Installation Guide Installation Guide - HEAnet Mirror Service

cuttlefishblueΔιαχείριση Δεδομένων

16 Δεκ 2012 (πριν από 5 χρόνια και 21 μέρες)

891 εμφανίσεις

Installation Guide
Document Version 3.0- 0.0.0.8 Beta
Installation Guide
Document Version 3.0- 0.0.0.8 Beta
Cyberoam iView Installation Guide

Table of Content


Typographic Convention...........................................................................................................3

Preface......................................................................................................................................4

Guide Organization...................................................................................................................5


Cyberoam iView Configuration............................................................................................6

System Requirements....................................................................................................................6

Installation Procedure.....................................................................................................................7

Access Web Admin Console........................................................................................................19


Device Integration...............................................................................................................20

Integration with Cyberoam Appliance...........................................................................................20

Integration with FortiGate Appliance............................................................................................23

Integration with Squid...................................................................................................................24

Integration with 24Online Appliance.............................................................................................25

Integration with SonicWALL Appliance........................................................................................26


Device Detection.................................................................................................................29

Device Detection in Cyberoam iView...........................................................................................29


Cyberoam iView Documentation Copyright.....................................................................30

Cyberoam iView License Policy........................................................................................30


Cyberoam iView Installation Guide

Typographic Convention

Material in this manual is presented in text and screen display notation.

Item
Convention
Example
Cyberoam –
iView Server
Machine where Cyberoam iView is installed
User The Super Administrator
Part titles Bold and
shaded font
typefaces
Report
Topic titles Shaded font
typefaces
Introduction
Subtitles Bold & Black
typefaces
Notation conventions
Navigation link Normal
typeface
System → Configuration → User
it means, to open the required page click on System then on
Configuration and finally click User

Notes &
Recommendati
ons
Bold typeface
between the
black borders
Note


Cyberoam iView Installation Guide


Preface

Welcome to Cyberoam iView Installation Guide.

Cyberoam iView – Open Source Logging and Reporting Solution
Cyberoam iView is an open source logging and reporting solution that provides organizations with
visibility into their networks across multiple devices for high levels of security, data confidentiality while
meeting the requirements of regulatory compliance.

Enabling centralized reporting from multiple devices across geographical locations, Cyberoam iView
offers a single view of the entire network activity. This allows organizations not just to view information
across hundreds of users, applications and protocols; it also helps them correlate the information,
giving them a comprehensive view of network activity.





Cyberoam iView Installation Guide

Guide Organization

This guide describes how to install Cyberoam- iView in your network to collect logs and generate
meaningful reports for added network devices. This guide is organized in three parts.

Part 1- Cyberoam iView Configuration
This section provides hardware requirements information and installation procedure:
• System Requirements

• Installation Procedure

• Access Web Admin Console

Part 2- Device Integration
This section covers integration of Cyberoam iView with following products:
• Integration with Cyberoam

• Integration with FortiGate

• Integration with Squid

• Integration with 24 Online

• Integration with SonicWALL

Part 3- Device Detection
This section describes how Cyberoam iView is to be configured so that it can receive logs from the
added devices.
• Device Detection in Cyberoam iView


Cyberoam iView Installation Guide


Cyberoam iView
Configuration
1
PART
System Requirements
The hardware requirement for installing Cyberoam iView and its repository is dependent on how much
data is required to be retained in the form of archives. Following table outlines the important hardware
components and their recommended configuration.

Component
Recommendation
Processor Pentium IV with 2GHz
RAM 2GB (Minimum)
Hard Disk Drive SATA or SCSI hard disk with minimum 30GB
disk space
Windows platform Windows 2000
Windows XP
Windows 2003
Windows Vista
Windows 7
Browser Microsoft Internet Explorer 6.0+
Mozilla Firefox 2.0+
Google Chrome

Best view - Mozilla Firefox 2.0+


Recommendations
Desktop Antivirus / Firewall should bypass following applications running on iView server:
Garner.exe, Tomcat.exe, Postgres.exe

Configure your firewall (if any) to allow UDP traffic on port 514.

