User Tools

Site Tools


main

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
main [2017/11/08 00:45]
bryanheinz [test]
main [2018/11/13 21:27] (current)
bryanheinz [Sign Meraki SCEP CA Cert]
Line 1: Line 1:
 # main # main
 +This wiki serves as my quick and dirty documentation and fixes. There'​s very little explanation. Mostly its just steps to perform with references if more context is needed.
  
   * [[apple|Apple]]   * [[apple|Apple]]
Line 410: Line 411:
 References: References:
   * [[https://​www.forensit.com/​downloads.html|ForensiT]]   * [[https://​www.forensit.com/​downloads.html|ForensiT]]
 +
 +## Expanding Graylog Storage ##
 +These steps were used to add storage for Graylog Server ''​Graylog 2.4.5+8e18e6a''​ and ''​Debian 9.4''​.
 +
 +WARNING: Do not use a NAS. If the NAS goes offline when Graylog isn't expecting it to (crashes or even soft-reboots) it can mess up Graylog.
 +
 +  - Add storage to the VM in ESXi
 +  - Reboot VM
 +  - Install parted: ''​sudo apt-get update && apt-get install -y parted''​
 +  - Find the raw disk: ''​sudo parted -l | grep Error''​ (Error: /dev/sda: unrecognised disk label)
 +  - Set the partition scheme: ''​sudo parted /dev/DISK mklabel gpt''​
 +  - Create the partition: ''​sudo parted -a opt /dev/DISK mkpart primary ext4 0% 100%''​
 +  - Verify the partition creation: ''​lsblk''​
 +  - Create the partition filesystem: ''​sudo mkfs.ext4 -L PARTNAME /​dev/​PARTITION''​ (if the disk was sdb, this should be sdb1)
 +  - Verify the filesystem creation: ''​lsblk --fs''​
 +  - Make a mount point: ''​mkdir /​mnt/​newStorage''​
 +  - Mount the new storage: ''​mount -o defaults /​dev/​PARTITION /​mnt/​newStroage''​
 +  - Create a safe space to copy the log indexes ''​mkdir /​mnt/​newStorage/​nodes''​
 +  - Run an initial rsync ''​rsync -av /​var/​lib/​elasticsearch/​nodes/​ /​mnt/​newStorage/​nodes''​
 +  - Stop Graylog: ''​systemctl stop graylog-server.service''​
 +  - Stop Elasticsearch:​ ''​systemctl stop elasticsearch.service''​
 +  - Run rsync again to mirror the existing indexes: ''​rsync -av --delete-during /​var/​lib/​elasticsearch/​nodes/​ /​mnt/​logs/​nodes''​
 +  - Verify that there are no differences between the folders: ''​sudo diff -qr --suppress-common-lines /​var/​lib/​elasticsearch/​nodes/​ /​mnt/​logs/​nodes''​
 +  - Move old data ''​mv /​var/​lib/​elasticsearch/​nodes/​ ~/​nodes''​
 +  - Create a new "​nodes"​ folder ''​mkdir /​var/​lib/​elasticsearch/​nodes/''​
 +  - Unmount the new storage: ''​umount /​mnt/​newStroage''​
 +  - Add ''/​dev/​PARTITION /​var/​lib/​elasticsearch/​nodes ext4 defaults 0 2''​ to ''/​etc/​fstab''​
 +  - Mount fstab: ''​mount -a''​
 +  - Verify the data is present: ''​ls /​var/​lib/​elasticsearch/​nodes/''​
 +  - Move the indexes into their proper spot: ''​mv /​var/​lib/​elasticsearch/​nodes/​nodes/​* /​var/​lib/​elasticsearch/​nodes/''​
 +  - Fix permissions:​ ''​chmod -R elasticsearch:​elasticsearch /​var/​lib/​elasticsearch/​nodes''​
 +  - Reboot
 +  - Verify Graylog is up-and-running
 +  - Verify index data is present on the server ''​ls /​var/​lib/​elasticsearch/​nodes/''​
 +
 +
 +References:
 +  * [[https://​www.digitalocean.com/​community/​tutorials/​how-to-partition-and-format-storage-devices-in-linux| Partition and Format Storage Devices in Debian]]
 +  * [[http://​docs.graylog.org/​en/​2.4/​pages/​configuration/​graylog_ctl.html#​extend-disk-space|Extend disk space]]
 +
 +====== Sign Meraki SCEP CA Cert ======
 +  - Log into Meraki Console
 +  - Goto Organization -> MDM
 +  - Under ''​SCEP CA Certificate Configuration''​ download the ''​Meraki\_SCEP\_CA\_CSR.csr''​
 +  - Copy the CSR to your Windows CA server
 +  - Open PowerShell with admin privileges
 +  - Run this command: ''​certreq -submit -attrib "​CertificateTemplate:​SubCA"​ Meraki\_SCEP\_CA\_CSR.csr''​
 +    - Select your CA when prompted
 +    - Save the file, name it whatever you want
 +  - Back in Meraki on the Orgs MDM settings click ''​Choose File''​ under the ''​SCEP CA Certificate Configuration''​ settings
 +  - Select and upload your signed cert
 +  - Click ''​Save''​
 +  - Test install the cert
main.1510101921.txt.gz · Last modified: 2017/11/08 00:45 by bryanheinz