Alpaca 6.5

Alpaca Remote

Introduction

Alpaca Remote is a tool that transmits audit logs from their source location to the Alpaca Server for processing. Audit logs are transmitted to the Alpaca Server via REST.

Installation

Alpaca Remote should be installed on the server where your BroadWorks Audit Logs are located.

Prerequisites

Process

  1. Download the Alpaca Remote tarball(.tar.gz) to the /opt directory on the server.
  2. Extract the archive.
    • cd /opt
    • tar xzvf /opt/alpaca-remote-<BW_VERSION>-<RELEASE_VERSION>-bin.tar.gz
  3. Create a symlink to the new alpaca directory.
    • ln -s /opt/alpaca-remote-<BW_VERSION>-<RELEASE_VERSION> /opt/alpaca-remote
  4. Create an alpaca user.
    • useradd -m alpaca
  5. Change the ownership of the /opt/alpaca-remote directory and all of its children.
    • chown -R alpaca:alpaca /opt/alpaca-remote/
  6. Copy the license file from the ECG portal ecg.license.txt into the config directory.
  7. Perform configuration according to Alpaca Remote configuration guide.

Installing Alpaca Server and Alpaca Remote on separate servers

  1. Copy the alpaca file into /etc/init.d.
  2. Run the following commands:
    1. chkconfig --add alpaca
    2. chkconfig alpaca on
  3. Launch service with service alpaca start.

Installing Alpaca Server and Alpaca Remote on the same server

  1. Copy the alpaca file into /etc/init.d and rename to alpaca-remote using mv alpaca /etc.init.d/alpaca-remote.
  2. Run the following commands:
    1. chkconfig --add alpaca-remote
    2. chkconfig alpaca-remote on
  3. Launch service with service alpaca-remote start.

Configuration

Authentication Token

Before starting Alpaca Remote, an authentication token will need to be generated for each application server that the remote is configured to read from.

  1. Login to Alpaca with an admin user.
  2. From the "Admin" tab, go to the "BroadWorksClusters" page.
  3. Either click "Add Cluster" to add a new BroadWorksCluster, or click on the cluster from the list to update an existing cluster.
  4. In the "Application Servers" section, enter the information for each of the Application Servers that the remote is reading from. You need to provide a name (i.e. as1, lab2, etc) and the IP address for each application server. If Alpaca Remote is not running directly on the application server, the IP address that the remote is on must be entered here. Note this field must be the IP of the server and not the host name. Make sure to press "Add" after providing details for each server and the information will be added to the list.
  5. When done adding servers, make sure to press "Update" if updating or "Create" if creating a cluster.
  6. Once saved, the tokens for each application server will be displayed in the Cluster table. Take note of these as they will be needed to complete the configuration.

Variables

  • maximum-queue-size-per-server-in-megabytes - The maximum size the audit log queue can be before transmitting to the sever.
  • hostname - The hostname of the Alpaca server to send logs to.
  • port - The port that the Alpaca server is running on.
  • authenticationToken - The authentication token generated from the Server that identifies the reader.
  • reader.directory - The directory to read from.
alpaca:
  remote:
    maximum-queue-size-per-server-in-megabytes: 3
    servers:
    -
      scheme: https
      hostname: alpaca.lab.ecg.co
      port: 8443
      authenticationToken: GwW_T5DMrxrADm5SibMAd3owKD0nrowE
      reader:
       directory: /path/to/as1
    -
      scheme: https
      hostname: alpaca.lab.ecg.co
      port: 8443
      authenticationToken: UjUZarkK8dKAAYu_kpJgLAE6EqiHBSyh
      reader:
       directory: /path/to/as2

Usage

Once Alpaca Remote has been installed and configured, it can be ran with service alpaca start. Once launched, Alpaca Remote will transmit audit logs to the Alpaca Server.

Upgrading from Alpaca 6.5.0 -> 6.5.1

  1. Remove the Users from Alpaca that were created to be used with Alpaca Remote.
    • Login to Alpaca as an admin.
    • From the "Admin" navigation tab, navigate to the "Alpaca Users" page.
    • Click on the user you wish to delete.
    • Click the "Delete" button.
  2. Follow the steps in Authentication Token to generate the new authentication tokens.
  3. Remove the Username and Password fields from the remote configuration.

Upgrading from Alpaca 6.4.* -> Alpaca 6.5.1

  1. Remove the Users from Alpaca that were created to be used with Alpaca Remote.
    • Login to Alpaca as an admin.
    • From the "Admin" navigation tab, navigate to the "Alpaca Users" page.
    • Click on the user you wish to delete.
    • Click the "Delete" button.
  2. Follow the steps in Authentication Token to generate the new authentication tokens.
  3. Remove the Username and Password fields from the remote configuration.
  4. Update the audit-log-readers field to be a reader object.

Before

alpaca:
  remote:
    servers:
    - scheme: http
      hostname: localhost
      port: 8080
      username: remote
      password:
      audit-log-readers:
      - directory: /opt/audit/lab

After

alpaca:
  remote:
    servers:
    - scheme: http
      hostname: localhost
      port: 8080
      authentication-token:
      reader:
        directory: /opt/audit/lab