API - Cradlepoint ECM
Cradlepoint provides a management system that enables users to manage and deploy networks at geographically distributed locations. The System Monitor Agent can import Cradlepoint logs into LogRhythm for analysis. This document explains how to configure the collection of Cradlepoint logs via the LogRhythm System Monitor Agent.
Prerequisites
The HTTPS collection mechanism used by the Agent references a Cradlepoint configuration file (typically cradlepoint.ini) and retains the last report read from Cradlepoint using state tracking. The following information is required for this process to function properly and should be gathered prior to configuring log collection:
- The LogRhythm System Monitor Agent used to collect Cradlepoint log data
- Administrator credentials to log in to the https://www.cradlepointecm.com site
- The name of the Cradlepoint log source configuration file (default: cradlepoint.ini)
Create the Enterprise Cloud Manager (ECM) API ID and API Key
The ECM API ID and API Key are needed to connect to the Cradlepoint API.
- Log in to the https://www.cradlepointecm.com site with Administrator privileges.
- Click the APPLICATIONS link.
- In the ECM API section of the Applications page, click Manage.
- On the ECM API page, click Add.
- In the menu on the Create API Key dialog box, select Read Only User, and then click OK.
The New API Key dialog box appears. Copy the key pair, X-ECM-API-ID and X-ECM-API-Key, as they are needed to configure the .ini file.
To clear the dialog box, click OK.
Create the Cradlepoint API ID and Key
The CP API ID and API Key are needed to connect to the Cradlepoint API.
- Log in to the https://www.cradlepointecm.com site with Administrator privileges.
- Click the APPLICATIONS link.
- In the ECM API section of the Applications page, click the API Portal link.
- On the Getting Started page, copy the key pair, X-CP-API-ID and X-CP-API-Key, as they are needed to configure the .ini file.
- Close the Getting Started page.
- Log out of the Cradlepoint Enterprise Cloud Manager.
Configure the cradlepoint.ini File
The Cradlepoint configuration file must be located on the host of the Agent collecting logs. A sample configuration file (cradlepoint.ini) is installed in the LogRhythm System Monitor's config directory (typically C:\Program Files\LogRhythm\LogRhythm System Monitor\config). Use this file to create the cradlepoint.ini file that will reside on the host of the Agent collecting logs.
| Setting | Default Value | Description |
|---|---|---|
| CradlepointHosts | cradlepointecm.com | Host names or IP addresses of Cradlepoint scanner in comma delimited format. |
| CradlepointPort | 0 | Alternate port if Cradlepoint is configured to run on a non-standard port. Also the Cradlepoint server needs to have this port open in the firewall. |
| X-ECM-API-ID | CHANGE_THIS | Cradlepoint Enterprise Cloud Manager API ID. The ECM API ID must be encrypted using the lrcrypt command line utility. Usage: lrcrypt [-e passwordtoencrypt] You must manually paste the encrypted values into the configuration file. See LogRhythm Password Encryption for more information on how to use the LogRhythm Encryption Utility. |
| X-ECM-API-KEY | CHANGE_THIS | Cradlepoint Enterprise Cloud Manager API Key. The ECM API Key must be encrypted using the lrcrypt command line utility. Usage: lrcrypt [-e passwordtoencrypt] You must manually paste the encrypted values into the configuration file. See LogRhythm Password Encryption for more information on how to use the LogRhythm Encryption Utility. |
| CP-API-ID | CHANGE_THIS | The Cradlepoint API ID. |
| CP-API-KEY | CHANGE_THIS | The Cradlepoint API Key. |
| Monday to Sunday | Monday=true | The days of the week to query the API. Set each day to true or false. If all days are set to true, the API is queried every 24 hours. If only one day is set to true, the API is queried once per week. |
| Time | 01:00 | The local time of day to query the API (for example, 01:00 or 11:00 PM). The reports can only be pulled once per day. |
| StartupDelayInSeconds | 30 | If the API needs to be queried when the System Monitor is started, it waits this amount of seconds before running. |
| Timeout | 300 | The amount of time (in seconds) to wait for a response from the Cradlepoint server. The valid range for this value is 0-300 (0 = infinite). |
| ErrorReportRetryTimeSpan | 60 | The amount of time (in minutes) an Agent will wait after receiving an error before attempting to fetch data again. |
| ErrorReportRetryCount | 3 | The number of times an Agent retries to fetch data for reports that are throwing errors during a read attempt. |
| LogApiRequests | false | Enables (true) or disables (false) diagnostic logging of HTTP and HTTPS requests to the API. API request logging should only be used with assistance from LogRhythm Customer Supporter. You should leave this field unchanged (false). |
After you configure the device, you must also configure LogRhythm according to the instructions provided on the overview page of this guide. Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.
The name of the log message source is API - Cradlepoint ECM. In addition, when configuring this log source:
- For Log Message Processing Mode, select MPE Processing Enabled, Event Forwarding Enabled.
- For Log Message Processing Engine (MPE) Policy, select LogRhythm Default.
- On the Flat File Settings tab, enter the following:
File Path. <path to the cradlepoint.ini config file, including the file name and extension>
For multiple users, you can create multiple configuration files and multiple Cradlepoint Log Sources.