Separate Postanalytics Installation

The processing of requests in the filter node is done in two stages:

  • Processing in NGINX-Wallarm.
  • Postanalytics – statistical analysis of the processed requests.

The processing is not memory demanding and can be put on front end servers without changing the server requirements.

Postanalytics is memory demanding, which may require changes in the server configuration or installation of postanalytics on a separate server.

Wallarm also has the option of installing postanalytics in a separate server pool. To install postanalytics, you must:

  1. Add the Wallarm repositories, from which you will download packages.
  2. Install the Wallarm packages.
  3. Configure postanalytics.
  4. Connect postanalytics to the Wallarm cloud.
  5. Change the Tarantool addresses for postanalytics.

Prerequisites

Make sure that you execute all commands below as superuser (e.g. root).

1. Add the Wallarm Repositories

The installation and updating of the filter node is done from the Wallarm repositories.

Depending on your operating system, run one of the commands:

Debian 8.x (jessie)
Debian 9.x (stretch)
Debian 10.x (buster)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
Amazon Linux 2
# apt-get install dirmngr
# apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
# sh -c "echo 'deb http://repo.wallarm.com/debian/wallarm-node jessie/' >/etc/apt/sources.list.d/wallarm.list"
# apt-get update
# apt-get install dirmngr
# apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
# sh -c "echo 'deb http://repo.wallarm.com/debian/wallarm-node stretch/' >/etc/apt/sources.list.d/wallarm.list"
# apt-get update
# apt-get install dirmngr
# apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
# sh -c "echo 'deb http://repo.wallarm.com/debian/wallarm-node buster/' > /etc/apt/sources.list.d/wallarm.list"
# apt-get update
# apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
# sh -c "echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node trusty/' >/etc/apt/sources.list.d/wallarm.list"
# apt-get update
# apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
# sh -c "echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/' >/etc/apt/sources.list.d/wallarm.list"
# apt-get update
# apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
# sh -c "echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/' >/etc/apt/sources.list.d/wallarm.list"
# apt-get update
# yum install --enablerepo=extras -y epel-release centos-release-SCL
# rpm -i https://repo.wallarm.com/centos/wallarm-node/6/x86_64/Packages/wallarm-node-repo-1-2.el6.noarch.rpm
# yum install -y epel-release
# rpm -i https://repo.wallarm.com/centos/wallarm-node/7/x86_64/Packages/wallarm-node-repo-1-2.el7.centos.noarch.rpm
# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -i https://repo.wallarm.com/centos/wallarm-node/7/x86_64/Packages/wallarm-node-repo-1-2.el7.centos.noarch.rpm

Repository access

Your system must have access to https://repo.wallarm.com to download the packages. Ensure the access is not blocked by a firewall.

2. Install the Wallarm Packages

Update OpenSSL

Update the OpenSSL package to the latest version available from the repositories of your operating system. Make sure to do this prior to installing the Wallarm packages.

Install NGINX-Wallarm and the required scripts to interact with the Wallarm cloud.

Debian 8.x (jessie)
Debian 9.x (stretch)
Debian 10.x (buster)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
Amazon Linux 2
# apt-get install --no-install-recommends wallarm-node-tarantool
# apt-get install --no-install-recommends wallarm-node-tarantool
# apt-get install --no-install-recommends wallarm-node-tarantool
# apt-get install --no-install-recommends wallarm-node-tarantool
# apt-get install --no-install-recommends wallarm-node-tarantool
# apt-get install --no-install-recommends wallarm-node-tarantool
# yum install wallarm-node-tarantool
# yum install wallarm-node-tarantool
# yum install wallarm-node-tarantool

3. Configure Postanalytics

Allocate the operating memory size for Tarantool

The amount of memory determines the quality of work of the statistical algorithms. The recommended value is 75% of the total server memory. For example, if the server has 32 GB of memory, the recommended allocation size is 24 GB.

Open for editing the configuration file of Tarantool:

Debian 8.x (jessie)
Debian 9.x (stretch)
Debian 10.x (buster)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
Amazon Linux 2
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/sysconfig/wallarm-tarantool
# vi /etc/sysconfig/wallarm-tarantool
# vi /etc/sysconfig/wallarm-tarantool

Set the allocated memory size in the configuration file of Tarantool via the SLAB_ALLOC_ARENA directive.

For example:

SLAB_ALLOC_ARENA=24

Configure the server addresses of postanalytics

Uncomment HOST and PORT variables and set them the following values:

# address and port for bind
HOST='0.0.0.0'
PORT=3313

Restart Tarantool

Debian 8.x (jessie)
Debian 9.x (stretch)
Debian 10.x (buster)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
Amazon Linux 2
# service wallarm-tarantool restart
# systemctl restart wallarm-tarantool
# systemctl restart wallarm-tarantool
# service wallarm-tarantool restart
# service wallarm-tarantool restart
# service wallarm-tarantool restart
# service wallarm-tarantool restart
# systemctl restart wallarm-tarantool
# systemctl restart wallarm-tarantool

4. Connect Postanalytics to the Wallarm Cloud

Provide access to the Wallarm cloud so that postanalytics can always update the rules, upload metrics and the attack data.

You have to pick which script to run depending on the Cloud you are using.

EU Cloud
US Cloud
# /usr/share/wallarm-common/addnode --no-sync
# /usr/share/wallarm-common/addnode -H us1.api.wallarm.com --no-sync

When started, the script will prompt for the login and password. Provide the login and password that you use to access the Wallarm interface at https://my.wallarm.com.

Your Wallarm account must have the Administrator role. If you have the Analyst role, the script will error out.

Accounts with 2FA enabled are not supported. Script will error out in a such case.

API Access

The API choice for your filter node depends on the Cloud you are using. Please, select the API accordingly:

Ensure the access is not blocked by a firewall.

5. Change the Tarantool Addresses for Postanalytics

If the configuration file of Tarantool is set up to accept connections on the IP addresses different from 0.0.0.0 or 127.0.0.1, then you must provide the addresses in /etc/wallarm/node.yaml:

hostname: <node hostname>
uuid: <node uuid>
secret: <node secret>
tarantool:
   host: <IP address of Tarantool host>
   port: 3313

The Installation Is Complete

This completes the installation of postanalytics.

results matching ""

    No results matching ""