Cyberoam iView Configuration............................................................................................ 6 System Requirements....................................................................................................................6 Installation Procedure.....................................................................................................................7 Access Web Admin Console........................................................................................................19
Device Integration............................................................................................................... 20 Integration with Cyberoam Appliance...........................................................................................20 Integration with FortiGate Appliance............................................................................................23 Integration with Squid...................................................................................................................24 Integration with 24Online Appliance.............................................................................................25 Integration with SonicWALL Appliance........................................................................................26
Device Detection ................................................................................................................. 29 Device Detection in Cyberoam iView...........................................................................................29
Material in this manual is presented in text and screen display notation.
Item Convention Example Cyberoam iView Server Machine where Cyberoam iView is installed User The Super Administrator Part titles Bold and shaded font typefaces Repor t Topic titles Shaded font typefaces I nt r oduc t i on Subtitles Bold & Black typefaces Not at i on c onvent i ons Navigation link Normal typeface System Configuration User it means, to open the required page click on System then on Configuration and finally click User
Notes & Recommendati ons Bold typeface between the black borders Note
Cyberoam iView Installation Guide
Pr ef ac e
Welcome to Cyberoam iView Installation Guide.
Cyberoam iView Open Source Logging and Reporting Solution Cyberoam iView is an open source logging and reporting solution that provides organizations with visibility into their networks across multiple devices for high levels of security, data confidentiality while meeting the requirements of regulatory compliance.
Enabling centralized reporting from multiple devices across geographical locations, Cyberoam iView offers a single view of the entire network activity. This allows organizations not just to view information across hundreds of users, applications and protocols; it also helps them correlate the information, giving them a comprehensive view of network activity.
Cyberoam iView Installation Guide
Gui de Or gani zat i on
This guide describes how to install Cyberoam- iView in your network to collect logs and generate meaningful reports for added network devices. This guide is organized in three parts.
Part 1- Cyberoam iView Configuration This section provides hardware requirements information and installation procedure: System Requirements Installation Procedure Access Web Admin Console Part 2- Device Integration This section covers integration of Cyberoam iView with following products: Integration with Cyberoam Integration with FortiGate Integration with Squid Integration with 24 Online Integration with SonicWALL Part 3- Device Detection This section describes how Cyberoam iView is to be configured so that it can receive logs from the added devices. Device Detection in Cyberoam iView
Cyberoam iView Installation Guide
Cyber oam i Vi ew Conf i gur at i on P A R T Syst em Requi r ement s The hardware requirement for installing Cyberoam iView and its repository is dependent on how much data is required to be retained in the form of archives. Following table outlines the important hardware components and their recommended configuration.
Component Recommendation Processor Pentium IV with 2GHz RAM 2GB (Minimum) Hard Disk Drive SATA or SCSI hard disk with minimum 30GB disk space Windows platform Windows 2000 Windows XP Windows 2003 Windows Vista Windows 7 Browser Microsoft Internet Explorer 6.0+ Mozilla Firefox 2.0+ Google Chrome
Best view - Mozilla Firefox 2.0+
Recommendations Desktop Antivirus / Firewall should bypass following applications running on iView server: Garner.exe, Tomcat.exe, Postgres.exe
Configure your firewall (if any) to allow UDP traffic on port 514.
Cyberoam iView Installation Guide
I nst al l at i on Pr oc edur e
Note Make sure no services are running on port 8000 and 514. Installation will be cancelled if these ports are not free.
Select one of the following installer as per your requirement: Cyberoam iView Installation with PostgreSQL Cyberoam iView Installation without PostgreSQL Cyberoam iView Installation
1. Download Cyberoam iView
If you have already installed PostgreSQL - Click http://sourceforge.net/projects/cyberoam-iview/
If you have not installed PostgreSQL - Click http://sourceforge.net/projects/cyberoam-iview/files/
2. Download Postgres If you have already installed PostgreSQL, skip this step.
Double click the downloaded Exe in step 1 to start the installation. Click Yes to visit http://www.postgresql.org/ and download Postgres 8.4.
Screen Setup
Cyberoam iView Installation Guide
3. Start Installation Double click Exe downloaded in Step 1 to start the installation wizard. It opens the welcome screen.
Screen Setup Wizard
Cyberoam iView Installation Guide
4. License Agreement Click Next. It opens License Agreement screen. Select I accept the agreement to accept the license agreement and click Next to proceed further with installation. In case you do not want to continue with the Installation, select I do not accept the agreement.
Screen License Agreement
Cyberoam iView Installation Guide
5. Specify installation folder Click Next to install at default location or click Browse to select a folder to change the location and then click Next.
Screen Cyberoam iView Destination Location
Cyberoam iView Installation Guide
6. Specify Cyberoam iView Login Information Specify Cyberoam iView administrative password and email address and then click Next.
