The Iogly Beacon

The Beacon is the client component of the Iogly real-time intrusion detection system. Its main purpose is to monitor specific directories and database tables for changes. To perform these tasks it needs to have access to the file system and database of the monitored system.

Step 1 - Download

You can download the latest version of the Beacon from the Downloads section in the Iogly admin dashboard.

  • If you haven't already registered please register here.
  • If you are registered please log in here.

To download the Beacon click on 'Downloads' in the sidebar. Click on the version that matches your system and the download should start.

Downloads Page
Step 2 - Obtaining the API Token

To authenticate the Beacon with the Iogly API you need the API token. To get the API token click on 'Instances' in the sidebar and then on the 'View' button next to the instance you are setting up. You will need this token when configuring the Beacon later.

View Instance Page
Step 3 - Installing the Beacon

You can download the latest version of the Beacon from the Downloads section in the Iogly admin dashboard.

We offer RPM and DEB packages for your flavor of Linux. In case your Linux system doesn't support RPM or DEB packages you can alternatively download a TAR archive. The RPM and DEB packages come pre-configured to be used with systemd. If you system doesn't utilize systemd please use the TAR archive instead.

To install the Beacon either use the package manager for your preferred package type or simply extract the TAR archive.

Installing with package manager (RPM/useradd example):

          # sudo useradd ioglybeacon
          # sudo rpm -i /tmp/ioglybeacon_latest_linux_x86_64.rpm
        

Installing TAR archive:

          # sudo bash
          # mkdir /tmp/iogly
          # cd /tmp/iogly
          # tar -xzvf ~/ioglybeacon_latest_linux_x86_64.tar.gz (adjust accordingly)
          # useradd ioglybeacon
          # cp ioglybeacon /usr/local/bin
          # mkdir -p /etc/iogly/beacon
          # cp config.sample.yaml /etc/iogly/beacon/config.yaml
          # mkdir /var/lib/iogly
          # chown ioglybeacon:ioglybeacon /var/lib/iogly
          # mkdir /var/log/iogly
          # chown ioglybeacon:ioglybeacon /var/log/iogly
        
Note: some systems use a different command to add users; please adjust accordingly.

Step 4 - Configuring the Beacon

In this step you will need to configure the Beacon for your specific environment.

The file "config.yaml" contains example entries for all the relevant configuration settings for the Beacon. The Beacon will look for a file "config.yaml" in any of the following directories.

  • /etc/iogly/beacon (default)
  • $HOME/.iogly/beacon
  • as well as in the same directory the "beacon" binary is located in

The table below explains each of the configuration options:

Option Valid values Explanation
Log.Level debug, info, warning, error Defines how verbose the Beacon log will be.
Log.File Full path to log file (i.e. /var/log/iogly/beacon.log) Specifies the log file location. This can be left empty (log to stdout).
Index Full path to database (i.e. /var/lib/iogly/beacon.db) This is the location where the Beacon will create its database. The user the Beacon runs as will need write permission to that location.
BasePaths Full path to application The full path to the application you want to monitor. You can monitor multiple paths (separate with comma). Note: The square brackets are required!
Mode daemon, schedule In which mode you want to run the Beacon. TODO!!!
APIToken <string> The API token for the instance you want to monitor.
DBDriver mysql Currently only supports mysql.
DBHost IP address/host name IP address or host name of database you want to monitor.
DBUsername <string> User name for database you want to monitor.
DBPassword <string> Password for database you want to monitor.
DBName <string> Database name of database you want to monitor.
DBTablePrefix <string> Database table prefix of database you want to monitor. Specify this in case you have a prefix for your database tables that deviates from the standard naming scheme (i.e. 'wp_').
Step 5 - Starting the Beacon

Now that the Beacon is installed and configured we need to start the it. We ship a systemd service file with our release packages. If your system doesn't utilize systemd please refer to your systems documentation on how to initialize and start services.

          # sudo systemctl enable ioglybeacon
          # sudo systemctl start ioglybeacon
          # sudo systemctl status ioglybeacon
        
The status command should indicate that the Beacon has been successfully started.