Note: LogAway Agent (compatible with XpoLog 4.5+)
Summary
XpoLog’s agent-less architecture allows accessing logs located on remote machines over SSH, without the need to change or install anything on the remote machine. In order to do this, XpoLog utilizes the ‘less’ command on the remote machine, among other commands. In some environments, where the ‘less’ command is not available on the remote machine, XpoLog cannot work as described above.
XpoLog’s LogAway agent provides a solution for accessing logs located on remote machines over SSH where the ‘less’ command is not available. It is important to note that the agent is passive, and does not run any process on the remote machine unless requested to do so by the XpoLog server.
Technical Details
XpoLog’s XPLG’s LogAway agent is a JAR file located in the home directory of the user that is used by XpoLog XPLG to access the remote machine. After the JAR file is deployed on the remote machine, it does not run any process. Instead, the XpoLog XPLG server automatically identifies that the LogAway agent is available on the remote machine, and uses it instead of utilizing traditional system commands.
All the data which is transferred by the LogAway agent to the XpoLog XPLG server is compressed, to minimize network traffic.
Deployment
Verify that Java is installed on the remote machine:
Log in to the remote machine using the same user that is used by
XpoLogXPLG to access the remote machine (check the SSH account in XPLG address book and make sure to use the same user that is used in the SSH account).
Run the
commandcommand java -version (the LogAway agent requires Java version 1.
34+ to run)
Download
XpoLog’sXPLG’s LogAway package compatible to the Java version installed on the remote machine
:
Download LogAway for Java 1.3:
LogAway for JAVA 1.3Download LogAway for Java 1.4+: LogAway for JAVA 1.4+
Copy
XpoLog’sXPLG’s LogAway package to the remote machine (place it in the home directory of the user that is used by
XpoLogXPLG to access the remote machine)
Unpack
XpoLog’sXPLG’s LogAway package by running the following commands:
Run:
gunzip xpologAgent.tar.gz (unzip the package)Run:
tar -xvf xpologAgent.tar (extract the tar)Verify that a folder named
xpologAgent wasxpologAgent was created and contains several files
Verify that
XpoLog’sXPLG’s LogAway
agentjar can be
runused:
Enter the
xpologAgent folderxpologAgent folder
Run the command
shsh runAgent.sh
–v-v
Verify that information regarding the
agent isLogAway is printed to the screen
Optional (improves performance) - verify on the remote server that TCP port forwarding is enabled:
View the file /etc/ssh/sshd_config
The parameter 'AllowTcpForwarding' specifies whether TCP forwarding is permitted (the default is ''yes''). Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. In case 'AllowTcpForwarding' is set to "no" change it to "yes" and restart the SSH service.
In order to verify that the agent can be used by the
XpoLogXPLG server, add a log over SSH on this machine using direct access mode and check that everything works as expected:
Open XPLG Support Portal > Activity Information and under SSH connections tab verify that the connection mode is Agent (instead of the default: Less).
Run a search on the added log to ensure updated data is collected and available in XPLG server.