Skip to main content
Hitachi Vantara Knowledge

Initial setup after installation

After installing the Hitachi Ops Center Analyzer components, continue with the setup of Ops Center Analyzer detail view, the Analyzer probe server, the Ops Center Analyzer server, granular data collection, and audit logging.

Initial setup of Analyzer detail view server

Open the URL of the Analyzer detail view server and follow the prompts.

Before you begin

  • Check the IP address of the Analyzer detail view server.
  • Obtain the Analyzer detail view license from your Hitachi Vantara representative.

Procedure

  1. Enter the Analyzer detail view server URL in your browser:

    https://ip-address:port-number The default port for HTTPS access is 8443.
  2. Read and accept the license agreement, and then click Next.

  3. In the Upload License window, click Choose File to browse to the license file and click Open.

  4. Click Submit to register the license.

  5. In the Set Details For Existing admin User window, enter the password, select the locale, and then click Submit. (The user name for the built-in administrator account is admin.)

    NoteThe current version of Ops Center Analyzer detail view supports only the English locale.
  6. In the Analyzer detail view server login window, enter the administrator user credentials and click Login.

  7. In the Select Time zone window, select the appropriate time zone and click Next.

    The Analyzer detail view server home page is displayed.
    NoteReports display data using the time zone of the Analyzer detail view server (not that of the storage systems). For example, if the Analyzer detail view server UI time zone is configured to IST, reports will use IST time regardless of where individual storage systems are located.
  8. (Optional) Configure an alert notification email or Syslog to monitor the downloader and import delay, license expiration, and system memory usage. Configure SNMP for performance-based alerts. For information, see "Monitoring Analyzer detail view server alerts" in the Analyzer detail view server Online Help. For instructions on setting up the mail server, see "Configuring the SMTP server" in the online help.

  9. (Optional) Create an Analyzer server account that belongs to the Administrator group on the Analyzer detail view server.

    For information about how to add accounts, see the Analyzer detail view server Online Help. If you use the built-in administrator account to access the Analyzer server, this step is unnecessary.

    NoteSeveral accounts are created automatically in Analyzer detail view server when you configure Analyzer server for connecting with the Analyzer server. Do not change or delete the information of the following user accounts:
    • HIAA_Server_Admin

    • HIAA_REST_Admin

    • HIAA_REST_Normal

    • HIAA_GUI_Report

Initial setup of Analyzer probe server

Open the URL of the Analyzer probe server and follow the prompts.

Before you begin

  • Check the IP address of the Analyzer detail view server.
  • Check the IP address of the Analyzer probe server.
  • Obtain the Analyzer detail view license from your Hitachi Vantara representative.

Procedure

  1. Open your browser and enter the Analyzer probe server URL.

    https://Analyzer-probe-server-IP-address:8443
  2. When you first launch the Analyzer probe server UI, you see the license agreement details. Read it and then click Next.

  3. In the Upload License window, click Choose File to browse to a license file and click Open.

  4. Click Submit to add the license.

  5. In the Create Administrator Account window, provide the following and then click Submit:

    • User name and password
    • First name, last name, and email address of the user
    • Locale: Only the U.S. English locale is currently supported
    • Group: Select Admin to create an administrator account
    NoteTo complete the Analyzer probe server configuration you must create a Local user with an administrator account. After creating the Local user you can add the desired Active Directory users.
  6. In the Analyzer probe login window, enter the administrator user credentials and click Login.

  7. The Basic Information window displays the Customer Name (which cannot be changed). Provide the following contact information and click Next:

    • Administrator Contact Name and email
    • Technical Contact Name and email
  8. In the Select Time zone window, make a selection and then click Next.

  9. In the Primary Analyzer detail view Server Information window, specify the following details:

    Note

    • If you are connecting the Analyzer detail view server to the Analyzer probe server using the host name and a proxy server, you must add the IP address and host name of the Analyzer detail view server to the /etc/hosts file on the Analyzer probe server.
    • If you edit the existing connection details, make sure that you update these details on the Analyzer detail view server by updating the downloader. For more information, refer to Updating the downloader on the Analyzer detail view server
    • Protocol: FTP, FTPS, SFTP, or HTTPS.

      The Analyzer detail view server supports SFTP and HTTPS protocols. If you are using an FTP or FTPS protocol, then make sure that the FTP or FTPS server is configured and you provide the FTP or FTPS server IP address in the Host field. The intermediate FTP or FTPS server must not be the same as the Analyzer detail view server.

      If you are using SFTP and HTTPS protocols, refer to Supported ciphers for Analyzer probe.

    • Host: Analyzer detail view server or intermediate FTP server IP address.

      If you are using intermediate FTP server as a primary server, then you must configure the downloader on the Analyzer detail view server to download the data from this FTP server.

    • Port: Based on the selected protocol.
    • User: User name for the host. For an Analyzer detail view server the user name is: meghadata
      NoteIf you are using an intermediate FTP server, the FTP user must have the required permission to create a new directory in the current working directory on the FTP server, after connecting to the FTP server.
    • Password: Password for the host. For an Analyzer detail view server the default password is: meghadata123
      NoteTo enhance security for the FTP account, you can change the meghadata user's default password. Refer to Changing the megha and meghadata passwords for more information.
    • Advanced Settings:
      • Proxy: Select to configure a proxy server.
      • Real-time Server: By default the Real time server field uses the value that you entered in the Host field.

