TABLE OF CONTENTS
By granularly encrypting each file, Atakama is able to record user interactions with those files and generate a log file.
Download the Atakama Log Server binary:
Windows binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.5.8.exe
Linux (Ubuntu) binary: https://atakama-log-server.s3.amazonaws.com/atakama-logger-0.5.8-ubuntu1804
On Linux, mark the file as executable: chmod +x atakama-logger. Note that the binary may be deployed somewhere in the $PATH, such as /usr/local/bin.
On Windows, as a prerequisite the latest version of the Microsoft Visual C++ Redistributable must be installed. This is necessary for the server to start and function correctly.
Run the Log Server:
Generate a new private key for the server, and save it to the default config file:
$ atakama-logger keygen --save
Open this config file in a text editor. It’s location is:
on Windows: “%appdata%\Atakama\server.cfg”
on Linux: "~/.config/atakama/goblin/server.cfg"Configure an output type. Here’s an example file:
{ "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----", "output": { "json_file": "atakama-events.log" } }
This will write all events in JSON lines format to /tmp/atakama-events.log.
Here’s an example for Logstash output, where <endpoint> is the endpoint you configured for your HTTP input plugin:{ "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----", "output": { "logstash_url": "https://<endpoint>" } }
And finally, for an RFC 3164-compatible syslog server:
{ "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----", "output": { "rfc3164_syslog_url": "<ip or hostname>[:port]" } }
Note that if unspecified, the port will default to 514.
Obtain the server’s ID, which will be used when connecting an Atakama instance to the server.
$ atakama-logger get-id 46e9ceacc26ca48ef8ee90d21b24b2f4
Save this value where it can be later referenced.
Start the server:
$ atakama-logger start 20201118-143434: INFO: __main__ - Loading config from '/home/user/.config/atakama/goblin/server.cfg' 20201118-143434: CRITICAL: __main__ - This server's device id is: 46e9ceacc26ca48ef8ee90d21b24b2f4 20201118-143434: INFO: __main__ - Starting server 20201118-143434: INFO: loggoblin.goblin - workstation relay connect: wss://relay.atakama.com:443 20201118-143435: INFO: loggoblin.goblin - Connected to relay server 20201118-143435: INFO: loggoblin.goblin - Goblin startup complete
To exit, just hit Ctrl-C and the server will shut down cleanly.