Sentries

Overview

Sentry functions a log collection agent within the Logpresso platform, ensuring secure transmission of logs to the Logpresso server through an TLS channel. The process involves mutual certificate-based authentication for heightened security.

In Logpresso version 4.0.2312.0, the Sentry management features have been enhanced, allowing for the straightforward installation of Sentry instances with a single command. Improved Sentry management uses the following network ports:

  • TCP 7140: Data communication between Sentry and Logpresso server
  • TCP 44300: Deployment of Sentry installation files and certificates

Ensure these ports are open on the local firewall to allow the Logpresso server to receive data from the Sentry. Note that specific port numbers may vary based on the operating system in use.

Sentry Deployment

To deploy a Sentry, ensure you have JDK and the Sentry installation package.

JAVA

To run a Sentry, a JRE (Java Runtime Environment) is required. The JRE is to be distributed with the Sentry installation file from the Logpresso server. Make sure that you have JRE version of 7 or higher (with version 11 recommended) for optimal performance.

Download JRE Installer

First, acquire a trusted JRE package. Download the JRE file from a reliable OpenJDK site like Adoptium or Microsoft. The OpenJDK file must have an extension of .tar.gz(for Linux) or .zip(for Windows).

Before uploading the JRE file to the Logpresso server, ensure that the file name adheres to the following naming convention:

  • A file name must start with the prefix: jdk- or jre-.
  • Between the prefix and the first following dot(.), only the major version numbers, consisting of only numbers, are allowed.
    • File names recognizable by Logpresso server (best practices):
      • jre-11.0.14.1.tar.gz (detailed version number: 11.0.14)
      • jdk-11.zip (brief version number: 11)
    • File names not recognizable by Logpresso Server:
      • jre-8u151-linux-x64.tar.gz (non-numeric characters present before the first dot(.))
  • For Linux, the JRE file extension must be tar.gz.
  • For Windows, the JRE file extension must be zip.
Upload JRE

To move the JRE file to the deployment directory, refer to the following command:

# Assuming the directory owner ID is `logpresso`. Edit to suit your environment.
# PKGDIR: Directory where the logpresso server files are located. Edit to suit your environment.
PKGDIR="/opt/logpresso"

# Create a JRE directory for Linux/Windows
sudo -u logpresso mkdir -p ${PKGDIR}/download/{linux,win}/x64

# Copy installation files
sudo -u logpresso cp PATH_TO_JRE_FILE {PKGDIR}/linux/x64
sudo -u logpresso cp PATH_TO_JRE_FILE {PKGDIR}/win/x64
Sentry Installation Package

Navigate to System > Packages and upload the Sentry installation package. See Packages for instructions on uploading packages.

Note
Version 2312.0 and higher is required to deploy a Sentry via Logpresso server. Earlier versions only support manual deployment.

Install Sentry

Installing a Sentry on a target server involves two main steps:

  • Create a Sentry
  • Run the Sentry installation command on the server.

The installation command includes an identifier for the Sentry, target server information, and information about the authentication token to be used for certificate issuance and host authentication during installation. The command is generated based on the host's operating system: Bash for Linux or PowerShell for Windows. Executing the command on the host automatically installs both the Sentry and JRE, establishing a connection to the server.

Step 1: Create Sentry

To create a Sentry:

  1. In System > Sentries click Add on the toolbar.

    Add Sentry

  2. In the Add Sentry dialog box, enter the information required to install the Sentry and click Add.

    Add Sentry Dialog Box

    • OS: OS of the host on which you want to install the Sentry (Linux or Windows).
    • Sentry ID: Unique ID to identify the Sentry
    • Target Node: Server to which the Sentry will connect. A list of cluster nodes (servers) registered in System > Nodes is displayed.
    • Authentication token: Randomly assigned authentication token for the Sentry installation (e.g. 9425-tnsa)
  3. Follow the instructions in the Add Sentry message to copy the installation command. Then run it from an administrator terminal on the host where you want to install the Sentry.