        If you are using intermediate FTP server, then make sure you type in the Analyzer detail view server IP address that is processing the data of the primary server, also make sure that you are not connecting the Analyzer probe server to Analyzer detail view server using proxy.

    Note Port number 9092 must be open on the Analyzer detail view server. The Analyzer probe server must be able to connect to the Analyzer detail view server using port number 9092 to send the real-time data.
  10. Click Next.

    In addition to sending probe data to a single (local) Analyzer detail view server, you can configure a secondary, cloud-based Analyzer detail view server. The purpose is to host a copy of the probe data where it can be accessed outside of your internal network. You can add this secondary server from the Analyzer probe server UI.

    NoteThe secondary Analyzer detail view server does not support real-time collection.
  11. In the Data Collection duration window, verify the license expiry date in your license, and then click Next.

  12. From the list of probes, select the probe type and configure it to collect data from the monitoring target. You must add at least one probe to complete the installation.

    To add additional probes, go to the Analyzer probe server web UI home page and click Add Probe.

    The following are available:

    • Hitachi Adaptable Modular Storage (AMS) probe

    • Hitachi Enterprise Storage probe

    • Hitachi NAS probe

    • VMware probe

    • Brocade FC Switch (BNA) probe

    • Brocade FC Switch (CLI) probe

    • Cisco FC Switch (DCNM) probe

    • Cisco FC Switch (CLI) probe

    • Linux probe

Configuring the single sign-on functionality of Ops Center Common Services

To use the single sign-on functionality of Common Services, Analyzer must be registered in Common Services. If you deployed the Ops Center OVA, Analyzer is already registered in Common Services. If the host name, IP address, or port number of the server where Common Services is installed changes, you must register Analyzer again.

Registering Ops Center Analyzer in Ops Center Common Services

If you want to use Common Services that is installed on a different host, or if you want to use Common Services that was installed by using the installer, you must register Common Services to Analyzer by running a command on the Analyzer server.

  1. Run the setupcommonservice command with the auto option specified to register Analyzer in Common Services.

    For details about setupcommonservice command, see setupcommonservice.

setupcommonservice

Use this command to register Analyzer to Ops Center Common Services. This command also updates the Analyzer information that is registered in Common Services.

Format
  • In Windows

    • When registering Analyzer to Common Services

      setupcommonservice
            /csUri Common-Services-URL
            /csUsername Common-Services-username
            /csPassword Common-Services-user-password
           [/appHostname Analyzer-server-host-name-or-IP-address]
           [/appPort Analyzer-server-port]
           [/appName product-name-to-display-in-the-portal]
           [/appDescription description-to-display-in-the-portal]
           [/auto]
    • When updating the information of Analyzer that is registered in Common Services

      setupcommonservice
           [/csUri Common-Services-URL
            /csUsername Common-Services-username
            /csPassword Common-Services-user-password]
           [/appHostname Analyzer-server-host-name-or-IP-address]
           [/appPort Analyzer-server-port]
           [/appName product-name-to-display-in-the-portal]
           [/appDescription description-to-display-in-the-portal]
           [/auto]
    • When displaying usage information for this command

      setupcommonservice /help
  • In Linux

    • When registering Analyzer to Common Services

      setupcommonservice
            -csUri Common-Services-URL
            -csUsername Common-Services-username
            -csPassword Common-Services-user-password
           [-appHostname Analyzer-server-host-name-or-IP-address]
           [-appPort Analyzer-server-port]
           [-appName product-name-to-display-in-the-portal]
           [-appDescription description-to-display-in-the-portal]
           [-auto]
    • When updating the information of Analyzer that is registered in Common Services

      setupcommonservice
           [-csUri Common-Services-URL
            -csUsername Common-Services-username
            -csPassword Common-Services-user-password]
           [-appHostname Analyzer-server-host-name-or-IP-address]
           [-appPort Analyzer-server-port]
           [-appName product-name-to-display-in-the-portal]
           [-appDescription description-to-display-in-the-portal]
           [-auto]
    • When displaying usage information for this command

      setupcommonservice -help
Options
  • csUri Common-Services-URL

    Specify the Common Services URL (URL for Ops Center Portal).

  • csUsername Common-Services-username

    Specify the username with Security Admin or System Admin role for Common Services.

    You can specify from 1 to 256 characters.

    You can use alphanumeric characters and the following characters:

    Exclamation marks (!), hash marks (#), dollar signs ($), percent signs (%), ampersands (&), single quotation marks ('), left parentheses ( ( ), right parentheses ( ) ), asterisks (*), plus signs (+), hyphens (-), periods (.), equal signs (=), at marks (@), carets (^), underscores (_), and vertical bars (|)

    The username is case sensitive.

  • csPassword Common-Services-user-password

    Specify the password of the user specified in the csUsername option.

    You can specify from 1 to 256 characters.

    Usable character types are the same as for the csUsername option.

