Monitoring your internal infrastructure when it does not have outbound access can be problematic. You can use an OnSight vCollector instance as a proxy, centralizing the flow of data and reducing outband access to a single instance.
During Agent installation, you have the option to set up the OnSight as a proxy for the Panopta Agent using the Agent manifest file.
For Linux, this file is located in /etc/panopta-agent/ with the following content:
[AgentConfig]version = 2017.03.14server_key = ****-****-****-****aggregator_url = https://10.121.32.25:8443, https://10.121.32.26:8443
For Windows, the file is located in C:\Program Files\PanoptaAgent\Agent.cfg or C:\Program Files(x86)\PanoptaAgent\Agent.cfg and the relevant section of the configuration is shown below:
<?xml version="1.0" encoding="utf-8"?><agent> <service> <add key="AggregatorUrl" value="https://10.121.32.25:8443" /> <add key="ServerKey" value="****-****-****-****" /> </service></agent>
The contents of the manifest file for both Windows and Linux are shown below. You do not need to specify values for everything. A detailed description of each parameter is explained below the sample contents:
[agent]customer_key = ****-****-****-****server_key = ****-****-****-****aggregator_url = <The IP address/ port of your OnSight> server_group = 3467fqdn = www.panopta.comserver_name = Panoptainterface_mapping = private:10.100.100.2,private2:10.100.100.13templates = 8tags = tag, anothertag, anotheronepartner_server_ID = 828765disable_server_match = truecustom_plugin_url = https://s3.amazonaws.com/custom-panopta-plugins/my-custom-plugins.zipenable_countermeasures = truecountermeasures_remote_plugins = https://s3.amazonaws.com/some-s3-bucket/custom-plugins.zipcountermeasures_refresh_plugins = 6
The other parameters are described in detail in this section.
To use OnSight as a proxy for an existing Panopta Agent, perform the following:
If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.