15. Configuration » Servers

Any server running a Wanguard software component has to be manually defined in Configuration » Servers, except for the Console server, which is automatically added during installation.

To add a new server, click the [+] button from the title bar of the Configuration » Servers panel. To change the configuration of an existing server, go to Configuration » Servers and click its name.

Server Configuration parameters:

● Server Name – A short name to help you identify the server

● Server Color – The color used in graphs for this server. The default color is a random one. You can change it by clicking the drop-down menu

● Server ID – A read-only, unique identifier of the server. This value is used when exporting NFS shares

● Device Group – Optional description used to group servers by location, role, etc.

● IP Address – An IP address defined on the server which is unique within your network. It can be public or private, IPv4 or IPv6, but it cannot be a loopback address (127.0.0.1). Enter an IP address that doesn’t change, to prevent licensing issues

● Linux Distribution – Select the Linux distribution installed on the server

● Hardware Key – Read-only string used for licensing purposes. The hardware key field is updated by the WANsupervisor service when the hardware, IP, active NIC, or hostname changes. If the hardware key is unregistered, send it to sales@andrisoft.com

● Network Interfaces – The WANsupervisor service monitors packets/s, bits/s, errors, and dropped frames for each server interface added manually into this grid. The graphs are available in Reports » Servers » [Server] » Server Graphs » Data Units = Server Interfaces. These stats are provided by the Linux kernel

● Comments – These observations are not visible elsewhere

If you can’t see any data collected for the server in Reports » Devices » Overview, follow the server troubleshooting steps below.

15.1. Server Troubleshooting

✔ For the server to be operational, make sure it always runs the WANsupervisor service and that its clock is synchronized with NTP by executing the command listed below. You can verify the operational status of each server and component in Reports » Devices » Overview » Servers

[root@localhost ~]# ntpq -p || chronyc tracking || timedatectl status

✔ The WANsupervisor service stops when the MySQL/MariaDB service running on the Console server is restarted or unavailable even for a short amount of time (e.g., during a network outage). In this case, either restart WANsupervisor manually or use automated tools such as systemd, monitd or similar

✔ You can discover performance-related issues by monitoring Reports » Server » [Server] » Server Graphs and Reports » Server » [Server] » Server Events

✔ If the DB crashes (usually due to power failures and unexpected shutdowns) execute:

[root@localhost ~]# /opt/andrisoft/bin/WANmaintenance repair_db

15.2. Distributing Sensors and Filters

To distribute Sensors or Filters over multiple servers for load balancing, geographical distribution, high availability, or redundancy:

1. Add the new server in Console, under Configuration » Servers, enter a Server Name and a non-loopback IP address

2. Install the software on the new server by following the installation instructions from the link contained in the evaluation request’s response email

3. When executing /opt/andrisoft/bin/install_supervisor enter the IP of the Console server and the Console database password

4. Start the WANsupervisor service on the new server

5. Make sure that NTP is running on the server and that the status is OK in Reports » Devices » Overview

6. During the trial period, you don’t have to register any server. Outside the trial period, you have to register the server’s hardware key, which is visible in Configuration » Servers » [New Server] after starting the WANsupervisor service. New hardware registration is done by emailing sales@andrisoft.com

7. Define a new Sensor or Filter and set the Server parameter accordingly

8. Start the new Sensor or Filter from Configuration » Components

9. Watch the event log to see if there are any errors or warnings

10. Follow the instructions from NFS configuration steps

15.3. Accessing Remote Data via NFS

If you are using multiple servers to run the software, then you will have to follow the instructions listed below for each remote server that runs Sensor(s) or Filter(s). Otherwise, the Console will not be able to display packet traces and flows saved on remote servers.

Debian or UbuntuCentOS or Red HatRocky/Alma 9

1. Install the necessary packages on the Console server:

[root@console ~]# apt-get install nfs-common

2. Install the necessary packages on the remote server:

[root@remote ~]# apt-get install nfs-kernel-server nfs-common

3. Log in to Console and go to Configuration » Servers » [Remote Server] to look for the Server ID. You will have to replace [server_id] in the next steps with this number.

4. Find the UID and GID of the “andrisoft” user account from the Console server by executing:

[root@console ~]# id andrisoft
uid=4097(andrisoft) gid=4097(andrisoft) groups=4097(andrisoft)

In this particular case, in the next step you should replace [andrisoft_uid] with 4097 and [andrisoft_gid] with 4097.