  • appHostname Analyzer-server-host-name-or-IP-address

    Specify the host name or IP address for Analyzer server.

    If this option is omitted, the host name of Analyzer server is set.

  • appPort Analyzer-server-port

    Specify the port number for Analyzer server.

    If this option is omitted, 22016 (SSL) is set.

  • appName product-name-to-display-in-the-portal

    Specify the Analyzer name to display in the Ops Center Portal.

    You can specify from 1 to 255 characters.

    If this option is omitted during the registration of a new instance, the host name or IP address of Analyzer server is set.

  • appDescription description-to-display-in-the-portal

    Specify the Analyzer description to display in the Ops Center Portal.

    You can specify from 0 to 255 characters.

    If this option is omitted, no description is displayed.

  • auto

    Automatically stops and starts Analyzer server services.

  • help

    Display usage information for this command.

Location
  • In Windows

    Analyzer-server-installation-destination-folder\Analytics\bin

  • In Linux

    Analyzer-server-installation-destination-directory/Analytics/bin

Permissions

Administrator permission (for Windows) or a root user permission (for Linux).

Notes

If you execute this command without specifying the auto option, restart the product by executing the hcmds64srv command on the host where you executed the command.

Return values

Return value

Description

0

The command ran normally.

1

The argument is invalid.

2

Command running was interrupted.

5

Communication failed.

6

Authentication failed.

14

You do not have permission to run this command.

16

An attempt to start or stop the services of the Analyzer server failed.

255

Command running was interrupted because of another error.

Example

To register a new instance of Analyzer in Common Services:

setupcommonservice /csUri https://myopscenter.com:443/portal /csUsername sysadmin /csPassword sysadmin /appHostname myanalyzer.com /appName Analyzer_B /appDescription "For managing site B" /auto

To reregister Analyzer in an instance of Common Services on another host:

setupcommonservice /csUri https://myopscenter2.com:443/portal /csUsername sysadmin /csPassword sysadmin /appHostname myanalyzer.com /appName Analyzer_B /appDescription "For managing site B" /auto
NoteAfter running the previous command, delete information about Analyzer from the Ops Center Portal that was previously used.

If the host name of the instance of Common Services in which Analyzer is registered was changed to US_opscenter.com:

setupcommonservice /csUri https://US_opscenter.com:443/portal /csUsername sysadmin /csPassword sysadmin /auto

To change the host name of the Analyzer server that is registered in Common Services to myanalyzer2.com:

setupcommonservice /appHostname myanalyzer2.com /auto

Assigning Analyzer permissions to Ops Center user groups

When you use the Common Services single sign-on to perform operations in Analyzer, you must assign Analyzer operating permissions to Ops Center user groups. Complete this task on the Analyzer server.

Before you begin

Analyzer must be registered in Common Services.

Procedure

  1. Log in to the Ops Center Portal as a user with the Security Admin role or System Admin role, and then launch Analyzer.

  2. In the Analyzer Administration tab, select User Group Management > User Groups And Permissions.

  3. Select the check box for the user group to which you want to assign permissions, and then click Edit Permission Mapping.

    NoteYou can select multiple user groups.
  4. In the Edit User Groups window, select the check boxes for the permissions you want to assign.

  5. Click OK.

Initial setup of Analyzer server

Set up the Analyzer server, change the system account password, connect to the Analyzer detail view server, and then configure the mail server.

Registering the license for Analyzer server

Register the license for Analyzer server, and then use the built-in account to log on to Analyzer server.

Before you begin

  • Check the IP address or host name of the Analyzer server.
  • Check the IP address of the Analyzer detail view server.
  • Obtain the Analyzer server license from your Hitachi Vantara representative.

Procedure

  1. Add the Analyzer server product URL to the list of exceptions in your browser's popup blocker.

  2. Enter the URL for the Analyzer server in your web browser:

    http://host-name-or-IP-address-of-the-Analyzer-server:22015/Analytics/login.htm
  3. In the logon window, click Licenses.

    1. Use either of the following methods:

      • Enter the license key
      • Specify the license file
    2. Click Save.

      The license is added in the list.
  4. To log on to the Analyzer server, use these credentials:

    • User IDsystem
    • Passwordmanager

      (default)

    NoteThe account "zzz_HIAA_Reportuser_xxx" is created automatically in Analyzer server.

Results

The logon is complete, and the Analyzer server Dashboard displays.

Changing the system account password

Change the default password for the system account. The system account is a built-in account that has the user management permission, and permissions for all Analyzer server operations.

  1. In the Administration tab, select User Management Users and Permissions.

  2. From the displayed dialog box, display Users, and then select System.

  3. Click Change Password.

Setting up a connection with Analyzer detail view server

Set up a connection so that the data collected by the Analyzer detail view server can be analyzed by the Analyzer server.

Procedure

  1. In the Administration tab, select System Settings Analyzer detail view Server.

  2. Click Edit Settings, and specify the Analyzer detail view server information.

    NoteSpecify the built-in administrator account. If you want to use a different account, specify the account created during the initial setup of the Analyzer detail view server. If you change the password of the specified user on the Analyzer detail view server, also change the same password in Password of the Edit Settings dialog box.
  3. Click Check Connection to confirm that the server is connected properly.