Screen Cyberoam iView Login Information
Note Administrative password should contain minimum six characters.
If PostgreSQL database v 8.4 is already installed, Cyberoam iView will use the existing database else will automatically install PostgreSQL v 8.4. If you are already using PostgreSQL database, verify that: User with the name postgres exists in the PostgreSQL database else create user in PostgreSQL. Port 5432 is not configured for any other server as Cyberoam iView will be communicating with PostgreSQL on 5432 port.
Skip this step if you already have installed PostgreSQL.
Click Next to install PostgreSQL database at default location or click Browse to select a folder to change the location and then click Next.
Screen PostgreSQL Directory
Cyberoam iView Installation Guide
8. Specify folder to store the logs Click Next to store archive logs at default location or click Browse to select the folder to change the location.
Screen Log Directory
Note It is recommended to have minimum 30 GB free space to store Logs. Performance might get affected if minimum free space is not available.
Cyberoam iView does not support white spaces (blank) in the logs directory path. Please specify log directory path without white spaces.
If the selected disk does not have 30GB free space, following warning message will be displayed. Click OK to proceed with installation.
Screen Warning Message
Cyberoam iView Installation Guide
9. Specify J ava J DK Directory Skip this step if you are installing using Exe (with PostgreSQL) Click Browse to select J ava J DK directory location and then click Next.
Screen Java JDK Directory
Cyberoam iView Installation Guide
10. Specify start menu folder Click Next to create the programs shortcut at the default location or click Browse to select the folder to change the location.
Screen Start Menu Folder
11. Click Install to install Cyberoam iView components at mentioned locations or click Back to change location of any of Cyberoam iView component.
Screen Installation
Cyberoam iView Installation Guide
The installation program begins to copy and extract Cyberoam iView components - Microsoft Visual C++2005 Redistributable, PostgreSQL 8.4 components.
Screen Installation Process
Screen Microsoft Visual C++ 2005 Redistributable
Cyberoam iView Installation Guide
Screen PostgreSQL 8.4
Screen Finalizing Installation
Cyberoam iView Installation Guide
Once the installation is completed successfully, below given screen will be displayed.
Screen Completing Cyberoam iView Setup Wizard
Screen Completing Cyberoam iView Setup Wizard
Cyberoam iView Installation Guide
Ac c ess Web Admi n Consol e Browse to http://<IP address of the machine on which Cyberoam iView is installed i.e. local machine>:8000 and log on using default username admin and password specified at the time of installation.
ScreenCyberoam- iView Web Console
Cyberoam iView Installation Guide
Devi c e I nt egr at i on P A R T I nt egr at i on w i t h Cyber oam Appl i anc e
Note Make sure that UDP traffic on port 514 is allowed by your Firewall. Cyberoam WAN interface should be configured static IP address only.
Follow the steps given below to configure Cyberoam appliance to send logs to Cyberoam iView:
1. Add Syslog Server Log on to Cyberoam Web admin console with default username and password (if not changed) and go to System Logging Manage Syslog
Screen Manage Syslog in Cyberoam
Click Syslog Configuration Name to change the existing configuration or click Create to add a new syslog server with the following values:
Parameter Value Name Cyberoam_iView IP address IP address of Cyberoam iView Port 514 Facility Daemon Severity Level Debug Format CyberoamStandardFormat Table Add Syslog Server Screen Elements
Cyberoam iView Installation Guide
Screen Add Syslog Server in Cyberoam
2. Enable logging on Syslog Server Go to System Logging Logs Configuration and enable newly added syslog server to receive logs
Screen Enable Syslog Server in Cyberoam
Cyberoam iView Installation Guide
3. Enable Firewall Logging Go to Firewall Manage Firewall and click against the default firewall rule to edit the rule Under the Log Traffic section, enable Log Traffic.
Screen Enable Firewall Logging in Cyberoam
Cyberoam iView Installation Guide
I nt egr at i on w i t h For t i Gat e Appl i anc e
Note Make sure that UDP traffic on port 514 is allowed by your Firewall. FortiGate WAN interface should be configured static IP address only.
Follow the steps given below to configure FortiGate appliance to send logs to Cyberoam iView:
1. Add Syslog Server Log on to web based manager administrative interface and click Log and Reports menu. Under Log Setting section of Log Config sub menu, configure syslog server using following values:
Parameter Value Remote Logging and Archiving Click checkbox to enable remote logging and archiving Syslog Click checkbox to enable log sending to configured syslog server IP/FQDN IP Address of Cyberoam iView Port 514 Minimum Log Level Debug Facility Local7 Table Add Syslog Server Screen Elements
Screen Configure Syslog in FortiGate
Note Syslog Configuration may change as per your FortiGate version installed.
