Tuesday, January 6, 2015

Installation Steps of LOG Storm Free Virtual SIEM Appliance

I was reading the Top 47 Log Management Tools from ProfitBricks' blog. During quick scanning the key features and cost, I decided to give LOG Storm a try. This post is the recording steps for installation and basic configuration of this product.

Key Features: 
  • In-depth threat analysis
  • Flexible deployment options
  • Intuitive graphical user interface
  • Incident response, forensics, and discovery
  • Built-in support for 1,000+ devices
  • Simple device integration tool
  • Reporting packs for major regulatory compliance standards
  • Master console for centralized log management
  • MetaRules Correlation
Cost: 
  • LOG Storm Virtual SIEM Appliance: FREE
  • Other deployment options and advanced solutions: Contact for a quote
Note: Free license is only for up to 5 devices and 5G storage.

1. Download

From the green "Free LOG STROM DOWNLOAD" link, you will be guided to a page with following links:
Download LOG Storm image file here.
Download LOG Storm torrent file here.
If you need to request a license key for LOG Storm, please click here.
Click the image file the downloading will automatically started. You will get a 1.39G LOG_Storm_4.5.0.20_Eval_VA.ova file.

2. Import OVA into VM lab environment

Double click the downloaded ova file, VM Workstation will import it into your default Virtual Machine folder.

Default vm setting for LOG Storm is using 6GB memory. I changed it to 4GB and it is still working fine in my lab environment.

3. Start your VM 

Default user name/password is htadmin/htadmin
You will have to accept the agreement, change the htadmin password, do basic network and information configuration. Then wait at most 5 minutes to let virtual appliance to configure itself based on your input.




4. First SSH Log in

After virtual appliance rebooted, use SSH log into system with htadmin username.

After logged into system, it will ask you to enter valid license you got from the email.


Linux logstorm 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
Last login: Tue Jan  6 11:02:13 2015
Do you need to change your configuration before entering your license? ([Y]es, [N]o, Enter = , '?' for help) : N
Please enter your LOG Storm appliance license (what you enter will NOT be echoed back to you): ('help' for help) : 
License is valid

Activating LOG Storm services

 From the main menu, you will need to select 2. Password Management to set Admin Account Password which will be used to log into WebUI

5. WebUI Log in

Using your browser to open https://<Virtual Appliance IP address>, you will get following screenshot.
 Click 'Launch Client'
 Enter Admin username and password
 Now it is the dashboard for your SIEM Virtual Appliance.

6. Reference

No comments:

Post a Comment