    If you cannot access the Analyzer detail view server, verify the following:
    • The certificate is correctly specified on the Analyzer server.
    • The certificate is not expired.
  4. Click OK.

Results

The Analyzer detail view server is connected.

Configuring the mail server

Configure the mail server and the email address of the sender to send emails in the following cases:
  • To notify the administrator of problems that occur in monitored resources and information related to Analyzer server operations.
  • To periodically send dashboard reports to users.

Before you begin

Make sure you have the Admin permission of Ops Center Analyzer.

Procedure

  1. In the Administration tab, select Notification Settings Email Server.

  2. Click Edit Settings to specify information about the mail server.

  3. To verify that the mail server is configured correctly, click Send Test Mail.

  4. Confirm that the test email arrives, and then click Save Settings.

Changing Analyzer passwords

You can increase the security of the Analyzer components, by changing the default passwords.

Changing the megha and meghadata passwords

You should change the megha and meghadata user passwords to enhance the security. The megha user exists on both the Analyzer detail view server and the Analyzer probe server. The Analyzer probe server does not have a meghadata account.

NoteYou can also use the following steps if the current password of the megha and meghadata user is expired.

Procedure

  1. Log on to the Analyzer detail view server or Analyzer probe server through an SSH client (like putty) as a root user.

    Note
    NoteIf you do not want to stop the crond service, you can stop the specific processes of the Analyzer detail view server and Analyzer probe server by using the crontab -e command as described in Stopping the Analyzer detail view server or Analyzer probe server services and Starting the Analyzer detail view server or Analyzer probe server services
  2. Stop the crond service using the command:

    service crond stop
  3. Stop the megha service using the command:

     /usr/local/megha/bin/megha-jetty.sh stop
  4. Verify the stopped status of the megha service:

    /usr/local/megha/bin/megha-jetty.sh status
  5. Run the change password script:

    /usr/local/megha/bin/changePassword.sh --user
  6. Choose the account you want to change.

  7. Type the user password and confirm it.

  8. Start the megha service using the command:

    /usr/local/megha/bin/megha-jetty.sh start
  9. Start the crond service using the command:

    service crond start

Next steps

If you have changed the meghadata user password on the Analyzer detail view server and if the Analyzer probe server is uploading the data directly to the Analyzer detail view server, the meghadata user password must be updated on the Analyzer probe UI as well. It enables the Analyzer probe server to send the data to the Analyzer detail view server. To change the password, log on to the Analyzer probe UI and then go to the Home > Reconfigure > Analyzer detail view Server tab to update the meghadata user password.

Changing the real-time database password

A real-time mechanism transfers data to the Analyzer detail view server as soon as the data is received by the Analyzer probe server. This real-time data is stored in the database for 30 minutes. You should change the real-time database password to enhance security.

Note

The Analyzer detail view server and the Analyzer probe server share the same username and password for the real-time database. When changing the password you must change it on both servers.

Procedure

  1. Log on to the Analyzer detail view server or Analyzer probe server through an SSH client (like putty) as a root user.

    Note
    NoteIf you do not want to stop the crond service, you can stop the specific processes of the Analyzer detail view server and Analyzer probe server by using the crontab -e command as described in Stopping the Analyzer detail view server or Analyzer probe server services and Starting the Analyzer detail view server or Analyzer probe server services
  2. Stop the crond service using the command:

    service crond stop
  3. Stop all the running services using the command:

    /usr/local/megha/bin/stop-all-services.sh
  4. Change the real-time database password using the command:

    /usr/local/megha/bin/changePassword.sh --realTimeDB
  5. Start the megha service using the command:

    /usr/local/megha/bin/megha-jetty.sh start
  6. Start the crond service using the command:

    service crond start

Initial setup for enabling Granular Data Collection

If you enable Granular Data Collection from Ops Center Analyzer, the RAID Agent commands are run remotely, and performance data (in units of seconds) for the monitored storage systems is output in CSV format. You can use this data for further analysis.

Before enabling Granular Data Collection, make sure the following conditions are satisfied:

  • The Analyzer server is running a Linux OS.
  • RAID Agent or Tuning Manager - Agent for RAID is running on a Linux OS that is supported by the Analyzer server.
  • Performance information for the monitored storage systems is being collected using a command device.
  • For details on the types of storage systems for which Granular Data Collection can be used, see Monitoring target requirements.

To enable Granular Data Collection:

  • Configure SSH on both the Analyzer server and the RAID Agent (or Tuning Manager - Agent for RAID) host.
  • Register the storage systems to be monitored by using Granular Data Collection on the Analyzer server.

Configuring SSH to use Granular Data Collection

You must enable SSH to use Granular Data Collection to remotely execute commands on the RAID Agent host from the Ops Center Analyzer server.

You must also configure the SSH settings if you want to use Tuning Manager - Agent for RAID to collect data from the monitored storage systems.

To enable SSH, specify the following settings:

  1. Create keys on the Analyzer server.
  2. Register the public key for the RAID Agent host and configure authentication using public key cryptography.
  3. Verify the connection.

