Skip to content

Latest commit

 

History

History
171 lines (109 loc) · 4.97 KB

README.build.md

File metadata and controls

171 lines (109 loc) · 4.97 KB

Table of Contents

Panther Logo

Build Instructions

To build from a source code checkout.

Prerequisites

Panther uses MongoDB for its underyling storage. The default Panther configuration expects that to be accessible via localhost:27017.

Install build dependencies

The build system uses Lerna for co-ordinating the build and Yarn for resolving package dependencies.

If these are not already installed you'll need to:

npm i -g lerna@7 yarn@1.22

Running the build

Install the npm dependencies

NODE_ENV=development yarn install

Download external dependencies (fonts, JS), this only needed the first time

lerna run install-deps

Build the software

lerna run build

Starting Panther

If you don't have MongoDB installed, use the provided docker-compose.yml file to get you quickly started

  • Start the database (Optional)

If you don't already have MongoDB running you can use the docker-compose.yml to bring it up. Note you'll therefore need docker and docker-compose installed

docker-compose up mongodb
  • Initialise MongoDB

MongoDB must be up and accessible at localhost:27017

lerna run setup
  • Start all Panther components

    yarn run start/all

Panther should now be accessible via localhost:3001

Default login details can be found below

Login

Panther should now be running locally and can be accessed through the web interface at

http://localhost:3001

Default login details

An initial admin user was created during the setup process, credentials are as follows,

  • username: admin
  • password: admin

Configuration

The following applies only when running without Docker, the instructions can be adopted to run within the Docker container but this is not yet documented.

There are two main configuration files located here:

  • packages/oa-event-console/config.yml
  • packages/oa-event-server/etc/server.ini

Comments are provided inline

The default configurations assume the project is accessed via localhost, if you plan on accessing it via another hostname, the following additional config changes will need to be made:

event-console

config file packages/oa-event-console/config.yml will need updating with correct values as follows:

app:
   url: "http://localhost:3001" # The url used to access Panther
http:
   port: 3001 # Must match the port number in app.url above
event_monitors:
   # Used to inform the browser where the HTTP monitor is listening when accessing `/apiconsole`
   http:
      host: "localhost"
      port: 5001
smtp:
   # SMTP server used to send out password reset reminders
   host: "mta.example.com"
   port: 25

Panther rules

These are the rules behind how Panther interprets and categorizes incoming events from the HTTP and Syslogd monitor.

The main rules file is /rules/server.rules.yml this is where the majority of user defined rules live.

They can be edited by hand using a text editor but the recommened method is via the web interface:

All rules files are saved in /rules. Please consult Panther Rules Documentation for more information.

Sending events to Panther

Using the default build there are two ways to send events to Panther, Syslog and HTTP.

Sending events using syslog

The Panther syslogd monitor will be listening by default on localhost:1514/tcp to send a test message use the following:

logger -T -n localhost -P 1514 "Hello from the command line"

To send events from another syslog agent, please consult your documentation.

Fowarded messages must be sent via the TCP transport, and not UDP.

Sending events using HTTP

First ensure that an API key has been created, please consult the Panther Documentation for how to set this up.

With an API key send an event using curl:

curl -X POST -H 'X-Api-Token: <YOUR-API_KEY>' -H 'Content-Type: application/json' -d '{"event":{"node":"myhostname","tag":"event-tag","summary":"Hello from http","severity":1}}' 'http://localhost:5001/api/event/create'