Cyberoam iView Installation Guide
I nt egr at i on w i t h Squi d
Follow the steps given below to configure Squid to send logs to Cyberoam iView.
1. Update syslog-ng.conf with the below given text:
/etc/syslog-ng/syslog-ng.conf
#The filter removes all entries that come from the # program 'squid' from the syslog filter f_remove { program("squid"); };
#Everything that should be in the 'user' facility filter f_user {facility(local4); };
#The log destination should be the '/var/log/user.log' file destination df_user {file("/var/log/user.log"); };
#The log destination should be sent via UDP destination logserver {udp("<ip address of Cyberoam iView>"); };
#The actual logging directive log {
source(src); #Apply the 'f_user' filter filter(f_user);
#Apply the 'f_remove' filter to remove all squid entries filter(f_remove);
#Send whatever is left in the user facility log file to # to the 'user.log' file destination(df_user);
#Send it to the logserver destination(logserver); };
Note Cyberoam iView supports logging and reporting for 24Online version 8.4 onwards. Enable Web Logging module of 24Online to send logs to Cyberoam iView.
Follow the steps given below to configure 24Online appliance to send logs to Cyberoam iView.
1. Enable Web Surfing Logger Service Log on to 24 Online Management GUI and go to Web Surfing Logger Manage Logger Configure Web Surfing logger using following values:
Parameter Value Redirect Logs to Click External Server Checkbox External Server IP Address IP address of Cyberoam iView External Server Port 514 Client Device ID 24Online Table Web Surfing Logger Screen Elements
Scr een Manage Web Surfing Logger
Cyberoam iView Installation Guide
I nt egr at i on w i t h Soni c WALL Appl i anc e
Note Make sure that UDP traffic on port 514 is allowed by your Firewall. SonicWALL WAN interface should be configured static IP address only.
Follow the steps given below to configure SonicWALL appliance to send logs to Cyberoam iView:
1. Add Syslog Server Log on to SonicWALL security appliance management interface and go to Log Syslog.
Screen Syslog in SonicWALL Click to change the existing configuration or click Add to add a new syslog server with the following values:
Parameter Value Name or IP Address IP address of Cyberoam iView Port 514 Table Add Syslog Screen Elements
Screen Add Syslog
Note Syslog Configuration may change as per your SonicWALL version installed.
Cyberoam iView Installation Guide
2. Select Categories Go to Log Categories and enable log categories in Syslog column to send logs to Cyberoam iView. Cyberoam iView will display reports for following log categories: Attacks Blocked Web Sites Denied LAN IP Dropped ICMP Dropped TCP Dropped UDP Firewall Event Firewall Logging Intrusion Prevention Network Access Network Traffic Security Services
Cyberoam iView Installation Guide
Screen Enable Log Categories
Cyberoam iView Installation Guide
Devi c e Det ec t i on P A R T Devi c e Det ec t i on i n Cyber oam i Vi ew
1. Browse to http://<IP address of the Cyberoam iView server i.e. local machine>:8000 and log on using username admin and password specified at the time of Cyberoam iView installation. 2. Cyberoam iView automatically detects the added devices and prompts super admin at the time of login.
Screen Detecting New Device in Cyberoam iView
3. Specify device name and device type from the drop down and activate the device by clicking Active then click Save. 4. Go to System Configuration Device to view list of added devices.
Screen List of Devices
Now Cyberoam iView will receive all the traffic logs from the newly added devices to generate reports.
Cyberoam iView Installation Guide
Cyberoam iView Documentation Copyright 2009 Elitecore Technologies Ltd. All rights reserved worldwide. Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Elitecore assumes no responsibility for any errors that may appear in this document. Information is subject to change without notice.
In no event shall Elitecore be liable for any direct, indirect, or incidental damages, including, damage to data arising out of the use or inability to use this manual.
No part of this work may be reproduced or transmitted in any form or by any means except as expressly permitted by Elitecore Technologies Ltd. This does not include those documents and software developed under the terms of the open source General Public License.
Cyberoam iView is the trademark of Elitecore Technologies Ltd.
If you need commercial technical support for this product please visit www.cybreoam-iview.com. You can visit open source Cyberoam iView forums at https://sourceforge.net/projects/cyberoam- iview/support to get support from the project community.
Cyberoam iView License Policy Cyberoam iView is free software, if you are using and/or enhancing / developing open source applications: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
A copy of the GNU General Public License is available along with this program; see the COPYING file for the detailed license.
The interactive user interfaces in modified source and object code versions of this program must display Appropriate Legal Notices, as required under Section 5 of the GNU General Public License version 3.
In accordance with Section 7(b) of the GNU General Public License version 3, these Appropriate Legal Notices must retain the display of the "Cyberoam Elitecore Technologies Initiative" logo.
Cyberoam iView is the trademark of Elitecore Technologies Ltd.