Support Center

Back to home Submit a Ticket
  1. Solution home
  2. General
  3. Enterprise Configuration

Adding a centralized logging server

Using the Goblin

Getting the Goblin

Download the desired binary:

•    Docker image: https://gitlab.com/vidaid/ingestor/-/jobs/artifacts/master/raw/dist/docker-goblin.tar.gz?job=docker-publish 

•    Linux binary: https://gitlab.com/vidaid/ingestor/-/jobs/artifacts/master/raw/dist/goblin_server?job=exe_linux

•    Windows binary: https://gitlab.com/vidaid/ingestor/-/jobs/artifacts/master/raw/dist/goblin_server.exe?job=exe_win


To import the docker image, run: docker load -i docker-goblin.tar.gz

On Linux, you will have to mark the file as executable: chmod +x goblin_server.

Running the server

Binary

1. Generate a new private key for the server, and save it to the default config file:
$ ./goblin_server keygen --save

2. Open this config file in a text editor. It’s located at “C:\Users\[username]\AppData\Roaming\atakama\server.cfg” on Windows, and “~/.config/atakama/server.cfg” on Linux.

3. Configure an output type. Here’s an example file:

{
        "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
        "output": {
            "json_file": "/tmp/goblin.log"
        }
}


This will write all events in JSON lines format to /tmp/goblin.log.


Here’s an example for Logstash output, where <endpoint> is the endpoint you configured for your HTTP input plugin:

{
    "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
    "output": {
        "logstash_url": "https://<endpoint>"
    }
}



And finally, for an RFC 3164-compatible syslog server:

{
    "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
    "output": {
        "rfc3164_syslog_url": "https://<ip or hostname>[:port]"
    }
}


Note that if unspecified, the port will default to 514.

4.    Get your server’s ID. This will be used when connecting an Atakama instance to the server.

$ ./goblin_server get-id

46e9ceacc26ca48ef8ee90d21b24b2f4


   

Save this value somewhere you will be able to reference it later.

5. Start the server:

$ ./goblin_server start

20201118-143434: INFO: __main__ - Loading config from '/home/user/.config/atakama/goblin/server.cfg'
20201118-143434: CRITICAL: __main__ - This server's device id is: 46e9ceacc26ca48ef8ee90d21b24b2f4
20201118-143434: INFO: __main__ - Starting server
20201118-143434: INFO: loggoblin.goblin - workstation relay connect: wss://relay.atakama.com:443
20201118-143435: INFO: loggoblin.goblin - Connected to relay server
20201118-143435: INFO: loggoblin.goblin - Goblin startup complete


To exit, just hit Ctrl-C and the server will shut down cleanly.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.
Phone top Phone back 272-ATAKAMA

© Atakama LLC. All Rights Reserved.