This guide will help you install your LogRhythm Data Indexer Appliance and direct you to additional information.

Unpack the Appliance

Unpack your appliance, keeping all shipping materials in case you need them later.

Your Indexer Appliance ships with a rack-mount chassis and rails for installing the appliance in a high-density server rack. Depending on your appliance model, the rack kit includes some or all of the following:

  • One pair of sliding rail assemblies
  • Nylon Velcro straps

Install the Appliance in a Server Rack

For additional information about installing the rails, installing the appliance, and routing cables, see the Rack Installation Instructions that are included with your Indexer Appliance.

Before you install the appliance, make sure that your rack meets the following specifications:

  • American National Standards Institute (ANSI)/Electronic Industries Association (EIA) standard 310-D-92
  • International Electrotechnical Commission (IEC) 297
  • Deutsche Industrie Norm (DIN) 41494

Power on the Appliance

Your new LogRhythm Appliance is equipped with a redundant power supply configuration, which consists of two individual hot-swap components. For hot-swapping to occur, each of the two power supplies must be powered with its own cord. LogRhythm recommends using a fault-tolerant power source, such as an Uninterrupted Power Supply (UPS).

  1. Connect the power cables.
  2. Bend the system power cable into a loop as shown below, then secure the cable in the provided strap.
  3. Plug the other end of the cables into a grounded electrical outlet or a separate power source, such as an Uninterrupted Power Supply (UPS) or a Power Distribution Unit (PDU).
  4. Turn on the system by pressing the power button.

The power indicators should light up.

Complete the Initial Appliance Configuration

Your new Indexer Appliance comes from the factory pre-installed with:

  • CentOS 7.1
  • LogRhythm Data Indexer Software Installation Script

When you first log in to the Indexer Appliance, you must provide configuration details that are specific to your network and organization.

Do not skip the initial configuration script after logging in to the Indexer Appliance. If you do, your Indexer will be configured to use DHCP on the primary Ethernet adapter, which is not a supported configuration for a production environment.

 If you experience any problems with your new appliance during initial setup, contact LogRhythm Support.

To complete the initial appliance configuration, do the following:

  1. When prompted to log in, type logrhythm for the login and the default LogRhythm password for Password.
  2. Press y to run the script.
    You will be prompted for network and NTP details. At each prompt, detected or default values are displayed in parentheses. To accept these values, press Enter.
  3. Enter the network and NTP information, as follows:

Prompt

Description

IP address

The IP address that you want to assign to this Data Indexer node.

Netmask

The netmask to use.

Default gateway

The IP address of the network gateway.

NTP servers

The IP address of one or more NTP servers. Enter the IP address of each server one at a time, followed by Enter. When you are finished, press Ctrl + D to end.

After completing the items in the configuration script, the system will test connectivity to the default gateway and the NTP servers. If any of the tests fail, press n when prompted to enter addresses again.

If you plan to deploy the Indexer in a different network environment and you expect the connectivity tests to fail, you can press y to proceed.

After confirming the gateway and NTP values, you will be logged in as the logrhythm user.

  1. Restart the network interfaces to apply the new settings: 

    sudo systemctl restart network
    CODE
  2. Restart chrony to apply NTP changes: 

    sudo systemctl restart chronyd
    CODE
  3. If you are installing a cluster of Indexers, repeat the initial configuration on each Indexer node.
  4. When you have completed the initial configuration of all Indexer nodes, install either a single-node cluster or a multi-node cluster.

 Install a Single-node Cluster

  1. Change to the Soft directory: 

    cd Soft
    CODE
  2. Run the Data Indexer installer: 

    sudo sh LRDataIndexer-version.centos.x86_64.run
    CODE

    You can press the Tab key after starting to type out the installer name, and the filename will be autocompleted.

  3. When prompted for the IP address of a cluster node, enter the IP address of the machine you are currently logged into.
  4. When prompted for another IP address, type q.
  5. If prompted for the SSH password, enter the password for the logrhythm user.
    The script installs the Indexer software.

    The installation process may take up to 10 minutes.

     When the installation is complete, the following message appears: Successfully installed LogRhythm(R) Data Indexer software!

Install a Multi-node Cluster

You only need to run the installer package on ONE of your cluster nodes. The package installer will install the Indexer software on each node in your cluster.

  1. Change to the Soft directory:

    cd Soft
    CODE
  2. Using sudo, create a file in the current directory — /home/logrhythm/Soft — called hosts.
    The file should contain all of the IP addresses of the hosts in the cluster. If you want to specify the hostnames of the cluster nodes, enter it after each IP address and separate the address and hostname with a space. If you do not specify the hostnames, the installer will rename the hosts.
    The file might look like the following:
    10.1.23.65 LRLinux1
    10.1.23.67 LRLinux2
    10.1.23.91 LRLinux3
  3. Run the installer with the hosts file argument as follows:

    sudo sh LRDataIndexer-version.centos.x86_64.run -- --hosts /home/logrhythm/Soft/hosts 
    CODE

     You can press the Tab key after starting to type out the installer name, and the filename will be autocompleted .

  4. If prompted for the SSH password, enter the password for the logrhythm user.
    The script installs Indexer software on each node specified in the hosts file.

    The installation process may take 30 minutes or longer.

    When the installation is complete, the following message appears: Successfully installed LogRhythm(R) Data Indexer software!

Create a LogRhythm Support Account

The LogRhythm Support site has the most current help documentation, software revisions, patches, and other important information.

To become a registered user, log in to the LogRhythm Support site at https://support.logrhythm.com

  1. Click Request a New Account.
  2. Complete the request form.

Your registration confirmation is emailed to you. If you have not received an email for your account, check your spam folder. Contact support if you still have not received it within a reasonable amount of time.

Proceed with Deployment Setup

For further instructions, see Getting Started: LogRhythm Appliance Software Configuration on the LogRhythm Support site.