Creating keys on the Analyzer server

Create the public and private keys used for SSH on the Analyzer server. You can use both the RSA and DSA cryptography key types.

Before you begin

You must have the root permission of the OS.

Procedure

  1. Run the ssh-keygen command as follows:

    • For RSA keys:
      ssh-keygen -t rsa
    • For DSA keys:
      ssh-keygen -t dsa
  2. Specify the full pathname of the file where the private key will be stored.

    The default location is ~/.ssh/id_rsa.

  3. Press Enter twice.

    When you are prompted to enter the password for the private key, press Enter. When you are prompted again, press Enter again.

    An example of running the ssh-keygen -t rsa command:

    [root@HOST]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/ssh-user/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/ssh-user/.ssh/id_rsa.
    Your public key has been saved in /home/ssh-user/.ssh/id_rsa.pub.
    The key fingerprint is:
    ax:xx:xx:xx:xx:bx:xx:xc:xx:xx:xx:xd:xd:xa:ed:xx root@HOST
  4. Run the chmod command to specify 600 as the attribute of the private key file.

    [root@HOST]$ chmod 600 id_rsa

    Be sure to protect private keys.

Results

The private key and public key for authentication are created.

Next steps

Configure the public key authentication.

Configuring the public key authentication

Configure the public key authentication using public key cryptography.

Before you begin

You must have the root permission.

Procedure

  1. Navigate to the .ssh directory. Specify 700 as the attribute of the directory.

    NoteIf there is no .ssh directory, create one.
  2. Add the contents of the Analyzer server public key file to the authentication key file of the RAID Agent host.

  3. Run the chmod command to specify 600 as the attribute of the authentication key file.

    The following is an example of running the command. In this example, the host name of the Analyzer server where keys are created is "HIAAHost", and the host name of the RAID Agent host is "AgentHost".
    [root@AgentHost ]$ cd .ssh
     
    [root@AgentHost .ssh]$ ssh root@HIAAHost 'cat /root/.ssh/id_rsa.pub' >> authorized_keys
    root@HIAAHost's password: Enter a password here.
    [root@AgentHost .ssh]$ chmod 600 authorized_keys
  4. Set the authentication key file as the value of AuthorizedKeysFile in /etc/ssh/sshd_config.

    NoteBy default, ~/.ssh/authorized_keys or .ssh/authorized_keys is set as the value of AuthorizedKeysFile. If you have changed the path of the authentication key file, revise the value of AuthorizedKeysFile.
  5. Specify yes for the value of PubkeyAuthentication in /etc/ssh/sshd_config.

  6. Specify yes for the value of PermitRootLogin in /etc/ssh/sshd_config.

  7. Restart the sshd.

    NoteFor details about the items to specify in sshd_config and how to specify settings, see the documentation for the SSH server that you plan to use.

Results

The public key is registered to the RAID Agent host, and the authentication is configured.

Next steps

Verify the SSH connection.

Verifying SSH connections

Verify whether an SSH connection can be established between the Analyzer server and the RAID Agent host.

Before you begin

You must have the root permission of the OS to perform this operation.

Procedure

  1. Use the created private key to run the ssh command for the RAID Agent host from the Analyzer server.

    If a connection is successfully established without any prompt for an identity, SSH configuration is complete. If an error occurs or you are prompted to enter a password and a passphrase, check whether the settings are configured as described.

Registering storage systems to be monitored by Granular Data Collection

Use a definition file to register the storage systems when performance information (in seconds) is collected by using the Granular Data Collection feature in Ops Center Analyzer. As with RAID Agent, you also must use a definition file to register target storage systems if you use Tuning Manager - Agent for RAID to collect information from the monitored storage systems.

Definition file

storage_agent_map.txt

Location

Analyzer-server-installation-destination-directory/Analytics/bin/command/granular

Definition items

Specify the following items by using commas to separate them.

Setting item

Description

Required/Optional

Model name of the storage system

Model name of the storage system

Required

Serial number of the storage system

Serial number of the storage system

Required

IP address of the RAID Agent host

IP address of the RAID Agent host

Required

Port number of the RAID Agent host

Port number of the RAID Agent host

If you fail to provide this information, 24221 is used as the default port number.

Optional

Instance name for collecting performance information (in seconds)

The name of instance that you want collect performance information (in seconds)

If you fail to provide this information, RAID Agent searches for the target instance by comparing the model name and serial number specified in the definition file to the information that RAID Agent holds.

Optional

Use of a proxy server

Whether to use a proxy server for communication between the Analyzer server and the RAID Agent host.

If a proxy server is available, specify one of the following values:

  • noproxy: Specify this if the server and the host communicate directly with each other without using a proxy server.
  • proxy: Specify this if you use a proxy server.

If a proxy server is not available, omit this item.

Optional

URL of the proxy server

The URL of the proxy server.

If you use a proxy server, you must specify a value for this item.

Optional

Authentication information for the proxy server

Authentication information for the proxy server.

If you use a proxy server that requires user authentication, specify the authentication information in the following format:

user-name:password

Optional

Definition example

In the definition file example below, the following three storage systems are registered to be monitored once per second.

