Skip to main content
Version: 5.3

Configuring Data Collection Connection from BI.ZONE EDR

Legend:

${LS_HOME} - Logstash home directory, typically /app/logstash

General Description

Configuration for collecting data from the BI.ZONE EDR server is performed by setting up Smart Monitor Data Collector configurations.

Generating BI.ZONE EDR API Token

  1. Log in to the BI.ZONE EDR web interface BI.ZONE EDR web interface

  2. Go to the My Profile - API Tokens section My Profile interface

  3. Create an API token and copy it for further use API Token interface

Please note!

After creation, the API token will not be visible for viewing. Save it during the module installation.

Adding Variables to the Keystore

To implement data collection, variables with identification and authentication data for BI.ZONE EDR must be added to the Smart Monitor Data Collector keystore.

Execute the following commands sequentially:

sudo -u logstash ${LS_HOME}/bin/logstash-keystore add bizone_token
sudo -u logstash ${LS_HOME}/bin/logstash-keystore add bizone_user
sudo -u logstash ${LS_HOME}/bin/logstash-keystore add bizone_password

Installing Smart Monitor Data Collector configurations

Configuration files (pipelines) are supplied with the module and require additional editing according to the addressing of your Smart Monitor and BI.ZONE EDR installations.

In the .conf configuration files, edit the following parameters:

  • "BIZONE_HOST" in the input section, replace with the actual BI.ZONE EDR server address
  • "HOST_OS_DATA" in the output section, replace with the actual Smart Monitor Data Storage node address
  • "KAFKA_SERVERS" in the input section, replace with the actual Kafka server address of BI.ZONE EDR

Selecting and configuring configuration files for Apache Kafka:

The module comes with two sets of configuration files that use Apache Kafka from the BI.ZONE EDR installation as a data source. The choice of the required set depends on whether Kafka uses a TLS connection in your installation:

Plain TextTLS
bizone-irp.conf      bizone-irp-withssl.conf  
bizone-server.conf    bizone-server-withssl.conf  
bizone-tasks-result-event.conf    bizone-tasks-result-event-withssl.conf  
bizone-telemetry.conf    bizone-telemetry-withssl.conf  

In the configuration files that use Kafka as a data source, topic names are specified. Change them if your BI.ZONE EDR installation uses topics with different names.

By default, only server authentication is used on the Kafka server in the EDR installation. Accordingly, the lines calling keystore and its password are commented out in the configuration files. If mutual authentication (mTLS) is used in your installation, uncomment the corresponding lines in the files.

Create a truststore and place the Kafka server CA certificate in it.

Add a variable with the truststore password to the Smart Monitor Data Collector storage:

sudo -u logstash ${LS_HOME}/bin/logstash-keystore add KAFKA_TRUSTSTORE_PASSWORD

If mutual authentication is used in your installation, also create a keystore and add a variable with the password to the Smart Monitor Data Collector storage:

sudo -u logstash ${LS_HOME}/bin/logstash-keystore add KAFKA_KEYSTORE_PASSWORD

To install the configuration files, perform the following actions:

  1. Go to the Smart Monitor Data Collector host
  2. Place the pipeline .conf files and the bizone folder containing scripts in the ${LS_HOME}/config/conf.d directory
  3. Add pipelines to the pipelines.yml file. More details can be found in the corresponding section in Instructions for creating a typical pipeline
  4. Reload the Smart Monitor Data Collector node using the following command:
systemctl restart logstash