5. On the remote server add the following lines to the /etc/exports file:

/opt/andrisoft/dumps/[server_id] [console_ip](no_subtree_check,rw,anonuid=[andrisoft_uid],anongid=[andrisoft_gid])
/opt/andrisoft/flows/[server_id] [console_ip](no_subtree_check,rw,anonuid=[andrisoft_uid],anongid=[andrisoft_gid])

Execute on the remote server:

[root@remote ~]# mkdir -p /opt/andrisoft/dumps/[server_id]
[root@remote ~]# chown -R andrisoft:andrisoft /opt/andrisoft/dumps/[server_id]
[root@remote ~]# mkdir -p /opt/andrisoft/flows/[server_id]
[root@remote ~]# chown -R andrisoft:andrisoft /opt/andrisoft/flows/[server_id]

6. On the Console server add the following lines to the /etc/fstab file:

[sensor_ip]:/opt/andrisoft/dumps/[server_id] /opt/andrisoft/dumps/[server_id]  nfs  intr,soft,_netdev
[sensor_ip]:/opt/andrisoft/flows/[server_id] /opt/andrisoft/flows/[server_id]  nfs  intr,soft,_netdev

Execute on the Console server:

[root@console ~]# mkdir -p /opt/andrisoft/dumps/[server_id]
[root@console ~]# chown andrisoft:andrisoft /opt/andrisoft/dumps/[server_id]
[root@console ~]# mkdir -p /opt/andrisoft/flows/[server_id]
[root@console ~]# chown andrisoft:andrisoft /opt/andrisoft/flows/[server_id]

7. Make sure that the ports 2049 (NFS) and 111 (RPC) are permitted through the remote server’s firewall. Consult your Linux distribution documentation to see how to open up the two ports if they are closed. You can check the status of your firewall by executing:

[root@remote ~]# ufw status || firewall-cmd --list-all-zones || iptables -L -n -v && iptables -t raw -L -n -v

8. Restart the NFS service on the remote server:

[root@remote ~]# service nfs-kernel-server restart
[root@remote ~]# systemctl enable nfs-kernel-server # for Systemd distributions
[root@remote ~]# update-rc.d nfs-kernel-server defaults 99 # for System V distributions

9. Mount on the Console server the directories exported by the remote server:

[root@console ~]# mount /opt/andrisoft/dumps/[server_id]
[root@console ~]# mount /opt/andrisoft/flows/[server_id]

Note: If you plan to remove a NFS-linked directory from your Console server, unmount it first with ‘umount -l -f /opt/andrisoft/…’

10. Configure the remote server with the same time-zone as the Console server.

15.4. Transferring Console

If you want to move your Console to a new server, please follow the following steps.

On the old server:

1. Stop all Components (Sensors, Filters, BGP Connectors) from Configuration » Components.

2. Stop the WANsupervisor service and backup the database:

[root@old_console ~]# service WANsupervisor stop
[root@old_console ~]# /opt/andrisoft/bin/WANmaintenance backup_db

On the new server:

1. Follow the software installation instructions for the Console.

2. If you had a running Console on this machine, stop all Components (Sensors, Filters, BGP Connectors) from Configuration » Components.

3. Stop WANsupervisor if it’s running:

[root@new_console ~]# service WANsupervisor stop

4. In case you have a Console set up on this machine, make a backup of its configuration:

[root@new_console ~]# /opt/andrisoft/bin/WANmaintenance backup_db

5. Copy the backup file from your OLD machine to the NEW machine:

[root@new_console ~]# scp -r user@old_machine:/root/wanguard_db_backup_xxxx_xx_xx_xx_xx.sql /root

6. Restore the backup on the new machine:

[root@new_console ~]# mysql -p andrisoft < /root/wanguard_db_backup_xxxx_xx_xx_xx_xx.sql

7. Go to Configuration » Servers and change the IP Address for each server.

8. Update the configuration of the Sensors, Filters and BGP Connectors in order to reflect the interfaces and IP addresses of the new machine.

9. Start the WANsupervisor service:

[root@new_console ~]# service WANsupervisor start

If you use InfluxDB, follow the Back up and restore InfluxDB article to move the graph data from the old server to the new server.