  • VSP F1500
  • VSP G1000
  • HUS VM

Storage system

VSP F1500VSP G1000HUS VM

Model name of the storage system

VSP F1500VSP G1000HUS VM

Serial number of the storage system

123456

7890

10000

IP address of the RAID Agent host

10.196.1.2

10.196.1.3

10.196.1.4

Port number of the RAID Agent host

Not set

24221

Not set

Instance name for collecting performance information (in seconds)

Not set

INSTANCE1

INSTANCE2

Use of a proxy server

Not set

Not set

Not set

URL of the proxy server

Not set

Not set

Not set

Authentication information for the proxy server

Not set

Not set

Not set

Definition file example
VSP F1500,123456,10.196.1.2
VSP G1000,7890,10.196.1.3,24221,INSTANCE1
HUS VM,10000,10.196.1.4,,INSTANCE2

Configuring initial settings for enabling the audit log of the Analyzer server

The audit log provides a record of all user operations on the Analyzer server. The audit log tracks events from several categories such as external services, authentication, configuration access, start and stop services. By examining the audit log, you can check the system usage status or audit for unauthorized access.

The audit log data is output to the event log file (in Windows) or to the syslog file (in Linux).

The following table lists and describes the categories of audit log data that can be generated from products that use the Common component. Different products generate different types of audit log data.

Categories

Description

StartStop

Events indicating starting or stopping of hardware or software:

  • Starting or shutting down an OS

  • Starting or stopping a hardware component (including micro components)

  • Starting or stopping software on a storage system or SVP, and products that use the Common component

Failure

Events indicating hardware or software failures:

  • Hardware failures

  • Software failures (memory error, etc.)

LinkStatus

Events indicating link status among devices:

  • Whether a link is up or down

ExternalService

Events indicating the results of communication with external services:

  • Communication with an external server, such as NTP or DNS

  • Communication with a management server (SNMP)

Authentication

Events indicating that a device, administrator, or end user succeeded or failed in connection or authentication:

  • Fibre Channel login

  • Device authentication (Fibre Channel - Security Protocol authentication, iSCSI login authentication, SSL server/client authentication)

  • Administrator or end user authentication

AccessControl

Events indicating that a device, administrator, or end user succeeded or failed in gaining access to resources:

  • Access control for devices

  • Access control for the administrator or end users

ContentAccess

Events indicating that attempts to access important data succeeded or failed:

  • Access to important files on NAS or to contents when HTTP is supported

  • Access to audit log files

ConfigurationAccess

Events indicating that the administrator succeeded or failed in performing an allowed operation:

  • Reference or update of the configuration information

  • Update of account settings including addition or deletion of accounts

  • Security configuration

  • Reference or update of audit log settings

Maintenance

Events indicating that a performed maintenance operation succeeded or failed:

  • Addition or deletion of hardware components

  • Addition or deletion of software components

AnomalyEvent

Events indicating that an anomaly, such as a threshold being exceeded, occurred:

  • A network traffic threshold was exceeded

  • A CPU load threshold was exceeded

  • Pre-notification that a limit is being reached or a wraparound occurred for audit log data temporarily saved internally

Events indicating that abnormal communication occurred:

  • SYN flood attacks to a regularly used port, or protocol violations

  • Access to an unused port (port scanning, etc.)

Enabling audit logging

To enable the audit log of the Analyzer server and change the audit events to be output to the audit log, first configure the environment configuration file (auditlog.conf) for the Common component. Then you must restart the Analyzer server.

Note
  • If the Analyzer server is installed by using a virtual appliance, the audit log is enabled by default.

    If the Analyzer server is installed by using the installer, the audit log is disabled by default. Enable the settings as required.

  • A large volume of audit log data might be output. Change the log file size and back up or archive the generated log files accordingly.

Procedure

  1. Log on to the Analyzer server as a user with Administrator permission (for Windows) or root permission (for Linux).

  2. Open the auditlog.conf file, which is located in one of the following locations:

    • In Windows

      common-component-installation-destination-folder\conf\sec\auditlog.conf

    • In Linux

      common-component-installation-destination-directory/conf/sec/auditlog.conf

    NoteThe auditlog.conf file is an environment configuration file for the Common component. Therefore, if another product that uses the Common component is installed on the same host as the Analyzer server, the audit log settings will be shared among both products.
  3. To enable audit logging, specify the audit event categories for the Log.Event.Category property in the auditlog.conf file.

  4. To disable audit logging, delete all audit even categories specified for the Log.Event.Category property in the auditlog.conf file.

  5. Restart the Analyzer server services.

Settings in the auditlog.conf file

You can specify the audit event categories and severity to be output in the auditlog.conf file.

The following shows the items you can set in the auditlog.conf file.

  • Log.Facility (Effective in Linux only)

    Specify a numeric value for the facility (the log type) required to output audit log data to the syslog file in Linux. (Default value: 1)

    Log.Facility has an effect in Linux only. Log.Facility is ignored in Windows, even if it is specified. Also, if an invalid value or a non-numeric character is specified, the default value is used.

    The following table shows the correspondence between the specifiable values for Log.Facility and the facility defined in the syslog.conf file.

