Skip to content

Manual installation of TeskaLabs LogMan.io Collector for WEC

1. Install Kerberos client

For Linux Ubuntu, use: 

$ sudo apt install krb5-user

Tip

Linux Ubuntu (Server) can be installed on the small virtual machine. See the specifications for Virtual Machine for more details.

For Alpine Linux, use:

$ sudo apk add krb5

2. Configure Kerberos

Edit the Kerberos configuration file on TeskaLabs LogMan.io Collector. Kerberos configuration file is usually located at /etc/krb5.conf.

Edit the section [domain_realm]: 

[domain_realms]
.domain.int = DOMAIN.int
domain.int = DOMAIN.int

Edit the section [realms]: 

[realms]
DOMAIN.INT = {
  kdc = domain.int
  admin_server = domain.int
}

3. Install keytab files

Use ktutil to merge the two keytab files generated from ktpass commands on TeskaLabs LogMan.io Collector.

$ ktutil 
ktutil:  rkt /tmp/host-lmio-collector.keytab 
ktutil:  rkt /tmp/http-lmio-collector.keytab
ktutil:  wkt /etc/krb5.keytab
ktutil:  q

4. Validate the merged keytab

$ klist -e -k -t /etc/krb5.keytab

Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   3 08/04/22 15:06:24 host/lmio-collector.domain.int@DOMAIN.INT (aes256-cts-hmac-sha1-96) 
   4 08/04/22 15:06:24 http/lmio-collector.domain.int@DOMAIN.INT (aes256-cts-hmac-sha1-96)

5. Initial login to Active Directory Kerberos

Authenticate with Active Directory.

Run the following command on the TeskaLabs LogMan.io Collector.

$ kinit -kt /etc/krb5.keytab http/lmio-collector.domain.int@DOMAIN.INT

6. Verify the ticket

Verify the ticket was obtained by running klist as the same user from the previous step

$ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: http/lmio-collector.domain.int@DOMAIN.INT

Valid starting     Expires            Service principal
08/04/22 15:09:29  08/05/22 01:09:29  krbtgt/domain.int@DOMAIN.INT
renew until 08/05/22 15:09:29

7. Review a WEC Collector configuration

This is the TeskaLabs LogMan.io WEC Collector configuration for a Kerberos authentication:

input:WEC:WECInput:
  output: ...

TeskaLabs LogMan.io WEC collector listens on HTTP server on a default port tcp/5985. To specify a different listen port, please state i.e. listen: 1234 in the input section.

8. We are done