To build from a source code checkout.
Panther uses MongoDB for its underyling storage. The default Panther configuration expects that to be accessible via localhost:27017
.
The build system uses Lerna for co-ordinating the build and Yarn for resolving package dependencies.
If these are not already installed you'll need to:
npm i -g lerna@7 yarn@1.22
Install the npm
dependencies
NODE_ENV=development yarn install
Download external dependencies (fonts, JS), this only needed the first time
lerna run install-deps
Build the software
lerna run build
If you don't have MongoDB installed, use the provided docker-compose.yml
file to get you quickly started
- Start the database (Optional)
If you don't already have MongoDB running you can use the docker-compose.yml
to bring it up.
Note you'll therefore need docker
and docker-compose
installed
docker-compose up mongodb
- Initialise MongoDB
MongoDB must be up and accessible at localhost:27017
lerna run setup
-
Start all Panther components
yarn run start/all
Panther should now be accessible via localhost:3001
Default login details can be found below
Panther should now be running locally and can be accessed through the web interface at
An initial admin user was created during the setup process, credentials are as follows,
username:
admin
password:
admin
The following applies only when running without Docker, the instructions can be adopted to run within the Docker container but this is not yet documented.
There are two main configuration files located here:
packages/oa-event-console/config.yml
packages/oa-event-server/etc/server.ini
Comments are provided inline
The default configurations assume the project is accessed via localhost
, if you plan on accessing it via another hostname, the following additional config changes will need to be made:
event-console
config file packages/oa-event-console/config.yml
will need updating with correct values as follows:
app:
url: "http://localhost:3001" # The url used to access Panther
http:
port: 3001 # Must match the port number in app.url above
event_monitors:
# Used to inform the browser where the HTTP monitor is listening when accessing `/apiconsole`
http:
host: "localhost"
port: 5001
smtp:
# SMTP server used to send out password reset reminders
host: "mta.example.com"
port: 25
These are the rules behind how Panther interprets and categorizes incoming events from the HTTP and Syslogd monitor.
The main rules file is /rules/server.rules.yml
this is where the majority of user defined rules live.
They can be edited by hand using a text editor but the recommened method is via the web interface:
All rules files are saved in /rules
. Please consult Panther Rules Documentation for more information.
Using the default build there are two ways to send events to Panther, Syslog and HTTP.
The Panther syslogd monitor will be listening by default on localhost:1514/tcp to send a test message use the following:
logger -T -n localhost -P 1514 "Hello from the command line"
To send events from another syslog agent, please consult your documentation.
Fowarded messages must be sent via the TCP transport, and not UDP.
First ensure that an API key has been created, please consult the Panther Documentation for how to set this up.
With an API key send an event using curl:
curl -X POST -H 'X-Api-Token: <YOUR-API_KEY>' -H 'Content-Type: application/json' -d '{"event":{"node":"myhostname","tag":"event-tag","summary":"Hello from http","severity":1}}' 'http://localhost:5001/api/event/create'