Separate postanalytics installation

The processing of requests in the filter node is done in two stages:

  • Processing in NGINX-Wallarm.
  • Postanalytics – statistical analysis of the processed requests.

The processing is not memory demanding and can be put on front end servers without changing the server requirements.

Postanalytics is memory demanding, which may require changes in the server configuration or installation of postanalytics on a separate server.

Wallarm also has the option of installing postanalytics in a separate server pool. To install postanalytics, you must:

  1. Add the Wallarm repositories, from which you will download packages.
  2. Install the Wallarm packages.
  3. Configure postanalytics.
  4. Connect postanalytics to the Wallarm cloud.
  5. Change the Tarantool addresses for postanalytics.

1. Add the Wallarm repositories

The installation and updating of the filter node is done from the Wallarm repositories.

Depending on your operating system, run one of the commands:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/debian/wallarm-node jessie/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-get install dirmngr
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/debian/wallarm-node stretch/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node trusty/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
yum install --enablerepo=extras -y epel-release centos-release-SCL
rpm -i https://repo.wallarm.com/centos/wallarm-node/6/x86_64/Packages/wallarm-node-repo-1-2.el6.noarch.rpm
yum install -y epel-release
rpm -i https://repo.wallarm.com/centos/wallarm-node/7/x86_64/Packages/wallarm-node-repo-1-2.el7.centos.noarch.rpm

Repository access

Your system must have access to https://repo.wallarm.com to download the packages. Ensure the access is not blocked by a firewall.

2. Install the Wallarm packages

Install NGINX-Wallarm and the required scripts to interact with the Wallarm cloud.

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
apt-get install --no-install-recommends wallarm-node-tarantool
apt-get install --no-install-recommends wallarm-node-tarantool
apt-get install --no-install-recommends wallarm-node-tarantool
apt-get install --no-install-recommends wallarm-node-tarantool
apt-get install --no-install-recommends wallarm-node-tarantool
yum install wallarm-node-tarantool
yum install wallarm-node-tarantool

3. Configure postanalytics

Allocate the operating memory size for Tarantool

The amount of memory determines the quality of work of the statistical algorithms. The recommended value is 75% of the total server memory. For example, if the server has 32 GB of memory, the recommended allocation size is 24 GB.

Open for editing the configuration file of Tarantool:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool

Set the allocated memory size in the configuration file of Tarantool via the SLAB_ALLOC_ARENA directive.

For example:

SLAB_ALLOC_ARENA=24

Configure the server addresses of postanalytics

Uncomment HOST and PORT variables and set them the following values:

# address and port for bind
HOST='0.0.0.0'
PORT=3313

Restart Tarantool

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
service wallarm-tarantool restart
systemctl restart wallarm-tarantool
service wallarm-tarantool restart
service wallarm-tarantool restart
service wallarm-tarantool restart
service wallarm-tarantool restart
systemctl restart wallarm-tarantool

4. Connect postanalytics to the Wallarm cloud

Provide access to the Wallarm cloud so that postanalytics can always update the rules, upload metrics and the attack data.

You have to pick which script to run depending on the Cloud you are using.

EU Cloud
US Cloud
sudo /usr/share/wallarm-common/addnode --no-sync
sudo /usr/share/wallarm-common/addnode -H us1.api.wallarm.com --no-sync

When started, the script will prompt for the login and password. Provide the login and password that you use to access the Wallarm interface at https://my.wallarm.com.

Your Wallarm account must have the Administrator role. If you have the Analyst role, the script will error out.

Accounts with 2FA enabled are not supported. Script will error out in a such case.

API Access

The API choice for your filter node depends on the Cloud you are using. Please, select the API accordingly:

Ensure the access is not blocked by a firewall.

5. Change the Tarantool addresses for postanalytics

If the configuration file of Tarantool is set up to accept connections on the IP addresses different from 0.0.0.0 or 127.0.0.1, then you must provide the addresses in /etc/wallarm/node.yaml:

---
hostname: <node hostname>
uuid: <node uuid>
secret: <node secret>
tarantool:
   host: <IP address of Tarantool host>
   port: 3313

The installation is complete

This completes the installation of postanalytics.

results matching ""

    No results matching ""