Configuring High Availability for USM Appliance Standard Loggers

Prerequisites

  • You must have already deployed and configured the USM Appliance Standard Logger as described in USM Appliance Deployments minus the task of Configure the USM Appliance Logger after Deployment.
  • You must have already configured the USM Appliance Standard Servers for HA.
  • You may configure the USM Appliance Standard Loggers for HA either before or after the USM Appliance Standard Sensors.

Configuring the Secondary Logger for HA

To configure a secondary logger for HA

1. Log into the secondary Standard Logger.

2. From the AlienVault Setup Main menu, select Jailbreak System, press Enter (<OK>), and Enter again.

3. After you see the prompt, configure HA in the secondary node, or slave in /etc/ossim/ossim_setup.conf as indicated by the angle-bracketed text:

ha_heartbeat_start=yes

ha_local_node_ip=<slave_appliance_IP>

ha_other_node_ip=<master_appliance_IP>

ha_other_node_name=<master_appliance_name>

ha_password=<password>

**The password for both slave and master must be the same.**

ha_role=slave

ha_virtual_ip=<virtual_appliance_IP>

Important: The ha_role value must always equal "slave" for the secondary node.

4. Save the changes.

5. Enable HA in the secondary node by entering the following command:

screen alienvault-ha-assistant -e

Note: Use screen to keep the process running in the background even when the session disconnects.

6. Check that the secondary node is up and running by entering:

alienvault-ha-assistant –s

7. When prompted, enter the remote (master) user password.

After about five minutes, you see output, as shown in Step 8 of Configuring the Secondary Standard Server for HA.

Configuring the Primary Logger for HA

To configure the primary logger for HA

  1. Follow steps 1. through 3. in Configuring the Secondary Logger for HA.

  2. Edit the file /etc/ossim/ossim_setup.conf as indicated:

    ha_heartbeat_start=yes

    ha_local_node_ip=<master_appliance_IP>

    ha_other_node_ip=<slave_appliance_IP>

    ha_other_node_name=<slave_appliance_name>

    ha_password=<password>

     

    **This password must be the same for both slave and master.**

    ha_role=master

    ha_virtual_ip=<virtual_appliance_IP>

  3. Save the changes.
  4. Enable HA in the primary node by entering the following:

    5. screen alienvault-ha-assistant -e

    Note: Use screen to keep the process running in the background even when the session disconnects.

  5. Check that the primary node is up and running:

    6. alienvault-ha-assistant –s

  6. When prompted, enter the remote (slave) root user password.

    After about five minutes, you see output.

  7. Launch a web browser and verify that you can access the USM Appliance system, using the virtual IP specified in the ossim_setup.conf file.

Configuring Communication Between the Loggers and Servers

You must add the primary Standard Server to the primary Standard Logger through the web interface.

You configure communication between the remaining nodes solely through the AlienVault console.

Adding the Primary Server to the Primary Logger

See Configure the USM Appliance Logger after Deployment.

Adding the Secondary Server to the Primary Logger

Complete this task only after you have added the primary Standard Server to the primary (active) logger through the USM Appliance web interface.

To add the secondary server to the primary logger

1. Log into the primary Standard Logger. 

2. From the AlienVault Setup Main menu, select Jailbreak System.

3. From the command prompt, add the secondary Standard Server:

alienvault-api add_system -–system-ip=<secondary_Std_Server_IP> --password=<USM_root_password> --ha

Adding the Primary Server to the Secondary Logger

To add the primary server to the secondary logger

1. Log into the secondary Standard Logger.

2. Repeat steps 2. and 3. of Adding the Secondary Server to the Primary Logger.

alienvault-api add_system -–system-ip=<primary_Std_Server_IP> --password=<USM_root_password> --ha

Note: Keep the session open and in command line mode for completion of the next task.

Adding the Secondary Server to the Secondary Logger

To add the secondary server to the secondary logger

  • From the command line of the secondary Standard Logger, add the secondary Standard Server:

alienvault-api add_system -–system-ip=<secondary_Std_Server_IP> --password=<USM_root_password> --ha