There are 3 main tasks required to setup a hybrid collector. First a new collector Identity must be created, then the collector agent must be installed and configured, finally configure an App using that identity.
Hardware Requirements
Requirements | CPU Cores | GB of RAM |
---|---|---|
Minimum | 1 | 2 |
Recommended | 2 | 4 |
Network Connection Matrix
Source | Destination | Port | Description |
---|---|---|---|
Collector | Internal Resource | Technology Specific (e.g. Splunk API port) | This allows for the app connectivity to the technology |
Collector | interpres.io | 443 | General platform connection for service details |
Collector | auth.interpres.io | 443 | Allows for Authn Authz of the collector |
Collector | collector.interpres.io | 443 | Collector Gateway for receiving dispatched jobs |
Collector | streaming-pipeline.interpres.io | 443 | Path for data collected |
Create a Collector Identity
- Log into your Interpres tenant.
- Navigate to
Defense Surface
>Integrations
- Click on the
Collectors
Tab - Click
Add Collector
- Provide A Name and click
Save
- Find the newly created collector identity and click the 3 dots on the right side of it
- Click View and Copy the Details Presented
- Specifically you will need Tenant ID, Entity ID, and Secret
Download, Install, and Configure
Identify binary for download
curl https://static.interpres.io/collector/manifest.json
Example Response
{
"rpm": "collector/interpres-remote-collector-0.2.8-1.noarch.rpm",
"deb": "collector/interpres-remote-collector_0.2.8_all.deb",
"image": "collector/interpres-remote-collector-0.2.8.tgz"
}
RPM Package
- Download Binary
curl https://static.interpres.io/collector/interpres-remote-collector-0.2.8-1.noarch.rpm --output collector.rpm
- Install Binary
Deb Package
- Download Binary
curl https://static.interpres.io/collector/interpres-remote-collector_0.2.8_all.deb --output collector.deb
- Install Binary
Docker Tar Gzip (approx 400mb)
- Download Binary
curl https://static.interpres.io/collector/interpres-remote-collector-0.2.8.tgz --output collector.tgz
- Extract TGZ
tar -xzvf collector.tgz
- Navigate to he directory where the files extracted to
cd interpres-remote-collector-<version>
- Edit the
env-vars
file with the collector configuration
Example US Values
AUTH_SERVER=https://auth.interpres.io
WORKER_GATEWAY=wss://collector.interpres.io
PIPELINE_BASE_URL=https://streaming-pipeline.interpres.io
INTERPRES_BASE_URL=https://interpres.io
TENANT_ID={Tenant ID from step Create A Collector Identity}
CLIENT_ID={Client ID from step Create A Collector Identity}
- Run the install script
./install_collector.sh
- Enable the Service
systemctl enable interpres-remote-collector
- Start the Service
systemctl start interpres-remote-collector
- Check the Status
systemctl status interpres-remote-collector
- Check Logs
docker ps
Example Output
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5159899886c5 interpres-remote-collector:0.1.3-alpha.1 "container-entrypoin…" 3 minutes ago Up 3 minutes (health: starting) 8080/tcp interpres-remote-collector.service
docker logs 5159899886c5 --tail 100
2023-10-25T03:41:13.389222Z INFO interpres_remote_collector::worker: fetching credentials
2023-10-25T03:41:13.494738Z INFO interpres_remote_collector::worker: connecting to $wss://collector.dev.interpres.io
2023-10-25T03:41:13.517569Z INFO interpres_remote_collector::worker: successfully connected to $wss://collector.dev.interpres.io
Collector Configuration
The collector configuration is located in the file /opt/interpres-remote-collector/env-vars. Use the tenant id and credentials obtained from the collector creation in the UI and use the following configuration depending on the region where the tenant is located.
Once all is configured restart the service with
US Configuration
AUTH_SERVER=https://auth.interpres.io
WORKER_GATEWAY=wss://collector.interpres.io
PIPELINE_BASE_URL=https://streaming-pipeline.interpres.io
INTERPRES_BASE_URL=https://interpres.io
EU Configuration
AUTH_SERVER=https://auth.eu.interpres.io
WORKER_GATEWAY=wss://collector.eu.interpres.io
PIPELINE_BASE_URL=https://streaming-pipeline.eu.interpres.io
INTERPRES_BASE_URL=https://eu.interpres.io
Integration Configuration
When configuring an integration that needs to use the Collector, select the deployment type as "On-Prem". Then select the Collector you want to use.