Adding a centralized logging server

TABLE OF CONTENTS

Download the Atakama Log Server binary
Run the Log Server
Connect end users to the Log Server

By granularly encrypting each file, Atakama is able to record user interactions with those files and generate a log file.

Download the Atakama Log Server binary:

Windows binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.5.8.exe
Linux (Ubuntu) binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.5.8-ubuntu1804

On Linux, mark the file as executable: chmod +x atakama-logger. Note that the binary may be deployed somewhere in the $PATH, such as /usr/local/bin.

On Windows, as a prerequisite the latest version of the Microsoft Visual C++ Redistributable must be installed. This is necessary for the server to start and function correctly.

Run the Log Server:

Generate a new private key for the server, and save it to the default config file:
```
$ atakama-logger keygen --save
```
Open this config file in a text editor. It’s location is:
on Windows: “%appdata%\Atakama\server.cfg”
on Linux: "~/.config/atakama/goblin/server.cfg"

Configure an output type. Here’s an example file:

{
    "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
    "output": {
        "json_file": "atakama-events.log"
    }
}

This will write all events in JSON lines format to /tmp/atakama-events.log.
Here’s an example for Logstash output, where <endpoint> is the endpoint you configured for your HTTP input plugin :

{
    "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
    "output": {
        "logstash_url": "https://<endpoint>"
    }
}

And finally, for an RFC 3164-compatible syslog server:

{
    "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
    "output": {
        "rfc3164_syslog_url": "<ip or hostname>[:port]"
    }
}

Note that if unspecified, the port will default to 514.

Obtain the server’s ID, which will be used when connecting an Atakama instance to the server.
```
$ atakama-logger get-id
46e9ceacc26ca48ef8ee90d21b24b2f4
```
Save this value where it can be later referenced.

Start the server:

$ atakama-logger start
20201118-143434: INFO: __main__ - Loading config from '/home/user/.config/atakama/goblin/server.cfg'
20201118-143434: CRITICAL: __main__ - This server's device id is: 46e9ceacc26ca48ef8ee90d21b24b2f4
20201118-143434: INFO: __main__ - Starting server
20201118-143434: INFO: loggoblin.goblin - workstation relay connect: wss://relay.atakama.com:443
20201118-143435: INFO: loggoblin.goblin - Connected to relay server
20201118-143435: INFO: loggoblin.goblin - Goblin startup complete

To exit, just hit Ctrl-C and the server will shut down cleanly.

Adding a centralized logging server

By granularly encrypting each file, Atakama is able to record user interactions with those files and generate a log file.

Download the Atakama Log Server binary:

Windows binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.5.8.exe

Linux (Ubuntu) binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.5.8-ubuntu1804

On Linux, mark the file as executable: chmod +x atakama-logger. Note that the binary may be deployed somewhere in the $PATH, such as /usr/local/bin.

On Windows, as a prerequisite the latest version of the Microsoft Visual C++ Redistributable must be installed. This is necessary for the server to start and function correctly.

Run the Log Server:

Generate a new private key for the server, and save it to the default config file:

Open this config file in a text editor. It’s location is:
on Windows: “%appdata%\Atakama\server.cfg”
on Linux: "~/.config/atakama/goblin/server.cfg"

Configure an output type. Here’s an example file:

Obtain the server’s ID, which will be used when connecting an Atakama instance to the server.

Start the server:

Connect end users to the Log Server:

For local testing, the Log Server ID can be configured from the Atakama Control Center:

In the dialog box, enter the server ID generated during server setup.

For production deployments, the server ID can be configured via the usual enterprise configuration tool.

When this configuration is loaded onto end user machines, the machines will automatically send data to the Log Server.

By granularly encrypting each file, Atakama is able to record user interactions with those files and generate a log file.

Download the Atakama Log Server binary:

Windows binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.5.8.exe

Linux (Ubuntu) binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.5.8-ubuntu1804

On Linux, mark the file as executable: chmod +x atakama-logger. Note that the binary may be deployed somewhere in the $PATH, such as /usr/local/bin.

On Windows, as a prerequisite the latest version of the Microsoft Visual C++ Redistributable must be installed. This is necessary for the server to start and function correctly.

Run the Log Server:

Generate a new private key for the server, and save it to the default config file:

Open this config file in a text editor. It’s location is: on Windows: “%appdata%\Atakama\server.cfg” on Linux: "~/.config/atakama/goblin/server.cfg"

Configure an output type. Here’s an example file:

Obtain the server’s ID, which will be used when connecting an Atakama instance to the server.

Start the server:

Connect end users to the Log Server:

For local testing, the Log Server ID can be configured from the Atakama Control Center:

In the dialog box, enter the server ID generated during server setup.

For production deployments, the server ID can be configured via the usual enterprise configuration tool.

When this configuration is loaded onto end user machines, the machines will automatically send data to the Log Server.

Open this config file in a text editor. It’s location is:
on Windows: “%appdata%\Atakama\server.cfg”
on Linux: "~/.config/atakama/goblin/server.cfg"