Comodo Help
Find the desired product help
Xcitium NxSIEM

Xcitium NxSIEM

Admin Guide 1.4

English

Print Help Download Help
Customer Asset Management > Downloading And Installing The NxSIEM Agent On Endpoints
  • Introduction To Comodo NxSIEM
    • Logging-in To The Administrative Console
  • The Main Interface
  • The Dashboard
  • Customer Asset Management
    • Adding Customers
    • Adding Assets For Monitoring
      • Hard Assets
      • Soft Assets
    • Downloading And Installing The NxSIEM Agent On Endpoints
    • Configuring Nxlog And Rsyslog Servers To Send Logs To NxSIEM Server
    • Editing Customers
  • Log Collection Agents And Policies
    • Collection Agents
      • Downloading NxSIEM Windows And Linux Agents
      • Managing Agents
      • Agentless Log Collection
    • Log Collection Policies
      • Audit Events Policy
      • Flat File Policy
      • Remote Log Collection Policy
      • Syslog Policy
      • Configuring Log Collection Policies
  • Query Management
    • Configuring Event Queries
    • Configuring Custom Dashboards
  • Managing Rules
  • Incidents And Cases
    • Managing Incidents
    • Managing Cases
  • Live Lists
    • Managing Live Lists
    • Managing Live List Content
  • Managing Reports
  • Administration
    • Viewing Log Collection Summaries
    • Managing Users
    • Viewing License And Subscription Details And Configuring NxSIEM Platform URL
  • Appendix 1 – Field Groups And Event Items Description
  • Appendix 2 - Configuring Endpoints To Forward Logs To NxSIEM Server
  • About Comodo Security Solutions

Downloading and Installing the NxSIEM Agent on Endpoints


There are two methods administrators can use to collect logs from endpoints connected to customer networks:
  • Collection Agent – A Log Collection Agent installed on Windows and Linux endpoints forwards the logs to the NxSIEM server
  • Agent less Collection – On target endpoints, administrators use our pre-defined scripts to configure RSYSLOG or NXLOG utilities to send the logs to the NxSIEM server
This section explains the installation of the collection agent on endpoints. The agent setup file for Windows and Linux endpoints can be downloaded from the NxSIEM administrative console. For each network and zone added, NxSIEM generates a unique agent activation key which has to be used for configuring the agent to connect to the server. Refer to the explanation of getting the activation key for a network or zone in the previous section, Hard Assets , for more details.


The next sections in this guide cover:

  • Downloading the Agent Setup file
  • Installation on Windows Endpoints
  • Installation on Linux Endpoints

Downloading the Setup Files


The agent setup files for Windows and Linux can be downloaded from the 'Agent Download' tab:




     

     

The 'Agent Download' page contains installation instructions and download links for Windows and Linux agents:

  • Click the 'windows-agent-setup.jar' or 'linux-agent-setup.gz' button to download the respective agent.
  • Transfer the setup files to required endpoints for installation.

Installation on Windows Endpoints


Prerequisites for a Windows agent installation:

  • Software: Java 1.7 or higher preferably downloaded from Sun website.

 

Tip: Ensure that the network to which the endpoint is connected is added to NxSIEM for the customer. Keep the Unique Agent Activation Key of the customer/network handy to authorize the agent to connect to NxSIEM server. Refer to the explanation of getting the activation key for a network or zone in the previous section Hard Assets for more details.


To install the Agent and enroll the endpoint

  • Navigate to the location where the 'Windows-agent-setup' file is saved at the endpoint and double click on it.



  • Click 'Yes' to continue the agent installation



  • By default the collection agent is installed at C:/Program Files/MSSP Agent. If you want to install the agent in a location other than the default, click 'Browse' to choose a different location.
  • Click 'Next'




  • Activation Key – Copy and paste the activation key that was generated for the customer network or zone for which you want to enroll the endpoint.
  • Zookeeper Server Address - Enter the Zookeeper server address, including the port number.
  • Kafka Server Address - Enter the Kafka server address, including the port number.
     
  • Click 'Next'
     

The installation progress will be displayed...




….and on completion, the success dialog will be displayed.



Now that the agent is installed, the next step is to add the host names of Zookeeper and Kafka servers.

  • Open C:WindowsSystem32driversetchosts file and add IP-Hostname pairs of Zookeeper and Kafka servers.
  • Save the hosts file.

The agent will establish connection with NxSIEM server and the endpoint will be listed for the customer under the respective network/zone.




To check whether the agent is running, click the 'Menu' button, navigate to 'Management' > 'Collection Agents' > 'Agent Management' tab.




The green tick mark under the 'Status' column indicates the agent is running and connected to MSSP.


If an agent is not running on an endpoint end for any reason, you can start it by navigating to the 'MSSPAgent' folder, right-clicking on the 'agent-start' file and selecting 'Run as administrator' from the context sensitive menu.


Installation on Linux Endpoints


Prerequisites for a Linux agent installation:

  • Software: Java TM 1.7 or higher preferably downloaded from Sun website.


Tip: Ensure that the network to which the endpoint is connected is added to NxSIEM for the customer. Keep the Unique Agent Activation Key of the customer/network handy to authorize the agent to connect to NxSIEM server. Refer to the explanation of getting the activation key for a network or zone in the previous section Hard Assets for more details.


To install the Agent and enroll the endpoint

  • Navigate to the location on the endpoint where you saved 'linux-agent-setup.tar.gz' and extract it.
  • Open /etc/hosts  file, add the IP-Hostname pairs of Zookeeper and Kafka servers and save it.
     
  • Run the installation file with the following command.
     

/install.sh - <IP address of Kafka server:port number> -<IP address of Zookeeper server:port number> -<Activation key for the customer/network>

The log collection agent will be installed at /opt/comodo/mssp/mssp-log-agent directory.

  • Start the agent manually by running the command start-agent.sh under /opt/comodo/mssp/mssp-log-agent /bin directory

The agent will establish a connection to the NxSIEM server and the endpoint will be listed for the customer under the respective network/zone.

  • To stop the agent, run the command stop-agent.sh under /opt/comodo/mssp/mssp-log-agent /bin directory

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.