Installing and registering Data Collector manually

Use this installation and registration procedure for IBM Data Collector if you do not want to create an API Key to register your Data Collector instance.

Before you begin

Only Data Collector Administrators can create, register, edit, and delete a Data Collector instance. For more information, see User access, roles, and permissions.

Tip: If you can't login as the root user, you must add the sudo command before you can run the commands in these procedures.

Installing Data Collector

Install IBM Data Collector on a computer or virtual machine (VM) that meets all the system requirements. You can install only one instance of Data Collector per computer or VM.

About this task

To use the installation script, you must have Python on your operating system. By default, most operating systems include Python capabilities.

Procedure

  1. Download the Data Collector installer package from IBM Fix Central (ibm.com/support/fixcentral/).
    Enter dc-installer-1.8.5 in the Search Fix Central field. The file name for the installer package is dc-installer-QRadarSuite-1.8.5.tgz.
  2. To verify that the file was downloaded correctly, run the following command:
    sha256sum dc-installer-QRadarSuite-1.8.5.tgz

    If the file is downloaded correctly, the SHA256 checksum value matches the value that is listed on IBM Fix Central.

  3. Unpack and run the Data Collector installer package by running the following command:
    tar -zxvf dc-installer-QRadarSuite-1.8.5.tgz
    The Data Collector installer package contains the following files:
    • install.sh
    • install.py
    • uninstall.sh
    • uninstall.py
    • dlc-service-rpms-1.8.5.tgz
  4. Install the Data Collector by running the following script:
    ./install.sh
    Tip: You can add the version that you want to install after the script name. If you don't add a version, the script prompts you to pick a version. If you have only one version of Data Collector in your files, the script installs that version.
  5. After the installation is finished, run the following command to restart the Data Collector service.
    systemctl restart dlc
  6. After the Data Collector restarts, run the following command to check the system status.
    systemctl status dlc

Results

An active (running) message indicates that the installation was successful and that Data Collector is running.

Registering Data Collector on the platform

After you install Data Collector, you must register your Data Collector with the platform to ensure that you receive events.

Procedure

  1. On your Data Collector instance, run the following script:
    /opt/ibm/si/services/dlc/current/script/startRegistration.sh
    This script restarts the Data Collector so your changes can be implemented.
  2. Select Setup DLC for Cloud Pak for Security.
  3. Open the syslog port on the firewall by typing y when prompted.
    When you open the ports, you can see the following output:
    firewall-cmd --zone=public --add-port=514/udp --permanent
    success
    firewall-cmd --zone=public --add-port=514/tcp --permanent
    success
    firewall-cmd --zone=public --add-forward-port=port=514:proto=tcp:toport=1514 --permanent
    success
    firewall-cmd --zone=public --add-forward-port=port=514:proto=udp:toport=1514 --permanent
    success
    firewall-cmd --reload
    success
    firewall changes complete, opened the syslog port
  4. Copy the Data Collector certificate signing request.
    Important:

    Ensure that you copy the entire certificate signing request. The request includes begin and end tags.

    For example,
    -----BEGIN CERTIFICATE REQUEST-----
    <contents of the certificate request>
    -----END CERTIFICATE REQUEST-----
  5. To verify that the Data Collector is active, run the following command:
    systemctl status dlc
  6. Log in to the platform.
  7. In the general settings menu section, click Connections > Data Collectors, and then click Register a Data Collector.
  8. Enter a name and description for your Data Collector, and then click Next.
  9. Paste the certificate signing request from your Data Collector, and then click Next.
  10. Download the connection bundle to your Data Collector by clicking Download connection bundle. The connection bundle might take a few minutes to generate before you can click Download connection bundle to download it.
    Tip: You can also download the connection bundle from the specific Data Collector on the Data Collector Management page after you click Done. Open the menu on the Data Collector instance and click Download connection bundle.
    The connection bundle contains the configuration information that each Data Collector instance needs to complete the connection to the platform.
  11. Click Done.
  12. Copy the connection bundle .json file to your Data Collector instance.
  13. Replace the value for <connection bundle JSON file> with your connection bundle's file name, and then run the following script to process the connection bundle:
    /opt/ibm/si/services/dlc/current/script/GenerateKafkaFiles.sh <connection bundle JSON file>

Results

After you process the connection bundle, you receive a message that says Successfully validated the connection bundle file. After the script restarts the Data Collector, the Data Collector can start receiving event data.
Tips:
  • To validate that your Data Collector is connected to the platform, run the following command on your Data Collector instance:
    /opt/ibm/si/services/dlc/current/script/jmx.sh -p 7787 -b "com.q1labs.sem:application=dlc.dlc,type=destinations,name=CP4SForwardDestination"

    The following output appears after you run the command:

    com.q1labs.sem:application=dlc.dlc,type=destinations,name=CP4SForwardDestination
    --------------------------------------------------------------------------------
    KafkaTopic: dlc-event-topic-pipeline-e0881bd0
    KafkaCompressionType: gzip
    Connected: true                                         
    EPS: 0
    TotalWrittenBytes: 0
    DiscardEventCount: 0
    EventsSeen: 99                                       
    EPSThreshold: 20000
    Compressed: true
    RawEventCount: 0

    If the Connected value is true, then you have successfully connected your Data Collector.

  • If you have connectivity issues, you can install debugging tools by running the following command:
    yum makecache && yum update && yum install -y wget net-tools bind-utils nmap tcpdump lsof