- Ensure that Python v2.7.x and Virtualenv are installed in your environment
Installing Virtualenv
If you haven't installed Virtualenv in your environment, perform follow these steps:
- Install Virtualenv using the following
command:
$ pip install virtualenv
- In the root of the project directory, create a new Virtualenv folder using
the following
command:
$ virtualenv -p /path/to/python2.7 venv
- Activate Virtualenv using the following
command:
$ pip install -r requirements.txt
Installing project dependencies
Install the project dependencies in requirements.txt using the following command:
$ pip install -r requirements.txt
Configuring the Utility Logger
Edit the dnsedge.yaml file, which is installed by default under /etc. At a minimum, the following items must be configured:
- url: Replace placeholder text with the fully qualified domain name of the customer's Edge portal. Note that it must contain "api-" as a prefix.
- token: Replace text with your SIEM token that was sent in an email to the designated super admin.
Logger types
The Edge logger has two log streams - applog, used for application info or debug messages, and datalog, which is used for query logging.
Each log stream can be directed to a file or can be sent to a syslog server in LEEF or CEF formats.
For file-based logging you must specify log_level, file_name, and logger_name configurations in the dnsedge.yaml file.
For LEEF or CEF-based syslog messages, you must specify server, protocol, and port variables in the dnsedge.yaml file.
Running in a Python virtual environment
$ cd /path/to/dnsedge-poller $ source venv/bin/activate $ python dnsedge.py --file dnsedge.yaml