    Add Sentry Modal Box

    • Click Copy to Clipboard to copy the installation command to the clipboard on your PC.
    • Click OK to close the window.
For Linux

Run the installation command for Linux in a bash shell. The command has the following format, with capitalized parts automatically assigned during generation:

# ADDR_1: Address of the server deploying the Sentry package and certificate
# GUID: Sentry ID
# TOKEN: Authentication token
# ADDR_2: Address of the server to communicate with the Sentry

wget --no-check-certificate -q -O install.sh \
"https://ADDR_1:44300/deploy/installer/Sentry-linux?guid=GUID&token=TOKEN&base=ADDR_2" && \
chmod +x install.sh && \
./install.sh

If using curl instead of wget on Linux:

# ADDR_1: Address of the server deploying the Sentry package and certificate
# GUID: Sentry ID
# TOKEN: Authentication token
# ADDR_2: Address of the server to communicate with the Sentry

curl -k -s -o install.sh \
"https://ADDR_1:44300/deploy/installer/Sentry-linux?guid=GUID&token=TOKEN&base=ADDR_2" && \
sed -i 's/wget --no-check-certificate -q -O/curl -k -s -o/g' install.sh && \
chmod +x install.sh && \
./install.sh
For Windows

The installation command for Windows has the following format, with capitalized parts automatically assigned during generation:

# ADDR_1: Address of the server deploying the Sentry package and certificate
# GUID: Sentry ID
# TOKEN: Authentication token
# ADDR_2: Address of the server to communicate with the Sentry

cd $env:TEMP;
add-type "
	using System.Net;
	using System.Security.Cryptography.X509Certificates;
	public class TrustAllCertsPolicy : ICertificatePolicy {
		public bool CheckValidationResult(ServicePoint a, X509Certificate b, WebRequest c, int d) {
			return true;
		}
	}";

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Invoke-WebRequest `
-Uri 'https://ADDR_1:44300/deploy/installer/Sentry-linux?guid=GUID&token=TOKEN&base=ADDR_2' `
-OutFile install.cmd; cmd /c install.cmd

The installation commands provided by the Logpresso server are based on Powershell 5.1, which is pre-installed on all Windows systems. If your PowerShell version is 5.1 or higher, the Invoke-WebRequest command has a -SkipCertificateCheck option. Run it with the following modification:

# ADDR_1: Address of the server deploying the Sentry package and certificate
# GUID: Sentry ID
# TOKEN: Authentication token
# ADDR_2: Address of the server to communicate with the Sentry

Set-Location $env:TEMP;
Invoke-WebRequest -SkipCertificateCheck `
-Uri 'https://ADDR_1:44300/deploy/installer/Sentry-linux?guid=GUID&token=TOKEN&base=ADDR_2' `
-OutFile install.cmd; cmd /c install.cmd
Step 2: Deploy Sentry

Run the copied command on the host where you want to install the Sentry - the Sentry will be automatically installed and running.

The installation directory for Linux Sentry is /opt/logpresso-sentry, and for Windows Sentry, it is C:\Program Files\Logpresso Sentry.

For Linux
  1. Ensure that the prerequisites net-tools, unzip, and wget are installed. If not, run the following command to install them.

    # unzip, wget are required for installing the Sentry.
    # net-tools is required for the Sentry to collect system information.
    
    # On RHEL
    sudo dnf install net-tools unzip wget
    
    # On Debian
    sudo apt-get install net-tools unzip wget
    
  2. In a bash shell, run the command line generated in Step 1: Create a Sentry Installation Command as root.

  3. You can check the status of the Sentry by running the following command on the Logpresso server

    systemctl status logpresso-Sentry.service
    
  4. Check the Connection status of the Sentry. If the Sentry's connection status is not displayed as green, check the local firewall and ensure the proper network communication between the Sentry and the server.

