Before Installing Foglight
Installing Foglight
Preparing to install
Installing a new version of the Management Server
Running the Management Server
Installing the Management Server - Standard Install option
Installed directories
Foglight settings
Step 1: Introduction
Step 2: Transaction Product Agreement
Step 3: Select installation type
Step 4: Installing Foglight
Step 5: Foglight ports configuration
Step 6: Foglight server startup
Step 7: Install complete
Installing the Management Server - Custom Install option
Step 1: Introduction
Step 2: Transaction Product Agreement
Step 3: Select installation type
Step 4: Choose installation folder
Step 5: Choose link location
Step 6: Pre-installation summary
Step 7: Installing Foglight
Step 8: Foglight administrator password
Step 9: Foglight mode
Step 10: FIPS Compliance mode
Step 11: Foglight repository database type
Step 12: Foglight ports configuration
Step 13: Add Foglight license file
Step 14: Add Foglight to system service
Step 15: Foglight server startup
Step 16: Install complete
Foglight Server Startup page
Configuration about SQL Server Failover
Next steps
Embedded Agent Manager
Editing the server.config file
Importing self-signed certificates to Foglight TrustStore
Setting up an encrypted LDAP connection with SSL
Using encryption when sending email from Foglight
Setting parameters for an embedded database
Uninstalling Foglight
Upgrading the Management Server
Specifying whether an embedded database is used
Configuring the database start up and shut down grace periods
Understanding the Password and Socket settings
Configuring ports
Setting memory parameters for the server
Adding command-line options
Binding the Management Server to an IP address
Configuring Foglight to use stronger encryption
Configuring Foglight to use the HTTPS port
Setting the length of Foglight sessions
Configuring anti-virus exclusion settings
Initializing the database
Starting and stopping the Management Server
Logging in to Foglight
Running the Management Server FAQ
Installing and Upgrading Cartridges
Installing Agents
Appendix: Switching from an Embedded to an External Database
Importing a network security certificate
<foglight_home>/jre/bin/keytool
There are two keystores that Foglight uses:
|
• |
The built-in Tomcat™ keystore located at: <foglight_home>/config/tomcat.keystore (default password: nitrogen) |
<foglight_home>/config/tomcat_fips.keystore(For FIPS compliance mode, default password: nitrogen)
|
• |
The Management Server keystore located at: <foglight_home>/jre/lib/security/cacerts (default password: changeit) |
|
1 |
Back up the existing tomcat key using the following command: |
|
2 |
<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete
|
3 |
Create a new key under the tomcat alias using the following command: |
<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -genkeypair -alias tomcat -validity <number of days> -keyalg RSA -keysize 2048 -dname "CN=<your_fmsserver_dns_name>, OU=<your_organizational unit_name>, O=<your_organization_name>, L=<your_city_name>, ST=<your_state_name>, C=<your_two-letter_country_code>" -ext SAN=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip>
<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -certreq -ext san=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip> -file <your_request_file.csr>
|
5 |
Once you have the certificate signed, import it back to the tomcat.keystore using the following command: |
<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -trustcacerts -import -file <your_converted_cerificate>
When importing a certificate for Foglight in FIPS-compliant mode, continue with the following steps:
|
7 |
Covert tomcat.keystore from JKS format to FIPS-verified BCFKS format using the following command: |
<foglight_home>/jre/bin/keytool -importkeystore -srckeystore tomcat.keystore -destkeystore tomcat_fips.keystore -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath <foglight_home>/server/core/bc-fips.jar
You will get a prompted message similar to the following:... is not trusted. Install reply anyway? [no]:
Type yes to install the new certificate.
Importing a PKCS #12 (pfx) format certificate
|
NOTE: This certificate must be provided in the PKCS #12 (pfx) format. If the certificate and private key are saved in separate files, run the following command to merge them to the PKCS12 format: openssl pkcs12 -export -in <certfile> -inkey <keyfile> -out <keystorefile> -name tomcat -CAfile <cacertfile> -caname root |
|
1 |
Delete the existing tomcat certificate from the tomcat.keystore directory using the following command: |
Setting the length of Foglight sessions
You can configure the length of inactive Foglight browser interface sessions by changing the value of the parameter server.console.session.timeout. This parameter controls the length of time that Foglight waits before automatically logging you out of an idle browser interface session.
|
1 |
Stop the Management Server. Open the file <foglight_home>/config/server.config on the Management Server machine. Set the parameter server.console.session.timeout to the desired value in minutes. |
The default value is 60 minutes. If you set the value to less than or equal to 0, or greater than 30000000, Foglight never logs you out of the browser interface, regardless of how long the session has been inactive.
|
2 |
Configuring anti-virus exclusion settings
|
• |
<Foglight Base Folder>/bin/fms |
|
• |
<Foglight Base Folder>/bin/fmsha |
|
• |
<Foglight Base Folder>/bin/qcn_runner |
|
• |
<Foglight Base Folder>/bin/qp5app |
|
• |
<Foglight Base Folder>/bin/remotemonitor |
|
• |
<Foglight Base Folder>/postgresql/bin/postgres |
|
• |
<Foglight Base Folder>/postgresql/bin/pg_ctl |
|
• |
<Foglight Base Folder>/postgresql/bin/initdb |
|
• |
<Foglight Base Folder>/postgresql/bin/createdb |