Prerequisites

Before you begin the actual installation, prepare the following.

Deployment diagram

Referring to Deployment topology, draw a network diagram of the cluster you will build with Logpresso Sonar and review whether it is suitable for your operating environment.

Host names

Decide a unique host name in advance for every server on which you will install Logpresso Sonar.

When a cluster has multiple node pairs, it is a good idea to assign host names by combining the node pair identifier and the node identifier, such as c1a/c1b, d1a/d1b, d2a/d2b, f1a/f1b. For example, for a cluster made up of one control node pair (c1), two data node pairs (d1, d2), and one forwarder node pair (f1), you can use host names as follows.

Node pairHost nameDescription
c1c1aNode A of control node pair c1
c1c1bNode B of control node pair c1
d1d1aNode A of data node pair d1
d1d1bNode B of data node pair d1
d2d2aNode A of data node pair d2
d2d2bNode B of data node pair d2
f1f1aNode A of forwarder node pair f1
f1f1bNode B of forwarder node pair f1

IP address assignment

Assign the IP addresses and subnets to use for each node and node pair in advance.

L4 switch/load balancer configuration

For a high availability configuration, on the L4 switch (or router)/load balancer to be placed at the top of the control node pair or forwarder node pair, configure it to distribute the load using the source IP address hash method for communication whose destination ports are 514/udp, 123/udp, and 8514/udp.

Firewall policy configuration

Note
It is a good idea to isolate the Logpresso Sonar cluster by configuring a subnet so that it cannot be arbitrarily accessed from the internal network, or to control the network communication.
Inbound

Configure firewall policies to allow communication coming into each node.

Control node

The receiving ports of the control node are as follows.

SourceCommunication portPurpose
Administrator terminal22/tcpSSH access
Operator terminal443/tcpWeb console access (destination: control node virtual IP address)
Forwarder/data node443/tcpSonar federation (destination: control node virtual IP address)
Operator terminal8443/tcpENT web console access
Employee terminal18443/tcpWriting and reviewing explanations (destination: control node virtual IP address)
127.0.0.13306/tcpMariaDB access (can be replaced with a Unix socket)
Peer node4444/tcp, 4567-4568/tcpMariaDB Galera access
Peer node443/tcpMutual status check between control nodes A and B
Forwarder/data node7140/tcpRPC and collected log transmission
All nodes, Sentry44300/tcpCertificate renewal, Sentry installation (destination: control node virtual IP address)
  • If you configure MariaDB to connect using a Unix socket, you do not need to open port 3306/tcp on the firewall. If you configure MariaDB to connect using a TCP port, you must open port 3306/tcp on the firewall.
  • A peer node means the counterpart node that makes up the control node pair together. The peer of node A is node B, and the peer of node B is node A.
  • "Forwarder/data node" means the forwarder node or the data node, depending on the Logpresso cluster configuration.
Data node

The receiving ports of the data node are as follows.

SourceCommunication portPurpose
Administrator terminal22/tcpSSH access
Operator terminal8443/tcpWeb management console and API inspection
Control node8443/tcpSonar federation
Peer node8443/tcpMutual status check between data nodes A and B
Forwarder node7140/tcpRPC and collected log transmission
Sentry7140/tcp(When there is no forwarder node) RPC and collected log transmission
Log collection target514/udp(When there is no forwarder node) Syslog reception
Log collection target8514/udp(When there is no forwarder node) Syslog over DTLS reception (port is variable)
Log collection target162/udp(When there is no forwarder node) SNMP TRAP
  • A peer node means the counterpart that makes up the data node pair together. From node A's perspective, node B is the peer node, and from node B's perspective, node A is the peer node.
Forwarder node

The receiving ports of the forwarder node are as follows.

SourceCommunication portPurpose
Administrator terminal22/tcpSSH access
Operator terminal8443/tcpWeb management console and API inspection
Control node8443/tcpSonar federation
Peer node8443/tcpMutual status check between forwarder nodes A and B
Sentry7140/tcpRPC and collected log transmission
Log collection target514/udpSyslog reception
Log collection target8514/udpSyslog over DTLS reception (port is variable)
Log collection target162/udpSNMP TRAP
  • A peer node means the counterpart that makes up the forwarder node pair together. From node A's perspective, node B is the peer node, and from node B's perspective, node A is the peer node.
Outbound

Configure firewall policies to allow communication going out from each node.

SourceDestinationCommunication portPurpose
All nodesNTP server123/udpNTP time synchronization
Control nodecti.logpresso.com443/tcpLogpresso CTI service
Forwarder nodeLog collection target host22/tcpSFTP log collection
Forwarder nodeLog collection target host161/udpSNMP
Forwarder nodeLog collection target MySQL3306/tcpJDBC log collection
Forwarder nodeLog collection target PostgreSQL5432/tcpJDBC log collection
Forwarder nodeLog collection target Oracle1521/tcpJDBC log collection
  • Depending on the log collection method of the loggers configured on the forwarder node, additional outbound communication may be required.

Server delivery

Referring to Installation requirements, deliver the bare-metal or virtual machines you prepared to their planned locations and install them.

  • If the delivery environment is an air-gapped network, download the operating system and database RPM packages in advance and bring them into the air-gapped network.
  • To enable immediate power redundancy in an emergency response, it is a good idea to install an uninterruptible power supply (UPS).

JDK download

Download Temurin JDK 21 from Adoptium and bring it to the server. You can also use OpenJDK 21 (LTS), which is provided by default in the operating system.

Logpresso Sonar package download

Download the latest version of the Logpresso Sonar package from the Logpresso Store. All nodes must use the same version.