing connections from LogSentinel SIEM.