Log Collector Installation - Onboarding using "Let's Go"

Log Collector Installation in CyTech - Aquila

This guide provides step-by-step instructions for installing the Elastic Agent as a log collector in the CyTech - Aquila environment. By following these steps, you’ll set up a secure, automated method for gathering and managing system logs, enabling centralized monitoring and analysis essential for cybersecurity operations.

Pre-requisites:

Access to CyTech - Aquila (Only users with "Owner" or "Admin" role are able to access the Log Collector Installation information).

Steps to Add Log Collector

1. Go to the Aquila Modules>Cyber Monitoring>Cyber Incident Management (SIEM and XDR).

2. In the Cyber Incident Monitoring(CIM) Dashboard, scroll to the button and click the "Let's Go" button. This will then display the ~~Windows~~window ~~log~~for ~~collector~~Log Collector installation.

3. Once the installation display is shown, click "Next" to proceed.

4. Carefully review the system requirements for your operating system to ensure compatibility and prevent potential issues during installation or usage. It is important to verify these prerequisites before proceeding. Then click "Next".

You can also refer to our documentation manuals for Log Collector Installations Guidelines: https://docs.cytechint.io/books/log-collector-installations

5. From the options, select the "Automatic" installation option. Then click "Next".

6. Carefully follow the instructions for the automatic installation.

6a. Download the Windows Installer.

Click on the "Download Installer" button to download the Windows MSI Package for Elastic Agent.
The URL can also be found on https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.15.1-windows-x86_64.msi

6b. Copy the ~~command~~commands displayed on the installation ~~page.~~page and execute it one by one for better results. You will need ~~this~~these ~~command~~commands to complete the installation process for the log collector in the next steps. ~~Proceed~~Please proceed to step 7.7. (Click only the "Next" button after successful installation of Log Collector)

7. In your dedicated environment for your Log Collector, open the Command Prompt and run as Administrator.

8. Execute the ~~command~~commands displayed in Figure 6b as shown in the manual.

For example (elastic-agent-<VERSION>-windows-x86_64.msi INSTALLARGS="--url=<URL> --enrollment-token=<TOKEN>").

9. After successful installation, go back to Cytech - Aquila as shown in figure 6b and then click "Next" to ~~finish installation.~~proceed.

10. Wait for about 3-5 minutes, ~~this~~these checks the Log Collector Agent if "Online" and if installed successfully into our fleet server.

11. This verifies successfull installation of Log Collector Agent and enrolled in our fleet server. It shows the Log Collector Host Name and the user installer. Click "Continue" to the finish installation.

12. Also you can verify successful installation by going to Cyber Incident Monitoring>Settings>Log Collector.

In the Log Collector List, you can see all the log collector installed. You can also view the Log Collector details such us: Agent Name, Status and IP address.

***If you encounter Log Collector Setup Failed. Please click "Retry" and carefully go gack to Steps 5 or 6. You can also try "Manual" installation. If issues persist please contact our support at support@cytechint.com for prompt assistance and guidance.

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.