Cyberoam iView Installation Guide


Installation Procedure

Note
Make sure no services are running on port 8000 and 514. Installation will be cancelled if these ports are not
free.


Select one of the following installer as per your requirement:
• Cyberoam iView Installation with PostgreSQL

• Cyberoam iView Installation without PostgreSQL

Cyberoam iView Installation

1. Download Cyberoam iView

If you have already installed PostgreSQL - Click http://sourceforge.net/projects/
cyberoam-iview
/


If you have not installed PostgreSQL - Click http://sourceforge.net/projects/
cyberoam-iview
/files/



2. Download Postgres
If you have already installed PostgreSQL, skip this step.

Double click the downloaded Exe in step 1 to start the installation. Click Yes to visit
http://www.postgresql.org/
and download Postgres 8.4.


Screen – Setup

Cyberoam iView Installation Guide


3. Start Installation
Double click Exe downloaded in Step 1 to start the installation wizard. It opens the welcome screen.


Screen – Setup Wizard

Cyberoam iView Installation Guide

4. License Agreement
Click Next. It opens License Agreement screen. Select I accept the agreement to accept the license
agreement and click Next to proceed further with installation. In case you do not want to continue with
the Installation, select I do not accept the agreement.


Screen – License Agreement

Cyberoam iView Installation Guide

5. Specify installation folder
Click Next to install at default location or click Browse to select a folder to change the location and
then click Next.


Screen –Cyberoam iView Destination Location


Cyberoam iView Installation Guide

6. Specify Cyberoam iView Login Information
Specify Cyberoam iView administrative password and email address and then click Next.


Screen –Cyberoam iView Login Information

Note
Administrative password should contain minimum six characters.


Cyberoam iView Installation Guide

7. Specify PostgreSQL database installation folder

If PostgreSQL database v 8.4 is already installed, Cyberoam iView will use the existing database
else will automatically install PostgreSQL v 8.4. If you are already using PostgreSQL database,
verify that:
• User with the name ‘postgres’ exists in the PostgreSQL database else create user in PostgreSQL.
• Port 5432 is not configured for any other server as Cyberoam iView will be communicating with
PostgreSQL on 5432 port.

Skip this step if you already have installed PostgreSQL.

Click Next to install PostgreSQL database at default location or click Browse to select a folder to
change the location and then click Next.


Screen – PostgreSQL Directory

Cyberoam iView Installation Guide

8. Specify folder to store the logs
Click Next to store archive logs at default location or click Browse to select the folder to change the
location.


Screen – Log Directory

Note
It is recommended to have minimum 30 GB free space to store Logs. Performance might get affected if
minimum free space is not available.

Cyberoam iView does not support white spaces (blank) in the logs directory path. Please specify log
directory path without white spaces.

If the selected disk does not have 30GB free space, following warning message will be displayed.
Click OK to proceed with installation.


Screen– Warning Message

Cyberoam iView Installation Guide

9. Specify Java JDK Directory
Skip this step if you are installing using Exe (with PostgreSQL)
Click Browse to select Java JDK directory location and then click Next.


Screen – Java JDK Directory

Cyberoam iView Installation Guide

10. Specify start menu folder
Click Next to create the program’s shortcut at the default location or click Browse to select the folder
to change the location.


Screen– Start Menu Folder

11. Click Install to install Cyberoam iView components at mentioned locations or click Back to
change location of any of Cyberoam iView component.


Screen – Installation

Cyberoam iView Installation Guide



The installation program begins to copy and extract Cyberoam iView components - Microsoft Visual
C++ 2005 Redistributable, PostgreSQL 8.4 components.


Screen– Installation Process



Screen – Microsoft Visual C++ 2005 Redistributable


Cyberoam iView Installation Guide


Screen – PostgreSQL 8.4




Screen – Finalizing Installation


Cyberoam iView Installation Guide

Once the installation is completed successfully, below given screen will be displayed.


Screen – Completing Cyberoam iView Setup Wizard



Screen – Completing Cyberoam iView Setup Wizard


Cyberoam iView Installation Guide


Access Web Admin Console
Browse to http://<IP address of the machine on which Cyberoam iView is installed i.e. local
machine>:8000 and log on using default username ‘admin’ and password specified at the time of
installation.


Screen–Cyberoam- iView Web Console


Cyberoam iView Installation Guide



Device Integration
2
PART
Integration with Cyberoam Appliance

Note
Make sure that UDP traffic on port 514 is allowed by your Firewall.
Cyberoam WAN interface should be configured static IP address only.

Follow the steps given below to configure Cyberoam appliance to send logs to Cyberoam iView:

1. Add Syslog Server
Log on to Cyberoam Web admin console with default username and password (if not changed) and
go to System → Logging → Manage Syslog


Screen – Manage Syslog in Cyberoam

Click Syslog Configuration Name to change the existing configuration or click Create to add a new
syslog server with the following values:

Parameter
Value
Name Cyberoam_iView
IP address IP address of Cyberoam iView
Port 514
Facility Daemon
Severity Level Debug
Format CyberoamStandardFormat
Table – Add Syslog Server Screen Elements

Cyberoam iView Installation Guide


Screen – Add Syslog Server in Cyberoam

2. Enable logging on Syslog Server
Go to System → Logging → Logs Configuration and enable newly added syslog server to receive logs


Screen– Enable Syslog Server in Cyberoam



Cyberoam iView Installation Guide

3. Enable Firewall Logging
Go to Firewall → Manage Firewall and click
against the default firewall rule to edit the rule
Under the Log Traffic section, enable Log Traffic.


Screen – Enable Firewall Logging in Cyberoam



Cyberoam iView Installation Guide

Integration with FortiGate Appliance

Note
Make sure that UDP traffic on port 514 is allowed by your Firewall.
FortiGate WAN interface should be configured static IP address only.

Follow the steps given below to configure FortiGate appliance to send logs to Cyberoam iView:

1. Add Syslog Server
Log on to web based manager administrative interface and click Log and Reports menu. Under Log
Setting section of Log Config sub menu, configure syslog server using following values:

Parameter
Value
Remote Logging and
Archiving
Click checkbox to enable remote logging and
archiving
Syslog Click checkbox to enable log sending to configured
syslog server
IP/FQDN IP Address of Cyberoam iView
Port 514
Minimum Log Level Debug
Facility Local7
Table – Add Syslog Server Screen Elements


Screen – Configure Syslog in FortiGate

Note
Syslog Configuration may change as per your FortiGate version installed.

Cyberoam iView Installation Guide

Integration with Squid

Follow the steps given below to configure Squid to send logs to Cyberoam iView.

1. Update syslog-ng.conf with the below given text:

/etc/syslog-ng/syslog-ng.conf

# The filter removes all entries that come from the
# program 'squid' from the syslog
filter f_remove { program("squid"); };

# Everything that should be in the 'user' facility
filter f_user { facility(local4); };

# The log destination should be the '/var/log/user.log' file
destination df_user { file("/var/log/user.log"); };

# The log destination should be sent via UDP
destination logserver { udp("<ip address of Cyberoam iView>"); };


# The actual logging directive
log {

source(src);
# Apply the 'f_user' filter
filter(f_user);

# Apply the 'f_remove' filter to remove all squid entries
filter(f_remove);

# Send whatever is left in the user facility log file to
# to the 'user.log' file
destination(df_user);

# Send it to the logserver
destination(logserver);
};

2. Update squid.conf with the below given text:

/etc/squid/squid.conf

logformat iview device_id=squid log_component=HTTP log_type="Content Filtering"
log_subtype=Allowed user_name=%un src_ip=%>a domainname=%<A user_gp=%ui con
tenttype=%mt protocol=6 category= url=%ru recv_bytes=%<st log_type= dst_port=%lp

access_log syslog:LOG_LOCAL4 iview

Cyberoam iView Installation Guide

Integration with 24Online Appliance

Note
Cyberoam iView supports logging and reporting for 24Online version 8.4 onwards.
Enable Web Logging module of 24Online to send logs to Cyberoam iView.

