Log Collector Installation - Onboarding "Let's Go"

Log Collector Installation in CyTech - Aquila

This guide outlines the step-by-step process for deploying the Elastic Agent as a log collector within the CyTech - Aquila environment. Following these instructions will establish a secure and automated mechanism for log collection and management, enabling centralized visibility and analysis critical to cybersecurity operations.

Pre-requisites:

Access to CyTech - Aquila (Only users with "Owner" or "Admin" role are able to access the Log Collector Installation information).

Steps to Add Log Collector

Please follow the steps below to add a Log Collector using Windows Environment.

Go to the Aquila Modules>Cyber Monitoring>Cyber Incident Management (SIEM and XDR).

2. In the Cyber Incident Monitoring (CIM) Dashboard, scroll to the bottom and click the "Let’s Go" button to initiate the Log Collector installation interface.

3. Once the installation window display is shown, click "Next" to proceed.

4. Thoroughly review the System Requirements specific to your operating system to ensure compatibility and avoid installation or runtime issues. Verifying these prerequisites is essential before proceeding with deployment. Then click "Next".

You can also refer to our documentation manuals for Log Collector Installations Guidelines: https://docs.cytechint.io/books/log-collector-installations

5. From the options, select the "Automatic" installation option. Then click "Next".

6. Carefully follow the instructions for the Automatic Installation.

6a. Download the Windows Installer.

Click on the "Download Installer" button to download the Windows MSI Package for Elastic Agent.
The URL can also be found on https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.15.1-windows-x86_64.msi

6b. Copy the commands provided on the installation page and execute them sequentially to ensure successful execution. These commands are required to complete the log collector installation in the subsequent steps. Proceed to Step 7 to continue.

Note: Click only the "Next" button after successfully executed the commands

7. In your dedicated environment for your Log Collector, open the Command Prompt and run as Administrator.

8. Execute the commands displayed in Figure 6b as shown in the manual.

For example (elastic-agent-<VERSION>-windows-x86_64.msi INSTALLARGS="--url=<URL> --enrollment-token=<TOKEN>").

9. After successful executions of the commands, go back to Cytech - Aquila as shown in figure 6b and then click "Next" to proceed.

10. Allow 3–5 minutes for the Log Collector Agent to complete registration and report its "Online" status to the fleet server, indicating a successful installation.

11. This step confirms the successful installation and enrollment of the Log Collector Agent with the fleet server. The interface will display the Log Collector host name and the user who performed the installation. Click "Continue" to complete the setup process.

12. Also you can verify successful installation by going to Cyber Incident Monitoring>Settings>Log Collector.

In the Log Collector List, you can see all the log collector installed. You can also view the Log Collector details such us: Agent Name, Status and IP address.

***If you encounter Log Collector Setup Failed. Please click "Retry" and carefully go gack to Steps 5 or 6. You can also try "Manual" installation. If issues persist please contact our technical support at support@cytechint.com for prompt assistance and guidance.

If you need further assistance, kindly contact our technical support at support@cytechint.com for prompt assistance and guidance.