For Windows
  1. Open a PowerShell as an administrator, then run the command line created in Step 1: Create a Sentry installation command.
    Note
    The version of PowerShell that can run the command is 5.1, which is the version that comes with Windows. In the Windows Terminal, PowerShell version 5.1 is referred to as "Windows PowerShell" and later versions are referred to as "PowerShell".
  2. Ensure that the Logpresso service is marked as running in the Services tab of the Task Manager. Run the following command in Windows PowerShell:
    sc.exe query Logpresso
    
  3. Check the Connection status of the Sentry within your Logpresso. If the Sentry's connection status is not displayed as green, check the local firewall and ensure the proper network communication between the Sentry and the server.

View Sentry Status

You can check the status of a Sentry in the Sentry list.

Sentries

  • Status: Green if the Sentry is connected to the server; Grey if the Sentry is not connected.
  • Node: Identifier of the cluster node that controls the Sentry. A data node is denoted by data and a control node is denoted by control.
  • Sentry ID: Sentry ID
  • Host: Name of the host on which the Sentry is installed.
  • Version: Sentry version
  • CPU: CPU usage (%)
  • MEM: Memory usage (%)
  • DISK: Disk usage(%). The highest value is displayed if you have multiple storage partitions.
  • NIC RX: NIC RX bandwidth usage(%). The highest value is displayed if there are more than one network interface.
  • NIC TX: NIC TX bandwidth usage(%). The highest value is displayed if there are more than one network interface.

Manage Sentry Remotely

Click on the Sentry ID to perform Sentry management functions: You can view the Sentry host's process list, network connectivity information, routing table, ARP cache, thread dump information, bundle list, or restart the Sentry.

Manage Sentry remotely

  • Processes: Shows the list of processes on the Sentry host. Processes

  • Network Connections: Displays the list of network sessions the Sentry host is connected to. Network Connections

  • Routing Table: Displays the routing table of the Sentry host. Routing Table

  • ARP Cache Table: Displays the ARP cache on the Sentry host. ARP Cache Table

  • Thread Dumps: Displays the list of threads used by the Sentry while running. Thread Dumps

  • Top Threads: Displays the system load on a thread. Top Threads

  • Bundle List: Displays a list of bundles installed on the Sentry. Bundle List

  • Restart Sentry: Restarts the Sentry.

Remove Sentry

To completely delete a Sentry; first remove the Sentry from the managed host, and delete the Sentry information registered on the Logpresso server.

Step 1: Run Command to uninstall Sentry
For Linux

To uninstall a Sentry on a Linux host, open a bash shell with root privileges and run the following command:

# Stop and uninstall Sentry
sudo systemctl stop logpresso-Sentry.service
cd /opt/logpresso-Sentry
sudo ./logpresso uninstall Sentry
sudo rmdir "$PKGDIR"
For Windows

To uninstall a Sentry on a Windows host, open Powershell as an administrator and run the following command:

# Stop Logpresso service
sc.exe stop Logpresso

# Check Logpresso status
sc.exe query Logpresso

# Delete Logpresso service
sc.exe delete Logpresso

# Remove a registry key
$reg="HKLM:\\SOFTWARE\\WOW6432Node\\Apache Software Foundation\\Procrun 2.0\\Logpresso\\"
Remove-Item -Path $reg -Recurse

# Remove Sentry files and folders
Set-Location "C:\Program Files\Logpresso Sentry\"
# Run the following lines, then answer the question with a Y.
cmd.exe /c logpresso.cmd uninstall Sentry
Set-Location ..
Remove-Item -Recurse -Path "C:\Program Files\Logpresso Sentry"
Step 2: Remove Sentry from Logpresso Server

To delete a Sentry from Logpresso server:

  1. Navigate to Sysytem > Sentries, then tick the checkbox of the check the Sentry you want to delete.

  2. Click Delete on the toolbar.

  3. Click OK on the Remove Sentry dialog box to confirm the deletion. If you do not want to delete, click Cancel.

    Remove Sentry