| Home Prev |  InCenter 2.2.5 On-Premises Administration Guide
|
Next |
|---|
This section describes how to set up a NetWall node for monitoring by InCenter. Monitoring means that the node will send log event messages to InCenter so that its activity can be analyzed and presented graphically in the InCenter WebUI. It is possible to enable this feature without the node also being under centralized management by InCenter.
For monitoring to function, the following two steps are required:
If centralized management AND monitoring is required, centralized management must first be set up using the steps described in Section 6.2, Setting Up Centralized Management.
If ONLY monitoring is required (without centralized management) then the NetWall nodes being monitored must be added to InCenter using the WebUI and this is described in Section 6.3.1, Adding NetWall Nodes with the WebUI. None of the centralized management setup steps are required.
The NetWall node must be set up to send log messages back to InCenter. Doing this is described in Section 6.3.2, Configuring a Log Receiver in NetWall Nodes.
![[Note]](images/note.png) |
Note: Skip this section if centralized management is used |
|---|---|
|
This section should be skipped if the node is subject to centralized management by InCenter. Adding the node with the CLI is part of centralized management setup and only the sending of logs by the node needs to be configured. |
A NetWall node can be added to InCenter using the WebUI. However, addition in this way should only be done when setting up the monitoring function without centralized management.
Any NetWall node with cOS Core software version 13.00.00 or later installed can be monitored using InCenter.
To add a NetWall node to InCenter for monitoring, select the Nodes option from the Manage section in the navigation pane, as shown below.
Press the Add button and select Node.
This starts the new node wizard which will go through the following steps:
Properties
Select the NetWall option and specify a logical name for the node with an optional comment.
![[Important]](images/important.png) |
Important: The InCenter name must match the firewall name |
|---|---|
|
The node name specified in InCenter must match the local node name on the firewall itself. In addition, the firewall name should not be duplicated within InCenter. Therefore, the name may need to be changed locally to a new value in cOS Core before performing the addition in InCenter. |
Done
In the last step, a summary is displayed to confirm the details of the addition.
Pressing the Done button will now close the wizard and the added node will appear in the node list.
This change to InCenter now needs to be activated and doing this is described in Section 5.2, Activating InCenter Changes.
For a NetWall node to send log messages to InCenter, a log receiver object needs to be locally configured on the node. Doing this using the node's local WebUI or CLI is described below.
This setup procedure is the same both for nodes that are being centrally managed by InCenter and for those where only monitoring is being done by InCenter.
Note that if a node is under centralized management, an alternative way to set up a Log Receiver in the NetWall node is through InCenter, instead of doing it locally. If InCenter is only monitoring the node then this will not be possible.
Configuring a Log Receiver with the WebUI
To configure a Syslog log receiver in the node's WebUI, open the WebUI in a browser and go to: System > Device > Log Receivers. Then press the Add button and select the option Syslog Receiver.The dialog for this new object can then be filled in, as shown in the example below.
Note that the IP address specified is the same IP address that is used for SSH management access for InCenter.
The option to make log messages InCenter compatible must also be enabled and this is found in the Advanced tab. Note that this setting can only be found in NetWall nodes running the software version 12.00.16 or later.
Configuring a Log Receiver with the CLI
The node CLI could be used instead to configure the log receiver. The following is an example of a command to do this where the destination IP for log messages is 203.0.113.10:
Device:/> add LogReceiver LogReceiverSyslog my-syslog-receiver
IPAddress=203.0.113.10
InCenterCompatibility=Yes