Initialize OC Admin

OC Admin is a WebUI complement to the Open Collector. OC Admin can be used to create and manage pipelines (log sources) as well as track beat performance and error messages from the web. It is recommended to install OC Admin after the Open Collector has been installed.

Prerequisites

• Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.

• The following ports are open:

  Direction	Port	Protocol	Source
  Inbound	8400	HTTPS	OC-Admin
  Outbound	1433	TCP	OC-Admin

  
  

Initialize OC Admin

To start OC Admin, do the following:

1. Confirm Open Collector is running:

   ./lrctl status
   

   You should see the open_collector and metrics versions:
   

   If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.

2. Start oc-db by running the following command:

   ./lrctl oc-db start
   

   
   

3. Start OC Admin by running the following command:

   ./lrctl oc-admin start
   

   
   

4. Enter a password for OC Admin.
   

5. Enter the password again to confirm.
   

6. Press Enter to start OC Admin.
    

7. Open the following URL from a modern browser:

   https://<ip_of_the_opencollector>:8400/
   

   
   

   If necessary, change the language by clicking on the Language selector icon .

   
   

8. Login with username ocAdmin and the password specified in step 4.
   

9. (Steps 9 through 11 are for first-time logins.) At first login, you are prompted to edit the connection to the SIEM database.
   Follow the on-screen instructions and provide the correct credentials for the MS SQL that runs on your XM or Platform Manager.
   Upon completion, a prompt to create or update the SIEM database appears.

10. Provide privileged credentials (these will NOT be saved) to create the necessary stored procedures, view, etc. in the SIEM database.

11. Connect to and update the SIEM database by clicking the Update icon .

Create and Use a Non-Privileged User

For security purposes, it is not recommended to perform day-to-day OC Admin actions on the privileged admin account. It is recommended to create a non-privileged user for daily operations by following the steps below:

1. Open the following URL from a modern browser:

   https://<ip_of_the_opencollector>:8400/
   

   
   

2. Login with username ocAdmin.

3. Click Admin at the bottom-left of the window.

4. Click Manage User Accounts.

5. Click Add New Account.

6. Provide a Username and Password for the new account.

7. Select Role: User (or any other non-privileged Role).

8. Click Add New User Account.

9. Click Logout.

10. Log back in as the new non-privileged user.

Reset the OC Admin Password

In the event that the password to the OC Admin administrator account needs to be reset, do the following:

1. Run the following command:

   ./lrctl oc-admin resetadminuser
   

   
   

2. Set a new password:
   

3. Re-enter the password to verify:
   
   The new password is configured successfully.

Restart OC-DB or OC Admin

In the event that OC-DB or OC Admin need to be restarted, you can do so with the following commands:

• Run the following command to restart oc-db:

  ./lrctl oc-db restart
  

  

• Run the following command to restart OC Admin:

  ./lrctl oc-admin restart
  

  

Stop OC-DB or OC Admin

In the event that OC-DB or OC Admin need to be stopped, you can do so with the following commands:

• Run the following command to stop OC Admin:

  ./lrctl oc-admin stop
  

  

• Run the following command to stop oc-db:

  ./lrctl oc-db stop