syslog-ng Store Box 5.2.0 - Deploying on Amazon Web Services

Introduction

The aim of this guide is to provide detailed, step-by-step instructions on how to set up and install syslog-ng Store Box in an Amazon Web Services (AWS) virtual environment.

The document comprises the following sections:

Prerequisites

The following prerequisites must be met before deploying SSB on Amazon Web Services:

  • You have a valid One Identity syslog-ng Store Box license.

    syslog-ng Store Box uses the "Bring your own license" model. Note that to deploy two active SSB nodes as an availability set, you must purchase two standalone SSB licenses. To purchase a license, contact our Sales Team.

  • You have an Amazon Web Services account and privileges to access the Amazon Elastic Compute Cloud (EC2) service.

  • You have secure access to your Amazon Virtual Private Cloud (VPC) resources, for example, through the use of a Virtual Private Network (VPN).

  • You have working knowledge of the SSB installation process.

  • You have familiarity with AWS EC2.

Limitations

The following limitations apply when deploying SSB on Amazon Web Services:

  • If High Availability (HA) operation mode is required in a virtual environment, use the HA function provided by the virtual environment.

  • Hardware-related alerts and status indicators of SSB may display inaccurate information, for example, display degraded RAID status.

  • When running SSB in a virtual environment, it is sufficient to use a single network interface.

  • During AWS installation, connecting directly to the Internet using a public IP address is not supported. Instead, you must access the Internet via a Virtual Private Network or a jump host.

Installing SSB on Amazon Web Services

Purpose:

To deploy syslog-ng Store Box on Amazon Web Services, complete the following steps.

NOTE:

This chapter uses a number of screenshots for illustration purposes. Note that these are added here for reference only as the look and feel (but not the contents) of the Amazon user interface may change without this guide showing the latest changes.

Steps:
  1. Log in to Amazon Web Services.

  2. Once logged in, go to INSTANCES > Instances in the left-hand navigation pane, and then click Launch Instance.

    Figure 1: Instances page

    The Step 1: Choose an Amazon Machine Image (AMI) page comes up.

  3. Choose an AMI that corresponds to the type of Virtual Machine (VM) that you wish to launch an instance from:

    1. Go to Ownership, and select the Shared with me checkbox. This will apply a filter and display the AMIs relevant to you.

    2. Click your preferred AMI, and click Select next to it.

    TIP:

    To quickly find the AMI you are looking for, type a search keyword in the Search my AMIs search box and hit Enter.

    Figure 2: Step 1: Choose an Amazon Machine Image (AMI)

    The Step 2: Choose an Instance Type page comes up.

  4. Choose an instance type:

    1. Select an instance type by clicking the checkbox next to it.

      The minimum memory requirement is 2 GiB, that is, type t2.small. This instance type is able to handle 10,000 Events per Second (EPS).

      The recommended memory requirement is 7.5 GB, that is, type c4.xlarge. The capacity of this instance type is the closest to the physical hardware.

    2. Click Next: Configure Instance Details.

    Figure 3: Step 2: Choose an Instance Type

    The Step 3: Configure Instance Details page comes up.

  5. Configure instance details:

    1. Select the required Virtual Private Cloud (VPC) from the Network list.

    2. Choose a subnet to launch the instance into.

      NOTE:

      Exposing SSB to the public Internet during installation is not supported at all, therefore you must use a VPN or jump host to reach your instance and configure it.

      As for exposing the logging interface to the Internet after installation, contact Support to discuss your needs and how those could be met.

    3. Ensure that the Auto-assign Public IP field is set to Disable or Use subnet setting (Disable). This is required so that you do not get assigned a public IP address.

    4. Use the default values for all other fields or change them as required.

    5. You can leave the Network interfaces part untouched as using just one network interface will suffice.

      Note, however, that if you launch SSB with a single interface configured, then that interface will act as the management interface.

    6. Click Next: Add Storage.

    Figure 4: Step 3: Configure Instance Details

    The Step 4: Add Storage page comes up.

  6. Add storage to your instance:

    1. Set the size of your instance's store volume.

      NOTE:

      It is important that you choose this value wisely as once you have launched the instance, you will not be able to go back and modify it. The minimum storage size is 8 GiB, while the maximum allowed value is 16 TB (16384 GB).

    2. Set the volume type of your instance's store volume.

      SSD provides better performance than a Magnetic hard drive, however, it is also more expensive.

