search

Installation

Forwarders are installed using an ISO image, which is generated at the time the Forwarder is created in the Integrations → Data Sources tool.

To install a Forwarder, follow these steps:

1

Go to Integrations → Data Sources.

2

Select the client from the dropdown menu.

3

Click the “Download” button on the card of the Forwarder you want to install.

4

This will initiate the download of the ISO image, which is ready to be installed on the virtualization system that will host the Forwarder.

circle-exclamation

The ISO image can be downloaded by a SOC operator to be transferred to the client using any files exchange platform or protocols as SFTP ,or can be directly downloaded by the customer accessing the Integrations → Data Sources tool.

Before starting the installation of the Forwarder, the client must prepare a virtual machine with the following requirements:

hashtag
System requirements

  • CPU: 2 cores

  • RAM: 2 GB

  • Disk: 2 partitions

    • Partition 1: At least 20 GB (used for the operating system)

    • Partition 2: At least 50 GB (200 GB recommended) for event buffering

hashtag
Networking requirements

  • 1 network interface, connected to a network with Internet access

  • Private IP address (this will be needed after installation)

  • Internet connectivity

    • If the client requires outbound traffic restrictions, the Forwarder’s IP must at least have access to:

      • The public IP address of the Platform’s hostname (e.g., soc.acme.com)

      • The IP address of the cloud collector assigned to the client

  • Access to a DNS server

hashtag
Installing the Forwarder

1

Attach the ISO to the virtual machine and configure it to boot from the ISO.

2

Power on the virtual machine and ensure it boots from the ISO.

3

An installation menu will appear with two options: a. Automated installation (default) b. High contrast installation for easy accessibility

The system will automatically start the unattended installation process, adapting the Forwarder to the characteristics of the provisioned VM. The installation does not require manual intervention.

At this stage, it is essential to configure the network to allow the Forwarder to receive logs and forward them to the assigned cloud collector.

The steps to complete the network configuration are:

1

Log in with username manager. The credentials will be sent by your Service manager.

2

hashtag

The system will start the network configuration tool, where you must select the network interface to configure and specify the following parameters:

  1. IP address and netmask

  2. Gateway

  3. Name server

triangle-exclamation

Once the network is configured, it is necessary to exit for all changes to be applied

Now the system is ready to receive, process and send logs securely to the assigned collector. To ensure the Forwarder is ready to collect and ship logs, ensure the status has changed to Pending on green in the Integrations => Data sources tool:

circle-exclamation

Each Forwarder has its own unique ISO, which cannot be shared between clients or installed on multiple virtual machines.

PreviousCreate a ForwarderNextChaining

Last updated