    Specifiable value for Log.Facility

    Facility defined in the syslog.conf file

    1

    user

    2

    mail*

    3

    daemon

    4

    auth*

    6

    lpr*

    16

    local0

    17

    local1

    18

    local2

    19

    local3

    20

    local4

    21

    local5

    22

    local6

    23

    local7

    *: Although you can specify this value, we do not recommend that you specify it.

    To filter audit logs output to the syslog file, you can combine the facility specified for Log.Facility and the severity specified for each audit event.

    The following table shows the correspondence between the severity of audit events and the severity defined in the syslog.conf file.

    Severity of audit events

    Severity defined in the syslog.conf file

    0

    emerg

    1

    alert

    2

    crit

    3

    err

    4

    warning

    5

    notice

    6

    info

    7

    debug

  • Log.Event.Category

    Specify the audit event categories to be output. (Default value: none)

    When specifying multiple categories, use commas (,) to separate them. In this case, do not insert spaces between categories and commas. If Log.Event.Category is not specified, audit log data is not output. Log.Event.Category is not case-sensitive. If an invalid category name is specified, the specified file name is ignored.

    Valid categories: StartStop, Failure, LinkStatus, ExternalService, Authentication, AccessControl, ContentAccess, ConfigurationAccess, Maintenance, or AnomalyEvent

  • Log.Level (Effective in Windows only)

    Specify the severity level of audit events to be output. (Default value: 6)

    Events with the specified severity level or lower will be output to the event log file.

    For details about the severity of each audit event, see the list of audit events output to the audit log.

    Log.Level has an effect in Windows only. Log.Level is ignored in Linux, even if it is specified. Also, if an invalid value or a non-numeric character is specified, the default value is used.

    The following table shows the correspondence between the specifiable value for Log.Level and the levels displayed in the event log.

    Specifiable value for Log.Level

    Levels displayed in the event log

    0

    Error

    1

    2

    3

    4

    Warning

    5

    Information

    6

    7

Sample audit.log.conf file

The following shows an example of the auditlog.conf file:

# Specify an integer for Facility. (specifiable range: 1-23)
Log.Facility 1

# Specify the event category.
# You can specify any of the following:
# StartStop, Failure, LinkStatus, ExternalService,
# Authentication, AccessControl, ContentAccess,
# ConfigurationAccess, Maintenance, or AnomalyEvent.
Log.Event.Category StartStop,Failure,LinkStatus,ExternalService,Authentication,AccessControl,ContentAccess,ConfigurationAccess,Maintenance,AnomalyEvent

# Specify an integer for Severity. (specifiable range: 0-7)
Log.Level 6

In the example above, all types of audit events are output. For Windows, Log.Level 6 outputs audit log data corresponding to the Error, Warning, and Information levels. For Linux, Log.Facility 1 outputs the audit log data to the syslog file that is defined as the user facility in the syslog.conf file.

Format of data output to the audit log

The audit log data is output to the event log file (in Windows) or to the syslog file (in Linux).

The following shows the format of data output to the audit log:

  • In Windows
    program-name [process-ID]: message-part
  • In Linux
    syslog-header-message message-part

    The format of the syslog-header-message differs depending on the OS environment settings. If necessary, change the settings.

    For example, if you use rsyslog and specify the following in /etc/rsyslog.conf, messages are output in a format corresponding to RFC5424:

    $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format

The format and contents of message-part are described below. In message-part, a maximum of 953 single-byte characters can be displayed in a syslog file.

uniform-identifier,unified-specification-revision-number,serial-number,message-ID,date-and-time,detected-entity,detected-location,audit-event-type,audit-event-result,audit-event-result-subject-identification-information,hardware-identification-information,location-information,location-identification-information,redundancy-identification-information,agent-information,request-source-host,request-source-port-number,request-destination-host,request-destination-port-number,batch-operation-identifier,log-data-type-information,application-identification-information,reserved-area,message-text

Item*

Description

uniform-identifier

Fixed to CELFSS.

unified-specification-revision-number

Fixed to 1.1.

serial-number

Serial number of audit log messages.

message-ID

Message ID.

date-and-time

The date and time when the message was output. This item is output in the format of yyyy-mm-ddThh:mm:ss.stime-zone.

detected-entity

Component or process name.

detected-location

Host name.

audit-event-type

Event type.

audit-event-result

Event result.

audit-event-result-subject-identification-information

Account ID, process ID, or IP address corresponding to the event.

hardware- identification-information

Hardware model or serial number.

location-information

Identification information for the hardware component.

location-identification-information

Location identification information.

FQDN

Fully qualified domain name.

redundancy-identification-information

Redundancy identification information.

agent-information

Agent information.

request-source-host

Host name of the request sender.

request-source-port-number

Port number of the request sender.

request-destination-host

Host name of the request destination.

request-destination-port-number

Port number of the request destination.

batch-operation-identifier

Serial number of operations through the program.

log-data-type-information

Fixed to BasicLog or DetailLog.

application-identification-information

Program identification information.

reserved-area

Not output. This is a reserved space.

message-text

The contents vary according to the audit events.

Characters that cannot be displayed are output as asterisks (*).

*: Some items are not output for some audit events.