      The following recommendations apply:

      • If you choose a volume that is larger than 500 GB in size or your SSB is expected to handle volumes of traffic lower than 15,000 EPS, then select volume type General Purpose SSD (GP2). This volume type comes with an I/O credit balance, which will be used when your volume requires more I/O operations per second (IOPS) than the baseline performance I/O level. If you emtpy your credit balance, the maximum IOPS performance of the volume will remain at the baseline IOPS performance level, which may result in slower-than-required performance.

      • If your SSB is required to handle traffic exceeding 15,000 EPS or you choose a volume that is smaller than 500 GB in size, then select volume type Provisioned IOPS SSD (IO1). This volume type does not use a credit model, it allows you instead to specify a consistent IOPS rate.

      TIP:

      Selecting the Delete on Termination checkbox will automatically delete your store volume on terminating the instance. This is useful as this will free up storage place, and you will not have to pay for a store volume you are not using anymore. However, note that deleting the store volume will also delete your logs.

    3. Click Next: Tag Instance.

    Figure 5: Step 4: Add Storage

    The Step 5: Tag Instance page comes up.

  7. Create a tag for your instance:

    1. Add a meaningful key-value pair that will help you later on to easily identify your instance.

    2. ClickNext: Configure Security Group.

    Figure 6: Step 5: Tag Instance

    The Step 6: Configure Security Group page comes up.

  8. Configure security group:

    1. Set a new or an existing security group to control how SSB is accessed.

      Exposing SSB to the public Internet during installation is not supported at all, therefore you must use a VPN or jump host to reach your instance and configure it. As for exposing the logging interface to the Internet after installation, contact Support to discuss your needs and how those could be met.

      To achieve the above: restrict your security group to those users and log clients that access SSB from a secure network, and not over the public Internet. For example, if you are using a jump host, then you need a security group that will allow only your dedicated VPC to connect to your SSB. If there is a VPN to your home network or some other secure network, that can be allowed as well.

    2. Click Review and Launch.

    Figure 7: Step 6: Configure Security Group

    The Step 7: Review Instance Launch page comes up.

  9. Before launching your instance, double-check whether all details have been set as intended:

    1. Ensure that:

      • Under Instance Type, you have at least 2 GiB of memory assigned.

      • Under Instance Details, the Assign Public IP option is set to Disable or Use subnet setting (Disable).

    2. Make any changes if required.

    3. Once you are happy with all settings, click Launch.

    Figure 8: Step 7: Review Instance Launch

    The Select an existing key pair or create a new key pair pop-up window comes up.

  10. On the Select an existing key pair or create a new key pair pop-up window:

    1. Select the Proceed without a key pair option.

    2. Tick the checkbox that says "I acknowledge that I will not be able to connect to this instance unless I already know the password built into this AMI".

    3. Click Launch Instances.

    Figure 9: Step 7: Review Instance Launch — Key pair pop-up window

    The Launch Status page comes up informing you that your instance is launching.

  11. To view your instance's status, click View Instances.

    Figure 10: Launch Status page

    The Instances page comes up, which should now display the instance you have just launched. Depending on the size of the instance, installation may take up to 1-5 minutes.

    To access your SSB instance and start configuring it using the welcome wizard, you will need your instance's IP address and the netmask of your chosen subnet, both of which you can obtain from the AWS user interface.

  12. SSB expects that the IP address provided will not change, therefore, before retrieving the IP address, perform the following check:

    1. Click the instance you have just added, and select Actions > Networking > Manage Private IP Addresses from the menu at the top.

      Figure 11: Instances page — Actions menu

      The Manage Private IP Addresses pop-up window comes up.

    2. To ensure that the IP address stays the same, make sure that the Allow reassignment option is unchecked.

      Note down the netmask of the subnet you selected (/20 in the example provided) because you will need this piece of information later on, when configuring SSB via the welcome wizard.

      Figure 12: Instances page — Manage Private IP Addresses pop-up window

  13. To obtain and use the IP address of the instance:

    1. Click the instance on the Instances page.

      This will display the description of the instance, including its private IP address.

    2. Select the value in the Private IPs field and copy it.

      Figure 13: Instances page — instance description

    3. Paste this value in the Networking > External interface > IP address field of the SSB welcome wizard.

      For detailed information on the SSB welcome wizard, see "The Welcome Wizard and the first login" in the Administration Guide.

  14. To obtain and use the subnet's netmask:

    1. Retrieve the netmask information you noted down earlier in Step 12b.

    2. AWS provides the netmask value in CIDR format (for example, /24), while SSB expects this value in the octet format (for example, 255.255.255.0).

      Convert the value from the CIDR to the octet format.

    3. Enter the result in the Networking > External interface > Netmask field of the SSB welcome wizard.

      For detailed information on the SSB welcome wizard, see "The Welcome Wizard and the first login" in the Administration Guide.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents