To start the syslog writer:
Check the images list. If the list contains syslogwriter_image, delete it first.
sudo docker images
Copy the zip file cisp_syslog_writer.zip from SFTP to a convenient location and extract it. On a Windows Server VM, make sure that the extracted folder is under the shared folder, c:\Users.
For example, the extracted folder: C:\Users\<username>\apps\cisp_syslog_writer
Load the image from the tar file and make sure that syslogwriter_image is in the images list:
sudo docker load < syslog-writer-img.tar.gz
sudo docker images
Run the Syslog Writer container.
Note: To run version 20.1-100, specify the version at the end of the command.
For a cloud tenant, you can run this command directly. However, if you are using an On-Premise Tenant, refer to additional steps in next section before running the following run command.
sudo docker run --name syslog-writer -it --log-driver json-file --log-opt max-size=10m --net=host -v `pwd`/data:/home/centrify-syslog-writer/data syslogwriter_image:20.1-100
If SELinux enabled in CentOS/RHEL, run the following command:
sudo docker run --name syslog-writer -it --log-driver json-file --log-opt max-size=10m --net=host -v `pwd`/data:/home/root/centrify-syslog-writer/data:Z syslogwriter_image:20.1-100
- When prompted, enter:
- The Tenant URL (for example, https://aaa0056.my-dev.centrify.com/my)
- The username and password of the SIEM user
- The IP address of Syslog server if it is remote. Otherwise, just press enter for a local Syslog server. Note that for Windows Servers, this is the IP address of Machine #2.
- Check CISP events on the Syslog server.
Your syslog writer is up and running. The first run starts immediately. Because the default value for the frequency parameter is five minutes, the Syslog Writer will run once every five minutes.