- Create and connect the Vault sensor
- Add a Vault sensor
- Check incoming vault data
- Additional information
Create and connect the Vault sensor
This chapter describes the steps needed to create and connect a Vault sensor to redborder.
Add a Vault sensor
The Vault module of the redborder platform allows to visualize and analyze the logs received from the different services and devices. Thanks to the views offered by this module we can make comparisons, filters, searches and analysis.
1. Go to Sensors and in the Add Sensor menu select sensor type Vault.
2. You will see window to enter the sensor data. Enter the name you want to assign to the syslog sensor and the IP address. Additionally, select the license you want to use.
• Name: Name of the sensor.
• IP or Network: IP address or network to which the sensor belongs.
• License (Enterprise): License that will be used to authorize the new sensor in the redBorder platform.
3. If these actions have been carried out correctly you will have registered the sensor and the platform will be ready for the reception of data.
Check incoming vault data
After creating the sensor, the system will need a few minutes to start showing information in the dashboards. To check if data is being showed, go to the Vault section on the manager web console.
If the vault sensor has been correctly configured and created, you should see syslog event data incoming in a way similar to the following image:
- RedBorder listen for syslog information in udp and tcp 514 ports.
- RedBorder has its own plugin system to parse information coming from a list a compatible devices. Check here the list of compatible developed plugins. Contact our support team (firstname.lastname@example.org) to connect other syslog services or devices.
- Check that the firewall is not blocking incoming traffic through port 514. As seen above, this port is where all the connections coming from the Vault sensor will arrive.
- To check if syslog data is reaching the manager you can log in to your server using ssh and check for incoming data to the 514 port to the bonding using tcpdump tool. i.e :
# tcpdump -I bond 0 port 514
Check that there is incoming data from the IP address you configured for your Vault sensor.