[-]
  
  
  
  
[-]
  
  
  
  
  
  
  
 
 
[-]
  
  
  
  
[-]
  
 [+]
[-]
Monitoring
  
 [+]
 [+]
 [+]
  
[-]
Monitoring guides
  
  
[-]
Templates
 [+]
  
  
[-]
Cloud monitoring
 [+]
  
  
 [+]
Kubernetes
[-]
Network checks
 [+]
  
  
  
[-]
 [+]
  
  
  
  
  
  
 [+]
 [+]
 [+]
 [+]
[-]
CounterMeasures
  
 [+]
 [+]
  
  
[-]
Panopta OnSight
 [+]
 [-]
   
   
   
   
   
   
[-]
SNMP
 [+]
  
[-]
Alerting
 [+]
 [+]
 [+]
 [+]
 [+]
[-]
Reporting
  
  
  
[-]
Maintenance
  
  
[-]
API
  
  
  
  
[-]
Users, Groups, and Authentication
 [+]
  
  
  
[-]
Billing and Payments
  
  
  
  
  
  
[-]
  
[-]
  
  
  
  
  
  
  
  
  
  
  
  
Updated on 11/20/2019
Online Help
Use OnSight as a proxy for the Panopta Agent
Direct link to topic in this publication:

Monitoring your internal infrastructure when it does not have outbound access can be problematic. You can use an OnSight vCollector instance as a proxy, centralizing the flow of data and reducing outband access to a single instance.   

On this page


Set OnSight as a proxy during Agent installation

During Agent installation, you have the option to set up the OnSight as a proxy for the Panopta Agent using the Agent manifest file

  1. Create an Agent manifest file. To create the file, see the following sections:
  1. Edit the manifest file and set the aggregator_url parameter to point to the URL or IP address of your OnSight or OnSights. 

    If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.
    Information
    Using Multiple Aggregator URLs

    In most mission critical environments, it is highly recommended that you deploy multiple OnSights for a high availability pair. You can also specify each OnSight as an aggregator endpoint in your agent's config file. It is a best practice to use DNS with multiple A records in order to make changes centrally without having to visit each agent.

    For Linux, this file is located in /etc/panopta-agent/ with the following content:

    Properties (.properties files)
    [AgentConfig]
    version = 2017.03.14
    server_key = ****-****-****-****
    aggregator_url = https://10.121.32.25:8443, https://10.121.32.26:8443

    For Windows, the file is located in C:\Program Files\PanoptaAgent\Agent.cfg or C:\Program Files(x86)\PanoptaAgent\Agent.cfg and the relevant section of the configuration is shown below:

    XML
    <?xml version="1.0" encoding="utf-8"?>
    <agent>
    <service>
    <add key="AggregatorUrl" value="https://10.121.32.25:8443" />
    <add key="ServerKey" value="****-****-****-****" />
    </service>
    </agent>

    Information Note: If you are using the Windows version of the Agent, you will have to restart the service from within the services menu before seeing any configuration changes take place.

  2. Save and close the file.
  3. Run the Windows or Linux command to install and add the OnSight proxy to Panopta. 

Example Agent manifest file

The contents of the manifest file for both Windows and Linux are shown below. You do not need to specify values for everything. A detailed description of each parameter is explained below the sample contents:

INI (.ini files)
[agent]
customer_key = ****-****-****-****
server_key = ****-****-****-****
aggregator_url = <The IP address/ port of your OnSight>
server_group = 3467
fqdn = www.panopta.com
server_name = Panopta
interface_mapping = private:10.100.100.2,private2:10.100.100.13
templates = 8
tags = tag, anothertag, anotherone
partner_server_ID = 828765
disable_server_match = true
custom_plugin_url = https://s3.amazonaws.com/custom-panopta-plugins/my-custom-plugins.zip
enable_countermeasures = true
countermeasures_remote_plugins = https://s3.amazonaws.com/some-s3-bucket/custom-plugins.zip
countermeasures_refresh_plugins = 6

The other parameters are described in detail in this section.

Use OnSight as a proxy for an existing Panopta Agent

To use OnSight as a proxy for an existing Panopta Agent, perform the following:

  1. Define the Aggregator URL in the Panopta Agent configuration file. For Linux this can be found in /etc/panopta-agent/panopta_agent.cfg. For Windows, it is usually the agent.conf file in the directory you created for the Panopta Agent. Keep this file open for later.
  2. From the instance's tree in the control pane, select the OnSight instance to open its details page. 
  3. Click the IP Address of the OnSight to open the OnSight Console.
  1. On the OnSight Console login page, enter the following credentials:
    • Username: admin
    • Password: <OnSight key>

      Successfully logging in will open the OnSight Console.
  2. Select Enable in the Agent proxy field to get a URL that can be used as the proxy.

If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.