Log Ingestion Appliance - Virtual
SolCyber uses a log ingestion appliance to consume logs from your on-premise sources. We offer a virtual appliance or a hardware appliance.
Virtual log ingestion appliances can be deployed for most hypervisors:
- VMWare: using a SolCyber-provide OVA file.
- Hyper-V and other hypervisors: Using a SolCyber-provided deployment script that can be run after configuring a VM running a supported Operating System
Log Ingestion Appliance Setup Guide - VMware#
Prerequisites #
Ensure that the following prerequisites are met before you proceed:
| Requirement Type | Requirement | Description |
|---|---|---|
| Server | Resources |
|
| Server | Hard Drive |
|
| Firewall Ports | SNYPR Console | Please ensure that your firewall allows the Ingestion Appliance to communicate outbound on TCP/443 |
| Firewall Ports | KAFKA Brokers | Please ensure that your firewall allows the Ingestion Appliance to communicate outbound on UDP/9093 |
| Firewall Ports | Ingester Heartbeat and Management | Please ensure that your firewall allows the Ingestion Appliance to communicate outbound on UDP/9993 |
| Firewall Ports | Syslog sources | SolCyber will instruct you as to which ports will be in use for data ingestion. Note: Use TCP for Syslog sources to improve the reliability of data transfer. |
| Firewall Whitelist | Ingester Health Monitoring | Please ensure that your firewall allows outbound TCP traffic to zabbix.SolCyber.us on port 443 from your Ingester Appliance |
Step 1: Transfer OVA to VMware#
Download the OVA file provided by SolCyber and transfer to the the hypervisor. If possible, download the OVA archive directly to the ESXi server - this will minimize the transfer time as the OVA is a large file.
Step 2: Select Creation Type#
Begin by selecting the creation type for your new virtual machine.
Step 3: Select OVF and VMDK Files#
Select the OVF and VMDK files or OVA for the VM you would like to deploy. You can click to select files or use drag and drop. Make sure to provide a unique name for your virtual machine (up to 80 characters).
 (3).jpeg)
Select Creation type
Step 4: Select Storage#
Choose a datastore for your virtual machine’s configuration files and virtual disks. In this example, the “vmstore” datastore with 4.51 TB free space is selected.
 (1).jpeg)
Select Storage
Step 5: Configure Deployment Options#
Set the deployment options for your virtual machine:
- Network mappings: Set to “bridged: VM Network”
- Disk provisioning: Select “Thin” provisioning
- Power on automatically: Check this option if you want the VM to start immediately after deployment
 (2).jpeg)
Deployment options
Step 6: Review and Complete#
Review your settings before finishing the wizard. The summary shows:
- Product: HUB_OVAv1
- VM Name: Charango-OVA-vm1
- Files:
- HUB_OVA_v1-disk1.vmdk
- HUB_OVA_v1-disk2.vmdk
- Datastore: vmstore
- Provisioning type: Thin
- Network mappings: bridged: VM Network
 (1).jpeg)
Ready to Complete
⚠️ Important: Do not refresh your browser while this VM is being deployed.
Click “Finish” to complete the deployment process.
Step 7: Confirm Installation#
The final step is to check that the VM is listed in the ESXi console as expected.
Log Ingestion Appliance Setup Guide - Hyper-V#
Please note, the below instructions are for installing the virtual appliance on Microsoft Hyper-V only.
Prerequisites #
Ensure that the following prerequisites are met before you proceed:
| Requirement Type | Requirement | Description |
|---|---|---|
| Server | Operating System | Ubuntu 22.04 |
| Server | Resources |
|
| Server | Hard Drive |
|
| Server | Appliance Configuration Files | Ensure the following files are copied to the server:
|
| Firewall Ports | SNYPR Console | Please ensure that your firewall allows the Ingestion Appliance to communicate outbound on TCP/443 |
| Firewall Ports | KAFKA Brokers | Please ensure that your firewall allows the Ingestion Appliance to communicate outbound on UDP/9093 |
| Firewall Ports | SolCyber Remote Access | Please ensure that your firewall allows the Ingestion Appliance to communicate outbound on UDP/9993 |
| Firewall Ports | Syslog sources | SolCyber will instruct you as to which ports will be in use for data ingestion. Note: Use TCP for Syslog sources to improve the reliability of data transfer. |
Step 1: Verify Prerequisites#
- Confirm you’re running Ubuntu 22.05.x LTS
- Ensure your main drive is at least 50GB for the OS.
- Check for a secondary, unformatted HD of at least 150GB.
- Verify the system has at least 2 CPU cores and 8GB RAM.
- Gather your new_hub_v1.sh script, answer file (sc-answer.ini), sc_payload_xxxx, and Securonix HUB installer tar (4 files total).
Step 2: Validate the Environment#
- Double-check your disks with
lsblk -o NAME,SIZE,FSTYPE,MOUNTPOINT,LABEL,UUID - Make sure your secondary HD shows up and is unmounted & unformatted.
Step 3: Installation#
- copy over the installer and support files (4 files total) *(scp recommended)
- run installer:
sudo bash new_hub_v1.sh - choose option 1 from the menu (Auto Install)
- run installer again (
sudo bash new_hub_v1.sh), and select menu item named: “Enable/Disable Securonix Services”. choose enable (“e”) to continue *(pay attention to the results) - reboot:
sudo reboot