Initialize OC Admin
OC Admin is a WebUI complement to the Open Collector. OC Admin can be used to create and manage pipelines (log sources) as well as track beat performance and error messages from the web. It is recommended to install OC Admin after the Open Collector has been installed.
Prerequisites
- Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
The following ports are open:
Direction
Port
Protocol
Source
Inbound 8400 HTTPS OC-Admin Outbound 1433 TCP OC-Admin
Initialize OC Admin
To start OC Admin, do the following:
Confirm Open Collector is running:
CODE./lrctl status
You should see the open_collector and metrics versions:
If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.
Start oc-db by running the following command:
CODE./lrctl oc-db start
Start OC Admin by running the following command:
CODE./lrctl oc-admin start
- Enter a password for OC Admin.
- Enter the password again to confirm.
- Press Enter to start OC Admin.
Open the following URL from a modern browser:
CODEhttps://<ip_of_the_opencollector>:8400/
If necessary, change the language by clicking on the Language selector icon .
- Login with username
ocAdmin
and the password specified in step 4. (Steps 9 through 11 are for first-time logins.) At first login, you are prompted to edit the connection to the SIEM database.
Follow the on-screen instructions and provide the correct credentials for the MS SQL that runs on your XM or Platform Manager.
Upon completion, a prompt to create or update the SIEM database appears.- Provide privileged credentials (these will NOT be saved) to create the necessary stored procedures, view, etc. in the SIEM database.
- Connect to and update the SIEM database by clicking the Update icon .
Create and Use a Non-Privileged User
For security purposes, it is not recommended to perform day-to-day OC Admin actions on the privileged admin account. It is recommended to create a non-privileged user for daily operations by following the steps below:
Open the following URL from a modern browser:
CODEhttps://<ip_of_the_opencollector>:8400/
- Login with username
ocAdmin.
- Click Admin at the bottom-left of the window.
- Click Manage User Accounts.
- Click Add New Account.
- Provide a Username and Password for the new account.
- Select Role:
User
(or any other non-privileged Role). - Click Add New User Account.
- Click Logout.
- Log back in as the new non-privileged user.
Reset the OC Admin Password
In the event that the password to the OC Admin administrator account needs to be reset, do the following:
Run the following command:
CODE./lrctl oc-admin resetadminuser
- Set a new password:
Re-enter the password to verify:
The new password is configured successfully.
Restart OC-DB or OC Admin
In the event that OC-DB or OC Admin need to be restarted, you can do so with the following commands:
Run the following command to restart oc-db:
CODE./lrctl oc-db restart
Run the following command to restart OC Admin:
CODE./lrctl oc-admin restart
Stop OC-DB or OC Admin
In the event that OC-DB or OC Admin need to be stopped, you can do so with the following commands:
Run the following command to stop OC Admin:
CODE./lrctl oc-admin stop
Run the following command to stop oc-db:
CODE./lrctl oc-db stop
Once the OC Admin has been successfully installed and initialized, refer to the collection of topics at OC Admin for information about using the web UI.