Log Collector Installation - Onboarding "Let's Go"

Log Collector Installation in CyTech - Aquila

This guide provides step-by-step instructions for installing the Elastic Agent as a log collector in the CyTech - Aquila environment. By following these steps, you’ll set up a secure, automated method for gathering and managing system logs, enabling centralized monitoring and analysis essential for cybersecurity operations.

Pre-requisites:

Access to CyTech - Aquila (Only users with "Owner" or "Admin" role are able to access the Log Collector Installation information).

Steps to Add Log Collector

Please follow the steps below to add a Log Collector using Windows Environment.

Go to the Aquila Modules>Cyber Monitoring>Cyber Incident Management (SIEM and XDR).

2. In the Cyber Incident Monitoring(CIM) Dashboard, scroll to the button and click the "Let's Go" button. This will then display the window for Log Collector installation.

3. Once the installation window display is shown, click "Next" to proceed.

4. Carefully review the system requirements for your operating system to ensure compatibility and prevent potential issues during installation or usage. It is important to verify these prerequisites before proceeding. Then click "Next".

You can also refer to our documentation manuals for Log Collector Installations Guidelines: https://docs.cytechint.io/books/log-collector-installations

5. From the options, select the "Automatic" installation option. Then click "Next".

6. Carefully follow the instructions for the Automatic Installation.

6a. Download the Windows Installer.

Click on the "Download Installer" button to download the Windows MSI Package for Elastic Agent.
The URL can also be found on https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.15.1-windows-x86_64.msi

6b. Copy the commands displayed on the installation page and execute it one by one for ~~better~~successful ~~results.~~executions. You will need these commands to complete the installation process for the log collector in the next steps. Please proceed to step 7.

(Note: Click only the "~~Next~~"Next" button after successfully executed the ~~commands)~~commands

7. In your dedicated environment for your Log Collector, open the Command Prompt and run as Administrator.

8. Execute the commands displayed in Figure 6b as shown in the manual.

For example (elastic-agent-<VERSION>-windows-x86_64.msi INSTALLARGS="--url=<URL> --enrollment-token=<TOKEN>").

9. After successful ~~installation,~~executions of the commands, go back to Cytech - Aquila as shown in figure 6b and then click "Next" to proceed.

10. ~~Wait~~Allow 3–5 minutes for ~~about 3-5 minutes, these checks~~ the Log Collector Agent ifto "~~Online~~"complete registration and ifreport ~~installed~~its ~~successfully~~"Online" ~~into~~status ~~our~~to the fleet ~~server.~~server, indicating a successful installation.

11. This ~~verifies~~step ~~successfull~~confirms the successful installation and enrollment of the Log Collector Agent ~~and~~with ~~enrolled in our~~the fleet server. ItThe ~~shows~~interface will display the Log Collector ~~Host~~host ~~Name~~name and the user ~~installer.~~who performed the installation. Click "Continue" to complete the ~~finish~~setup ~~installation.~~process.

12. Also you can verify successful installation by going to Cyber Incident Monitoring>Settings>Log Collector.

In the Log Collector List, you can see all the log collector installed. You can also view the Log Collector details such us: Agent Name, Status and IP address.

***If you encounter Log Collector Setup Failed. Please click "Retry" and carefully go gack to Steps 5 or 6. You can also try "Manual" installation. If issues persist please contact our technical support at support@cytechint.com for prompt assistance and guidance.

If you need further assistance, kindly contact our technical support at support@cytechint.com for prompt assistance and guidance.