The following is an example of the message portion of an audit log login event:

CELFSS,1.1,0,KAPM01124-I,2017-05-15T14:08:23.1+09:00,HBase-SSO,management-host,Authentication,Success,uid=system,,,,,,,,,,,,BasicLog,,,"The login was successful. (session ID = session ID)"

Adding a secondary Analyzer detail view server

In addition to sending Analyzer probe server data to a single (local) Analyzer detail view server, you can configure a secondary, cloud-based Analyzer detail view server. The purpose is to host a copy of the probe data where it can be accessed outside of your internal network.

NoteThe secondary Analyzer detail view server does not support real-time data; the data might be received at different times from the Analyzer probe server.

The secondary Analyzer detail view server hosts an independent, non-synchronous copy of the probe data and does not constitute a failover configuration. Furthermore, the secondary Analyzer detail view server does not include primary Analyzer detail view server configuration data, including:

  • Alert definitions
  • Custom reports
  • Custom trees
  • User logins and profiles

You can use the Analyzer detail view server backup and restore feature to save or copy these settings.

Procedure

  1. On the Analyzer probe home page, click Reconfigure.

  2. Go to Analyzer detail view Server tab and click Add Analyzer detail view Server.

  3. In the Secondary Analyzer detail view Server window, specify the following details:

    NoteIf you are connecting the Analyzer detail view server to the Analyzer probe server using the host name and a proxy server, you must add the IP address and host name of the Analyzer detail view server to the /etc/hosts file on the Analyzer probe server.
    • Protocol: FTP, FTPS, SFTP, or HTTPS.

      The Analyzer detail view server supports SFTP and HTTPS protocols. If you are using an FTP or FTPS protocol, then make sure that the FTP or FTPS server is configured and you provide the FTP or FTPS server IP address in the Host field.

    • Host: Analyzer detail view server or intermediate FTP server IP address.

      If you are using an intermediate FTP server as a secondary server, then make sure that you configure the downloader on the Analyzer detail view server to download the data from this FTP server.

    • Port: Based on the selected protocol.
    • User: User name for the host. For an Analyzer detail view server the user name is: meghadata
      NoteIf you are using an intermediate FTP server, the FTP user must have the required permission to create a new directory in the current working directory on the FTP server, after connecting to the FTP server.
    • Password: Password for the host. For an Analyzer detail view server the default password is: meghadata123
      NoteTo enhance security for the FTP account, you can change the meghadata user's default password. Refer to Changing the megha and meghadata passwords for more information.
    • Advanced Settings:
      • Proxy: Select to configure a proxy server.
  4. Click Save.

Configuring the downloader on the Analyzer detail view server

When the Analyzer probe server sends the data to an intermediate FTP server instead of an Analyzer detail view server, then the Analyzer detail view server needs to know details of the FTP server to download the data.

Before you begin

NoteIf you do not want to stop the crond service, you can stop the specific processes of the Analyzer detail view server and Analyzer probe server by using the crontab -e command as described in Stopping the Analyzer detail view server or Analyzer probe server services and Starting the Analyzer detail view server or Analyzer probe server services

Procedure

  1. Log on to the Analyzer detail view server through an SSH client (like putty) as a root user.

    Note
  2. Stop the crond service using the command:

    service crond stop
  3. Stop the megha service using the command:

     /usr/local/megha/bin/megha-jetty.sh stop
  4. Verify the stopped status of the megha service:

    /usr/local/megha/bin/megha-jetty.sh status
  5. Run the create or update FTP configuration script:

    • If you want to download the data of all the Analyzer probe server appliances, run the following command:
      sh /usr/local/megha/bin/createOrUpdateFTPConfiguration.sh --create --ftpServer FTP-server-host-name-or-IP-address --ftpMethod FTP-method-(FTP/FTPS/SFTP) --ftpPort FTP-port --ftpUsername FTP-username --ftpPassword

      For example:

      sh /usr/local/megha/bin/createOrUpdateFTPConfiguration.sh --create --ftpServer 192.168.1.2 --ftpMethod SFTP --ftpPort 22 --ftpUsername abc --ftpPassword
    • If you want to download the data of the specific Analyzer probe server appliances, run the following command:
      sh /usr/local/megha/bin/createOrUpdateFTPConfiguration.sh --create --ftpServer FTP-server-host-name-or-IP-address --ftpMethod FTP-method-(FTP/FTPS/SFTP) --ftpPort FTP-port --ftpUsername FTP-server-username --ftpPassword --applianceidOption ApplianceIds --applianceidList Appliance-ID-list-separated-by-comma

      For example:

      sh /usr/local/megha/bin/createOrUpdateFTPConfiguration.sh --create --ftpServer 192.168.1.2 --ftpMethod SFTP --ftpPort 22 --ftpUsername abc --ftpPassword --applianceidOption ApplianceIds --applianceidList 1c5fbdd9-8ed3-43fe-8973-e9cba6d103c6,39cfcb01-11b2-46b4-8fce-b4d84ea5acda
      
  6. Type the FTP user password and confirm it.

  7. Start the megha service using the command:

    /usr/local/megha/bin/megha-jetty.sh start
  8. Start the crond service using the command:

    service crond start