29. 03. 2019 Angelo Rosace Log Auditing, NetEye

Host Creation via Icingacli Commands for Monitoring and Deploying a Safed Agent Configuration

Creating hosts in NetEye’s Director module can sometimes be time-consuming and a repetitious, tiring and boring job. Especially if you have to populate Director with a large number of hosts for setting up a test environment, for example. One solution is to create a script consisting of nothing but icingacli commands. Each command line instruction executes an action on an Icinga module, in our case for the Director and Log Manager modules.
Assuming that we want to create a script that sets up some hosts, loads them into the monitoring module, and deploys a Safed configuration to them, I’ll show you the commands to use below.

Creating a Host

First of all, we’ll need to create a host. Remember that to create one we first have to create a host template. This is the command we’ll use:

icingacli director host create "sample template" --object_type template --max_check_attempts '3' --check_interval '1' --retry_interval '30' --check_command hostalive

The command has this format:

icingacli [module] <command> [action] [options]

In our case the module is ‘director’, the command is ‘host’, the action is ‘create “sample template”’ (where “sample template” is the name we want to give to the template) and the rest are other desired options. You can add as many options as there are fields available for the creation of the host template. The name of an option is the name of the field in the GUI it refers to.

Once a host template is created we can finally create a host. By executing:

icingacli director host create "sample host" --imports "sample template" --address "127.0.0.1" --vars.safed_profile '3'

a new host will be generated that imports the template we previously created. Notice that we specified the option –vars.safed_profile ; this refers to the “Safed Profile” field in the host creation form. Passing a valid parameter to this option will associate a Safed profile with our host. Specifying an address is mandatory in order to have an IP to point to when sending the Safed configuration to the host.

Having set up our host doesn’t mean we’re finished with it yet. To finish we have to in fact deploy it, which will load our host into the monitoring module. Using this command:

icingacli director config deploy

our host will be ready for use inside NetEye.

Log Management for Hosts

At this point we have our host set up, and thanks to the fact that we specified a Safed Agent for it, it is also visible inside the Log Manager module, where you can deploy a Safed configuration either to all hosts or just to some of them. Considering the example of the script I pointed out at the beginning of the article, we might want to know which hosts have been loaded inside the Log Manager and have yet to be deployed. To do so, there are two commands we can use.
This command will give us the list of all hosts in Log Manager:

icingacli logmanager list all

While this one will tell us which hosts haven’t received a Safed Agent Configuration yet:

icingacli logmanager deploy safedAgentsToDeploy

On the other hand, the Log Manager already knows which hosts have yet to receive their configuration thanks to its intelligent deployment system. So executing

icingacli logmanager deploy safedAgents

will send the corresponding Safed configuration only to the hosts that still have to be deployed.

Executing that last command marks the end of our setup process. The host is now created and is logging actions to a log file thanks to its Safed Agent. We can therefore gain a better understanding of what the host is doing. If at some point we were to change the Safed configuration of a host, another deployment would be necessary.

This is how you can easily create hosts and deploy a Safed configuration to them via incingacli commands. As you can see, creating a host and receiving its logs just doesn’t seem that big a deal any more.

Angelo Rosace

Angelo Rosace

Author

Angelo Rosace

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive