Prerequisites
Before you begin the actual installation, prepare the following.
Deployment diagram
Referring to Deployment topology, draw a network diagram of the cluster you will build with Logpresso Sonar and review whether it is suitable for your operating environment.
Host names
Decide a unique host name in advance for every server on which you will install Logpresso Sonar.
When a cluster has multiple node pairs, it is a good idea to assign host names by combining the node pair identifier and the node identifier, such as c1a/c1b, d1a/d1b, d2a/d2b, f1a/f1b. For example, for a cluster made up of one control node pair (c1), two data node pairs (d1, d2), and one forwarder node pair (f1), you can use host names as follows.
| Node pair | Host name | Description |
|---|---|---|
| c1 | c1a | Node A of control node pair c1 |
| c1 | c1b | Node B of control node pair c1 |
| d1 | d1a | Node A of data node pair d1 |
| d1 | d1b | Node B of data node pair d1 |
| d2 | d2a | Node A of data node pair d2 |
| d2 | d2b | Node B of data node pair d2 |
| f1 | f1a | Node A of forwarder node pair f1 |
| f1 | f1b | Node B of forwarder node pair f1 |
IP address assignment
Assign the IP addresses and subnets to use for each node and node pair in advance.
L4 switch/load balancer configuration
For a high availability configuration, on the L4 switch (or router)/load balancer to be placed at the top of the control node pair or forwarder node pair, configure it to distribute the load using the source IP address hash method for communication whose destination ports are 514/udp, 123/udp, and 8514/udp.
Firewall policy configuration
Inbound
Configure firewall policies to allow communication coming into each node.
Control node
The receiving ports of the control node are as follows.
| Source | Communication port | Purpose |
|---|---|---|
| Administrator terminal | 22/tcp | SSH access |
| Operator terminal | 443/tcp | Web console access (destination: control node virtual IP address) |
| Forwarder/data node | 443/tcp | Sonar federation (destination: control node virtual IP address) |
| Operator terminal | 8443/tcp | ENT web console access |
| Employee terminal | 18443/tcp | Writing and reviewing explanations (destination: control node virtual IP address) |
| 127.0.0.1 | 3306/tcp | MariaDB access (can be replaced with a Unix socket) |
| Peer node | 4444/tcp, 4567-4568/tcp | MariaDB Galera access |
| Peer node | 443/tcp | Mutual status check between control nodes A and B |
| Forwarder/data node | 7140/tcp | RPC and collected log transmission |
| All nodes, Sentry | 44300/tcp | Certificate renewal, Sentry installation (destination: control node virtual IP address) |
- If you configure MariaDB to connect using a Unix socket, you do not need to open port 3306/tcp on the firewall. If you configure MariaDB to connect using a TCP port, you must open port 3306/tcp on the firewall.
- A peer node means the counterpart node that makes up the control node pair together. The peer of node A is node B, and the peer of node B is node A.
- "Forwarder/data node" means the forwarder node or the data node, depending on the Logpresso cluster configuration.
Data node
The receiving ports of the data node are as follows.
| Source | Communication port | Purpose |
|---|---|---|
| Administrator terminal | 22/tcp | SSH access |
| Operator terminal | 8443/tcp | Web management console and API inspection |
| Control node | 8443/tcp | Sonar federation |
| Peer node | 8443/tcp | Mutual status check between data nodes A and B |
| Forwarder node | 7140/tcp | RPC and collected log transmission |
| Sentry | 7140/tcp | (When there is no forwarder node) RPC and collected log transmission |
| Log collection target | 514/udp | (When there is no forwarder node) Syslog reception |
| Log collection target | 8514/udp | (When there is no forwarder node) Syslog over DTLS reception (port is variable) |
| Log collection target | 162/udp | (When there is no forwarder node) SNMP TRAP |
- A peer node means the counterpart that makes up the data node pair together. From node A's perspective, node B is the peer node, and from node B's perspective, node A is the peer node.
Forwarder node
The receiving ports of the forwarder node are as follows.
| Source | Communication port | Purpose |
|---|---|---|
| Administrator terminal | 22/tcp | SSH access |
| Operator terminal | 8443/tcp | Web management console and API inspection |
| Control node | 8443/tcp | Sonar federation |
| Peer node | 8443/tcp | Mutual status check between forwarder nodes A and B |
| Sentry | 7140/tcp | RPC and collected log transmission |
| Log collection target | 514/udp | Syslog reception |
| Log collection target | 8514/udp | Syslog over DTLS reception (port is variable) |
| Log collection target | 162/udp | SNMP TRAP |
- A peer node means the counterpart that makes up the forwarder node pair together. From node A's perspective, node B is the peer node, and from node B's perspective, node A is the peer node.
Outbound
Configure firewall policies to allow communication going out from each node.
| Source | Destination | Communication port | Purpose |
|---|---|---|---|
| All nodes | NTP server | 123/udp | NTP time synchronization |
| Control node | cti.logpresso.com | 443/tcp | Logpresso CTI service |
| Forwarder node | Log collection target host | 22/tcp | SFTP log collection |
| Forwarder node | Log collection target host | 161/udp | SNMP |
| Forwarder node | Log collection target MySQL | 3306/tcp | JDBC log collection |
| Forwarder node | Log collection target PostgreSQL | 5432/tcp | JDBC log collection |
| Forwarder node | Log collection target Oracle | 1521/tcp | JDBC log collection |
- Depending on the log collection method of the loggers configured on the forwarder node, additional outbound communication may be required.
Server delivery
Referring to Installation requirements, deliver the bare-metal or virtual machines you prepared to their planned locations and install them.
- If the delivery environment is an air-gapped network, download the operating system and database RPM packages in advance and bring them into the air-gapped network.
- To enable immediate power redundancy in an emergency response, it is a good idea to install an uninterruptible power supply (UPS).
JDK download
Download Temurin JDK 21 from Adoptium and bring it to the server. You can also use OpenJDK 21 (LTS), which is provided by default in the operating system.
Logpresso Sonar package download
Download the latest version of the Logpresso Sonar package from the Logpresso Store. All nodes must use the same version.