LogAway (collection over SSH-Old)

Owned by Haim Koschitzky
Last updated: Sept 14, 2021 by Omry Koschitzky
2 min read

Note: LogAway Agent (compatible with XPLG V4.3+)

Summary

XPLG's agent-less architecture is designed to access and read logs from remote UNIX based machines over SSH. Commonly, there is no need to change or install anything on the remote machines.
XPLG utilizes the native Linux ‘less’ command on the remote machine, among other commands to read and ship the data.
In some cases, where the ‘less’ command is not available on the remote machine, or the native Linux 'less' command is unable to handle the data (very long log records, binary data sections, etc.) data will not be collected and an alternative solution is required.

XPLG developed LogAway for such cases. Using LogAway, XPLG use Java based commands in order to read the logs instead of the native Linux commands. The LogAway is not a running agent (no active process), it is a passive jar file that is placed in the user directory on the remote server. XPLG, upon establishing a SSH connection, automatically identifies that the LogAway jar is present and uses it to read and ship the data. The only requirement is to have Java available on the remote machine.

Technical Details

XPLG’s LogAway agent is a JAR file located in the home directory of the user that is used by XPLG to access the remote machine.
All the data which is transferred by the LogAway agent to the XPLG server is compressed, to minimize network traffic. 

Deployment

  1. Verify that Java is installed on the remote machine:

    1. Log in to the remote machine using the same user that is used by XPLG to access the remote machine (check the SSH account in XPLG address book and make sure to use the same user that is used in the SSH account).

    2. Run the command java -version (the LogAway agent requires Java version 1.3+ to run)

  2. Download XPLG’s LogAway package compatible to the Java version installed on the remote machine:

    1. Download LogAway for Java 1.3: LogAway for JAVA 1.3

    2. Download LogAway for Java 1.4+: LogAway for JAVA 1.4+

  3. Copy XPLG’s LogAway package to the remote machine (place it in the home directory of the user that is used by XPLG to access the remote machine)

  4. Unpack XPLG’s LogAway package by running the following commands:

    1. Run:
      gunzip xpologAgent.tar.gz (unzip the package)

    2. Run:
      tar -xvf xpologAgent.tar (extract the tar)

    3. Verify that a folder named xpologAgent was created and contains several files

  5. Verify that XPLG’s LogAway jar can be used:

    1. Enter the xpologAgent folder

    2. Run the command sh runAgent.sh -v

    3. Verify that information regarding the LogAway is printed to the screen

  6. In order to verify that the LogAway can be used by the XPLG server, add a log over SSH on this machine using direct access mode and check that everything works as expected.
    Open XPLG Support Portal > Activity Information and under SSH connections tab look for that server and verify that the connection mode is Agent (instead of the default: Less).