Skip to main content
Skip table of contents

Install RedHat Enterprise 8

Prerequisites

  • Internet access and web browser
  • VMware (Workstation or Player) or another VM platform
  • RedHat Enterprise requires Docker Enterprise
  • The RHEL host should have the following firewall configuration:

    DirectionPortProtocolSourceDestinationPurpose
    Outbound443HTTPSOpen Collectorraw.githubusercontent.com

    Identify latest container versions.

    Outbound443HTTPSOpen Collector*.gcr.io

    Download latest Open Collector software.

    Outbound443HTTPSOpen Collectorget.docker.comDownload docker repositories.
    Outbound443HTTPSOpen Collectorcloud.google.comPull container images.
    Outbound443HTTPSOpen Collectorstorage.googleapis.comAuto-update feature.
    Outbound443HTTPSOpen Collectorconsole.cloud.google.comAuto-update feature.
    Outbound443HTTPSOpen Collectordownload.docker.comAllows for LRCTL installation of Open Collector
    Outbound443HTTPSOpen Collectorregistry-1.docker.ioAllows for LRCTL installation of Open Collector
    Outbound443HTTPSOpen Collectorauth.docker.ioAllows for LRCTL installation of Open Collector
    Outbound443HTTPSOpen Collectorproduction.cloudflare.docker.comAllows for LRCTL installation of Open Collector
    Outbound514TCP - SyslogOpen CollectorWindows System Monitor AgentSyslog feed of data to LogRhythm SIEM.
    Outbound**6514TCP+TLS - Secure SyslogOpen CollectorWindows System Monitor AgentSecure syslog feed of data to LogRhythm SIEM.
    Outbound8076TCP - Influx/VitalsOpen CollectorPlatform ManagerData feed for Centralized Metrics (LogRhythm 7.5+ only).
    Inbound3000HTTPUser machineOpen CollectorView Open Collector metrics in Grafana.
    Inbound22SSHUser machineOpen CollectorInteract with Open Collector.
    Inbound5044TCP - LumberjackBeatsOpen CollectorMethod to send data from Beats collected outside the Open Collector.

    **indicates optional setting

Install RedHat Enterprise 8

  1. Download RedHat Enterprise 8 from https://www.redhat.com/en/enterprise-linux-8 (license may be required).

  2. Create a VM with the following settings:
    • CPU: 8 cores (or more)
    • RAM: 8 GB (or more)
    • HDD: 50 GB (or more)
    • DVD: rhel-8.x-x86_64-dvd.iso
    • User: In addition to the root user, create the following user:
      • username: logrhythm
      • password: <enter a password of your choice>
  3. Manually install Mirantis Container Runtime or Mirantis Kubernetes Engine (Formerly Docker Enterprise Edition).  This must be done before installing the Open Collector on RedHat 8. 
    Mirantis Kubernetes Engine (Formerly Docker Enterprise Edition) Basic, version 19+ is the officially supported version. 

    RedHat 8 is only officially supported using Mirantis Container Runtime or Mirantis Kubernetes Engine (Formerly Docker Enterprise Edition).
    • Please refer to your vendor specific documentation for Mirantis product installation instructions.  Paid license will be required.

      Docker CE is not supported on RedHat 8 and will not be available for installation through the ./lrctl init command.
  4. Modify the firewalld settings.  This must be done before using Docker on RedHat8, because DNS resolution for containers on Docker does not currently work with nftables.

    • Open the firewalld.conf file using vi or nano:

      CODE
      sudo vi /etc/firewalld/firewalld.conf
    • In the firewalls.conf config file, change FirewallBackend=nftables to:

      CODE
      FirewallBackend=iptables
    • Save your changes and reload firewalld:  

      CODE
      sudo systemctl restart firewalld.service
  5. On initial boot, log on as the root user.

  6. Add the new logrhythm user to the sudoers wheel:

    CODE
    usermod -aG wheel logrhythm
  7. Reboot the VM, and log on as the logrhythm user.

OS Installation

  1. Boot your VM with your installation media attached to the virtual CD-ROM drive (.iso format).
  2. Select Install Red Hat Enterprise Linux 8.x.
  3. Wait for the media check to complete.
  4. Once the Red Hat installer GUI starts, select your language localization settings, and click Continue.

    The Installation Summary screen appears.
  5. In the System section, click Network & Host Name.  (This is required to get networking on your VM without manual configuration.)
  6. In the upper-right corner, click the toggle switch to On

    The VM retrieves an IP address and DNS settings using DHCP (IPs and MAC redacted for security reasons).
  7. In the upper-left corner, click Done.
    The Installation Summary screen appears.
  8. In the Localization section, click Time & Date
    The Time & Date screen appears.
  9. Confirm the date and time are correct. 

    You can also use the Network Time (NTP) option (networking must be configured to use this option).
  10. In the upper-left corner, click Done.
    The Installation Summary screen appears.
  11. In the System section, click Installation Destination.  
    the Installation Destination screen appears.
  12. Ensure your local disk is selected. The recommended disk capacity is 50GB.
  13. In the upper-left corner, click Done.
    The Installation Summary screen appears.
  14. (Optional) To disable the default GNOME GUI, click Software Selection in the Software section.
  15. In the bottom-right corner, click Begin Installation.
  16. During the installation process, you can configure a root password and additional users.
  17. To set a root password, click Root Password.
  18. Click User Creation, and create a logrhythm user with a strong password. 

    You can also create a logrhythm user manually after installation.
  19. Once installation is complete, click Reboot in the lower-right corner. 

    Make sure to remove the installation media. The method for removal is hypervisor-specific.

  20. Once the system is rebooted, you will be required to accept the Red Hat license.
  21. Click License Information
    The License information screen appears.
  22. At the bottom, click the I accept the license agreement check box.
  23. In the upper-left corner, click Done.
  24. Click Subscription Manager to register your Red Hat instance.

    You must register your Red Hat instance to enable yum repos. You cannot install the Open Collector if you do not register your RedHat 8 instance.
  25. After registering your Red Hat instance, click Finish Configuration in the bottom-right corner.
  26. Before using Docker on RedHat Enterprise 8, you must modify the firewalld settings.

      • Open the firewalld.conf file using vi or nano:

        CODE
        sudo vi /etc/firewalld/firewalld.conf
      • In the firewalls.conf config file, change FirewallBackend=nftables to:

        CODE
        FirewallBackend=iptables

      • Save your changes and reload firewalld:  

        CODE
        sudo systemctl restart firewalld.service
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.