Download the Atakama Log Server binary:
Windows binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.4.33.exe
Linux (Ubuntu) binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.4.33
Linux (RHEL) binary: https://atakama-log-server-internal.s3.amazonaws.com/atakama-logger-0.4.35-centos7
On Linux, you will have to mark the file as executable: chmod +x atakama-logger. Note that the binary may be deployed somewhere in your $PATH, such as /usr/local/bin.
On Windows, as a prerequisite make sure you have installed the latest version of the Microsoft Visual C++ Redistributable. This is needed for the server to start and function correctly.
Run the Log Server:
Generate a new private key for the server, and save it to the default config file:
$ atakama-logger keygen --save
Open this config file in a text editor. It’s located at “C:\Users\[username]\AppData\Roaming\Atakama\server.cfg” on Windows, and “~/.config/atakama/server.cfg” on Linux.
Configure an output type. Here’s an example file:
{ "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----", "output": { "json_file": "/tmp/atakama-events.log" } }This will write all events in JSON lines format to /tmp/atakama-events.log.
Here’s an example for Logstash output, where <endpoint> is the endpoint you configured for your HTTP input plugin:{ "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----", "output": { "logstash_url": "https://<endpoint>" } }
And finally, for an RFC 3164-compatible syslog server:{ "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----", "output": { "rfc3164_syslog_url": "<ip or hostname>[:port]" } }Note that if unspecified, the port will default to 514.
Obtain your server’s ID, which will be used when connecting an Atakama instance to the server.
$ atakama-logger get-id 46e9ceacc26ca48ef8ee90d21b24b2f4
Save this value somewhere you will be able to reference it later.
Start the server:
$ atakama-logger start 20201118-143434: INFO: __main__ - Loading config from '/home/user/.config/atakama/goblin/server.cfg' 20201118-143434: CRITICAL: __main__ - This server's device id is: 46e9ceacc26ca48ef8ee90d21b24b2f4 20201118-143434: INFO: __main__ - Starting server 20201118-143434: INFO: loggoblin.goblin - workstation relay connect: wss://relay.atakama.com:443 20201118-143435: INFO: loggoblin.goblin - Connected to relay server 20201118-143435: INFO: loggoblin.goblin - Goblin startup complete
To exit, just hit Ctrl-C and the server will shut down cleanly.
Connect end users to the Log Server:
For local testing, the Log Server ID can be configured from the Atakama Control Center:
In the dialog box, enter the server ID you generated during server setup.
For production deployments, the server ID can be configured via the usual enterprise configuration tool.
When this configuration is loaded onto end user machines, the machines will automatically send data to the Log Server.