- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: CP CME script add more than one log server
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CP CME script add more than one log server
Hi
How to add more than one log server CP cme autoprovision script?
In MDS we have multiple scale sets running cloudguards but we have to manually add/adjust primary log servers and backup log server on the gateway gui object in Smartconsole.
autoprov_cfg have the option "-sl" to specify the log server host
Can we add more than one host to the autoprov_cfg option "-sl" like
autoprov_cfg add template -tn tnPRODENV -sl hosts1 host2 host3
and how to automate backup log server feature. Does that exist?
Thanks
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Example 1 not working
[Expert@labman01:0]# autoprov_cfg set template -tn tnPRODENV -sl host1 host2
usage: autoprov_cfg [-h] [-f] [-v] {show,init,add,set,delete} ...
autoprov_cfg: error: unrecognized arguments: host2
Example 2 - not working
[Expert@labman01:0]# autoprov_cfg set template -tn tnPRODENV -sl host1 -sl host2
would you like to restart the service now? (y/n) y
Stopping cme: . [ OK ]
Starting cme: [ OK ]
[Expert@labman01:0]# autoprov_cfg show templates
tnPRODENV:
anti-bot: true
anti-virus: true
application-control: true
aws-automatic-policy: true
generation: "1"
identity-awareness: true
ips: true
one-time-password: "__protected__autoprovision/74656D706C61746573/746E534541545354/one-time-password"
policy: Test-Policy
send-logs-to-server: host2
version: "R81.10"
[Expert@labman01:0]#
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Try -sl host1,host2 .
Example 1 didn't work because it expects to get the objects as a list.
Example 2 didn't work because you defined host1 and then defined host2. It has overwritten host1.
This is a new feature and behavior for adding backup log server will be much better soon.
I believe that as of now you can only add backup by adding it to the command and use it as one command. I think that in a few weeks, improvement will allow you to add it with a separate command.
For now, use like this: autoprov_cfg.... -sl host1, host2 -sbl backuphost1, backuphost2
In the future -sbl will run verifications behind the scenes and if a primary log server is defined in autoprov_cfg you will be able to add it via a separate command.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much for quick reply.
[Expert@dklabcpman01:0]# autoprov_cfg set template -tn "tnPRODENV" -sl host1,host2
would you like to restart the service now? (y/n) y
Result after running autoprov_cfg show templates
templates:
tnPRODENV:
anti-bot: true
anti-virus: true
application-control: true
aws-automatic-policy: true
generation: "1"
identity-awareness: true
ips: true
one-time-password: "__protected__autoprovision/74656D706C61746573/746E534541545354/one-time-password"
policy: Test-Policy
send-logs-to-server: "host1,host2"
url-filtering: true
version: "R81.10"
[Expert@labman01:0]#
that would work for me when using the primary log server objects.
Is it correct understood the autoprov_cfg option "-sbl" doesn't work because it is not yet implemented in the CME latest update take 243?
Thanks
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Kim_Moberg ,
As for today CME support only single primary log server and alert server.
If CME Log Server configuration applied as part of provisioning cycle CME has to perform "Install database" action on Log Server machine. In current CME version install database can be done by using custom management script.
You can find description on how to apply custom management script in the CME admin guide
We understand the complexity of the current solution and in a few weeks releasing CME with multiple Primary, Backup, Alert log servers support and without any need in running custom management script.
I would like to propose you to get the new CME with the extended log servers configurations as one of the firsts. If you are interested please contact me in private message.
Thanks,
Roman
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for updating me on this.. I have discussed it internally because we have a responsibility of stability in our environment we have decided to wait for the take to become GA before upgrading our existing installation in a custom installation to be able to add multiple Primary, Backup, Alert log servers support and without any need in running custom management script.
I will keep an eye out for sk157492 - CME (Cloud Management Extension) for CloudGuard - Latest Updates
Will you be adding text to the release notes about now the feature your have described like you have added the new feature of adding multiple Primary, Backup, Alert log servers support?
Thanks
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Kim_Moberg
Yes, sure there will bea note in the sk157492