You can use these instructions to specifically add a remote collector in a RedHat system.
This remote log collector only works with RHEL 7.5, with no additional updates.
Armor does not explicitly support adding a remote collector in a RedHat system; however, you can use the following instructions as basic guidance.
Step 1: Review requirements and pre-installation considerations
|Supported operating system||RedHat 7.5|
|Minimum Free Space||Primary Device: 30GB Secondary Device: 1024G|
|Data Transfer Rate (MB/s||300|
|Mount Path||Size||LVM Supported?|
|swap||12GB <> 24GB (75% of RAM||Not applicable|
|/store||80% of remaining space||Yes|
|/transiet||20% of remaining space||Yes|
Step 2: Configure your environment
- Copy the Red Hat Enterprise Linux minimal ISO to a DVD or a bootable USB flash drive.
- Insert the portable storage device into your appliance, and then restart your appliance.
- From the start menu, perform one of the following options:
- Select the USB or DVD drive as the boot option.
- To install on a system that supports Extensible Firmware Interface (EFI), you must start the system in legacy mode.
- When prompted, log into the system as the root user.
- In the installation wizard, follow the on-screen instructions:
- Set the language to English (US).
- Click Date & Time, and then set the time for your deployment.
- Click Installation Destination, and then select I will configure partitioning.
- In the drop-down list, select LVM.
- To add the mount points and capacities for your partitions, click Add, and then click Done.
- Click Network & Host Name.
- Enter the hostname for your appliance.
- The hostname is case-sensitive and must match the exact same letters casing as the logs that are sent into this log source.
- In the list, select the interface, move the switch to ON, and then click Configure.
- In the General tab, select Automatically connect to this network when it is available.
- In the IPv4 Settings tab, select Manual in the Method list.
- To enter the IP address, Netmask, and Gateway for the appliance in Addresses, click Add.
- Add two DNS servers.
- Click Save, click Done, and then click Begin Installation.
- Set the root password, and then click Finish configuration.
- Armor recommends at least ASCII characters, with upper-case letters, lower-case letters, and special characters.
- Save this password in a secure password vault.
- Edit /etc/ssh/sshd_config to ensure the following configurations:
- PermitRootLogin yes
- PasswordAuthentication yes
- In /root/.ssh/authorized_key, remove all keys.
- Disable SELinux, and then after the installation process is complete, restart the system.
- Via SSH, validate root login with password.
- ssh -o PreferredAuthentications=password -l root
Step 3: Install the event collector
- Copy the QRadar ISO to the device.
- Create the /media/cdrom directory. To do so, enter the following command: mkdir /media/cdro
- Mount the QRadar ISO. To do so, enter the following command: mount -o loop /media/cdro
- Run the QRadar setup. To do so, enter the following: /media/cdrom/setup
- A new kernel may be installed as part of the installation, which requires a system restart. After the system restart, repeat the commands in Step 3 and Step 4 to continue the installation.
- In Software Installed System, select Software Install, and then select Next.
- In Software Appliance Assignment, select Event Collector, and then select Next.
- In Type of Setup, select Normal Setup (default), and then select Next.
- In Select Continent/Area, select UTC, and then select Next.
- In Internet Protocol Setup, select ipv4 Internet Protocol version 4, and then select Next.
- If required, select the bonded interface setup. (This action is not supported by Armor.)
- Select the management interface
- In the wizard, in Hostname, enter a fully qualified domain name.
- In IP address, enter a static IP address or use the assigned IP address.
- If you do not have an email server, then in Email server name, enter localhost.
- Do not modify the root password.
- Click Finish.
- In the installation wizard, follow the instructions to complete the installation. The installation process may take a few minutes.