Follow the steps given below to configure 24Online appliance to send logs to Cyberoam iView.

1. Enable Web Surfing Logger Service
Log on to 24 Online Management GUI and go to Web Surfing Logger→ Manage Logger
Configure Web Surfing logger using following values:

Parameter
Value
Redirect Logs to Click External Server Checkbox
External Server IP
Address
IP address of Cyberoam iView
External Server Port 514
Client Device ID 24Online
Table – Web Surfing Logger Screen Elements

Scr
een – Manage Web Surfing Logger

Cyberoam iView Installation Guide

Integration with SonicWALL Appliance

Note Make sure that UDP traffic on port 514 is allowed by your Firewall.
SonicWALL WAN interface should be configured static IP address only.

Follow the steps given below to configure SonicWALL appliance to send logs to Cyberoam iView:

1. Add Syslog Server
Log on to SonicWALL security appliance management interface and go to Log → Syslog.


Screen –Syslog in SonicWALL
Click
to change the existing configuration or click Add to add a new syslog server with the
following values:

Parameter
Value
Name or IP
Address
IP address of Cyberoam iView
Port 514
Table – Add Syslog Screen Elements


Screen –Add Syslog

Note
Syslog Configuration may change as per your SonicWALL version installed.


Cyberoam iView Installation Guide

2. Select Categories
Go to Log → Categories and enable log categories in Syslog column to send logs to Cyberoam
iView.
Cyberoam iView will display reports for following log categories:
• Attacks
• Blocked Web Sites
• Denied LAN IP
• Dropped ICMP
• Dropped TCP
• Dropped UDP
• Firewall Event
• Firewall Logging
• Intrusion Prevention
• Network Access
• Network Traffic
• Security Services

Cyberoam iView Installation Guide


Screen –Enable Log Categories

Cyberoam iView Installation Guide



Device Detection
3
PART
Device Detection in Cyberoam iView

1. Browse to http://<IP address of the Cyberoam iView server i.e. local machine>:8000 and log on
using username “admin” and password specified at the time of Cyberoam iView installation.
2. Cyberoam iView automatically detects the added devices and prompts super admin at the time of
login.


Screen – Detecting New Device in Cyberoam iView

3. Specify device name and device type from the drop down and activate the device by clicking
Active then click Save.
4. Go to System →Configuration →Device to view list of added devices.



Screen– List of Devices

Now Cyberoam iView will receive all the traffic logs from the newly added devices to generate reports.






Cyberoam iView Installation Guide


Cyberoam iView Documentation Copyright
© 2009 Elitecore Technologies Ltd. All rights reserved worldwide.
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing,
but is presented without warranty of any kind, expressed or implied. Elitecore assumes no
responsibility for any errors that may appear in this document. Information is subject to change
without notice.

In no event shall Elitecore be liable for any direct, indirect, or incidental damages, including, damage
to data arising out of the use or inability to use this manual.

No part of this work may be reproduced or transmitted in any form or by any means except as
expressly permitted by Elitecore Technologies Ltd. This does not include those documents and
software developed under the terms of the open source General Public License.

Cyberoam iView ™ is the trademark of Elitecore Technologies Ltd.

If you need commercial technical support for this product please visit www.cybreoam-iview.com
.
You can visit open source Cyberoam iView forums at https://sourceforge.net/projects/
cyberoam-
iview
/support
to get support from the project community.


Cyberoam iView License Policy
Cyberoam iView is free software, if you are using and/or enhancing / developing open source
applications: you can redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, either version 3 of the License, or (at your
option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.

A copy of the GNU General Public License is available along with this program; see the COPYING file
for the detailed license.

The interactive user interfaces in modified source and object code versions of this program must
display Appropriate Legal Notices, as required under Section 5 of the GNU General Public License
version 3.

In accordance with Section 7(b) of the GNU General Public License version 3, these Appropriate
Legal Notices must retain the display of the "Cyberoam Elitecore Technologies Initiative" logo.


Cyberoam iView ™ is the trademark of Elitecore Technologies Ltd.