Plugins Management
Topics
Plugin Management
Energylogserver SIEM uses a comprehensive plugin architecture to provide extensible functionality. Plugins are categorized into GUI plugins for the ELS Console and Data Node plugins for the core engine.
GUI
Base installation of the Energylogserver SIEM contains the Agents, Alerts, Archive, Automation, CMDB, Index Management, Intelligence, Network Probe, Reports, SQL plugins - These add-ons can be disabled or enabled via the configuration file without having to install or uninstall. You can extend the basic GUI functionality by installing custom plugins.
After installation, each node must be restarted before the plugin becomes visible.
The Logserver GUI provides three categories of plugins:
Licenced Plugins - Energylogserver SIEM
Core Plugins - it is plugins that are part of the core project.
Community-contributed - it is plugins that are external to the core project
Enabling/Disabling Plugins
Managing the Agents Plugin:
Disable:
Add
agents.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
agents.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the Alerts Plugin:
Disable:
Change
alerts.enabled: truetoalerts.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Change
alerts.enabled: falsetoalerts.enabled: truein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the Archive Plugin:
Disable:
Add
archive.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
archive.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the Automation Plugin:
Disable:
Change
automation.enabled: truetoautomation.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Change
automation.enabled: falsetoautomation.enabled: truein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the CMDB Plugin:
Disable:
Add
cmdb.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
cmdb.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the Console Plugin:
Disable:
Change
console.enabled: truetoconsole.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Change
console.enabled: falsetoconsole.enabled: truein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the Index Management Plugin:
Disable:
Add
index_management.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
index_management.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the Intelligence Plugin:
Disable:
Add
intelligence.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
intelligence.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the Network Probe Plugin:
Disable:
Add
network-probe.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
network-probe.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the Reports Plugin:
Disable:
Add
reports.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
reports.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the vis_type_timeline Plugin:
Disable:
Change
vis_type_timeline.enabled: truetovis_type_timeline.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Change
vis_type_timeline.enabled: falsetovis_type_timeline.enabled: truein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the XLSX Import Plugin:
Disable:
Add
xlsx_import.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
xlsx_import.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Managing the SQL Plugin:
Disable:
Add
sql.enabled: falseto the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
sql.enabled: falsein the file/etc/logserver-gui/logserver-gui.yml.Run the command systemctl restart.
Installing Plugins
Additional GUI plugins can be installed as follows:
cd /usr/share/logserver-gui/
bin/logserver-gui-plugin install [plugin_name]
Examples:
Plugins from a custom link or filesystem can be installed as follows:
bin/logserver-gui-plugin install file:///path/to/plugin.zip
bin/logserver-gui-plugin install file:///C:/path/to/plugin.zip
bin/logserver-gui-plugin install http://some.domain/path/to/plugin.zip
Listing plugins
Listing currently loaded plugins:
bin/logserver-gui-plugin list
Removing plugins
bin/logserver-gui-plugin remove [pluginname]
Updating plugins
bin/logserver-gui-plugin remove [pluginname]
bin/logserver-gui-plugin install [pluginname]
Data Node
Base installation of the Energylogserver SIEM contains the logserver_auth, join, logserver_quard plugin - These add-ons can be disabled or enabled via the configuration file without having to install or uninstall. You can extend the basic Data Node functionality by installing custom plugins.
Plugins contain JAR files, but may also contain scripts and config files, and must be installed on every node in the cluster.
After installation, each node must be restarted before the plugin becomes visible.
The Data Node provides three categories of plugins:
Licenced Plugins - Energylogserver SIEM
Core Plugins - it is plugins that are part of the core project.
Community-contributed - it is plugins that are external to the core project
Enabling/Disabling Plugins
Managing the logserver_auth Plugin:
Disable:
Add
plugins.logserver_auth.enabled: falseto the file/etc/logserver/logserver.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
plugins.logserver_auth.enabled: falsein the file/etc/logserver/logserver.yml.Run the command systemctl restart.
Managing the logserver_guard Plugin:
Disable:
Add
logserverguard.ssl.transport.enabled: falseto the file/etc/logserver/logserver.yml.Add
logserverguard.ssl.http.enabled: falseto the file/etc/logserver/logserver.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
logserverguard.ssl.transport.enabled: falsein the file/etc/logserver/logserver.yml.Remove or comment out the line
logserverguard.ssl.http.enabled: falsein the file/etc/logserver/logserver.yml.Run the command systemctl restart .
Managing the sql Plugin:
Disable:
Add
plugins.sql.enabled: falseto the file/etc/logserver/logserver.yml.Run the command systemctl restart.
Enable:
Remove or comment out the line
plugins.sql.enabled: falsein the file/etc/logserver/logserver.yml.Run the command systemctl restart.
Installing Plugins
Additional Data Node plugins can be installed as follows:
cd /usr/share/logserver/
bin/logserver-plugin install [plugin_name]
Examples:
Plugins from a custom link or filesystem can be installed as follows:
bin/logserver-plugin install file:///path/to/plugin.zip
bin/logserver-plugin install file:///C:/path/to/plugin.zip
bin/logserver-plugin install <http://some.domain/path/to/plugin.zip>
Listing plugins
Listing currently loaded plugins:
bin/logserver-plugin list
Removing plugins
bin/logserver-plugin remove [pluginname]
Updating plugins
bin/logserver-plugin remove [pluginname]
bin/logserver-plugin install [pluginname]