On any remote server that runs Sensors and/or Filters:

1. Update the software packages to the latest version, and execute on each one:

[root@remote_server ~]# /opt/andrisoft/bin/install_supervisor

When prompted, provide the new Console IP and database password.

2. Restart the WANsupervisor service:

[root@remote_server ~]# service WANsupervisor restart

15.5. Fault-Tolerant Console Setup

The Distributing Sensors and Filters section described how to add redundant servers that run Sensors and/or Filters. If the Console becomes unavailable due to a network, hardware or power failure, you could use a secondary server as the new Console. By following the steps listed below, you could have a minimal downtime, and you will not lose any data:

1. Install a secondary Console server that fulfills the system requirements.

2. On the primary Console server stop all components from Configuration » Components, then logout.

3. Connect to each remote server that uses the primary Console and stop the WANsupervisor service:

[root@remote ~]# service WANsupervisor stop

4. On the primary Console server execute:

[root@primary ~]# service WANsupervisor stop
[root@primary ~]# service apache2 stop || service httpd stop
[root@primary ~]# /opt/andrisoft/bin/WANmaintenance db_convert_to_innodb
[root@primary ~]# mkdir /opt/andrisoft/sql/primary ; cd /opt/andrisoft/sql/primary
[root@primary ~]# /opt/andrisoft/bin/WANmaintenance backup_db

InnoDB has a worse read performance than MyISAM or Aria, but it is the only database engine that supports replication. You can improve its performance by tuning InnoDB-specific parameters in the MySQL/MariaDB configuration file.

5. On the secondary server follow the Console software installation instructions from the download link sent to you when entering the trial programme.

6. Execute on the secondary Console server:

[root@secondary ~]# service WANsupervisor stop
[root@secondary ~]# service apache2 stop || service httpd stop
[root@secondary ~]# /opt/andrisoft/bin/WANmaintenance backup_db

7. Transfer and import the backup file generated at step 4 to the secondary Console server:

[root@secondary ~]# mkdir /opt/andrisoft/sql/primary
[root@secondary ~]# scp root@<primary_server_IP>:/opt/andrisoft/sql/primary/wanguard_db_backup*.sql /opt/andrisoft/sql/primary
[root@secondary ~]# mysql -p andrisoft < /opt/andrisoft/sql/primary/wanguard_db_backup*.sql

8. On the secondary Console server put the primary Console IP in /opt/andrisoft/etc/dbconsole.conf:

[root@secondary ~]# nano /opt/andrisoft/etc/dbconsole.conf

9. Follow the instructions needed for replicating the database from the primary server to the secondary server. An example for MariaDB can be found here. Distribution-specific instructions can be found on the Internet.

10. Once the replication is done and the databases are in sync, execute on the primary Console server:

[root@primary ~]# service WANsupervisor start
[root@primary ~]# service apache2 start || service httpd start

11. Connect to each remote server, if any, and restart the WANsupervisor service:

[root@remote ~]# service WANsupervisor restart

12. In the Console from the primary server, start all components from Configuration » Components. In General Settings » Graphs & Storage set the InfluxDB from the secondary server as Graph Storage Engine 2. By default, InfluxDB is only accessible from localhost, so you might need to edit /etc/influxdb/influxdb.conf to allow the primary server to connect.

15.6. Disaster Recovery Steps for Console

If you have a Fault-Tolerant Console Setup and the primary Console server becomes unavailable, execute the following steps:

1. Execute on the secondary Console server:

[root@secondary ~]# mysql -p

Enter the password if requested. Execute in mysql:

mysql> stop slave;
mysql> reset slave;
mysql> exit;

2. Execute on the secondary server:

[root@secondary ~]# rm /opt/andrisoft/etc/dbconsole.conf
[root@secondary ~]# service WANsupervisor restart
[root@secondary ~]# service apache2 start || service httpd start

3. On the secondary Console go to Configuration » Servers » Console and replace the IP of the primary server with the IP of the secondary server. Then, in Configuration » General Settings » Graphs & Storage set Graphing Engine Backend to Graph Storage Engine 2.

4. Connect to each remote server, if any, and execute:

[root@remote ~]# /opt/andrisoft/bin/install_supervisor   # enter the secondary Console IP
[root@remote ~]# service WANsupervisor restart

5. Make sure that all components are running correctly by monitoring Reports » Devices » Overview.