OI Hawk Console Configurations
You can install the OI Hawk Console in an on-premises environment by selecting the Custom Installation profile and then selecting the Console feature while installing TIBCO OI Hawk RedTail. The OI Hawk Console does not support any of the TIBCO OI Hawk RedTail Advanced features and must be configured by using either of TIBCO EMS, TIBCO Rendezvous or TCP transport for TIBCO Hawk. You must also configure the Hawk agent (hawkagent.cfg) to communicate over TIBCO EMS, TIBCO Rendezvous or TCP transport for TIBCO Hawk so that the Hawk agent is able to communicate with the OI Hawk Console.
All the required configuration parameters for OI Hawk Console are stored in the hawkconsole.cfg configuration file located at CONFIG_FOLDER/bin.
RV_HOME or EMS_HOME parameters are configured correctly in the tibhawkagent.tra file when configuring the Hawk agent to communicate with the OI Hawk Console TIBCO Rendezvous transport or TIBCO EMS transport.For more information about the configurations that you can perform in OI Hawk Console, see the following topics:
| • | Domain and Transport Configuration for OI Hawk Console |
| • | User Authentication in OI Hawk Console |
| • | Secure Communication over OI Hawk Console |
| • | Configuring an External Database |
| • | Configuring OI Hawk Console Database Schema |
| • | OI Hawk Console Configuration Options |
Domain and Transport Configuration for OI Hawk Console
You can register a Hawk domain to the OI Hawk Console and specify the transport type for the communication. You can either use the web interface of OI Hawk Console or configure the domain and transport configuration file (DomainTransportConfig.yml).
Domain Registration by Using Configuration File
The domain and transport configuration file (DomainTransportConfig.yml) for the OI Hawk Console contains the parameters to connect to regular and proxy domains.
You can specify the location of the DomainTransportConfig.yml file by using the domain_config_file option in the OI Hawk Console configuration file (hawkconsole.cfg). For details on options present in the hawkconsole.cfg file, see OI Hawk Console Configuration Options.
| • | In the DomainTransportConfig.yml file you can specify the following elements for the connection: |
| • | domainConfiguration - The parent tag for the domain and transport configurations for OI Hawk Console. |
| • | Domain type - Specify whether the Hawk domain to be registered is a regular domain or a proxy domain. Based on the domain type, specify additional configuration parameters. The tags used for the domain type are: |
| — | regular - For details about fields for the regular domain type, see Configuration Options for DomainTransportConfig.yml for the Regular Domain Type. |
| — | proxy - For details about fields for the proxy domain type, see Configuration Options for DomainTransportConfig.yml for the Proxy Domain Type. |
| • | domainName - Name of the domain that is to be registered. |
|
Property |
Description |
|
|
URL of the domain that needs to be registered. The syntax is
Mandatory: Yes Suggested Value: |
credentials
|
User name and password required to log in to the domain. The syntax is
Mandatory: Yes Suggested Value: |
securedChannel
|
Specifies whether the domain should be connected over a secured channel
Mandatory: Yes Suggested Value: true |
User Authentication in OI Hawk Console
The OI Hawk Console supports user authentication based on a file, a database, and LDAP-based authentications. You can set the authentication mode by using the OI Hawk Console configuration file (hawkconsole.cfg).
File-Based Authentication
For the file-based authentication, the user details are stored in the hawkconsole-user.cfg file. By default, the configuration file is located at CONFIG_FOLDER/bin. If required, you can configure its location by using the user_file_store option in the hawkconsole.cfg file.
The syntax for a user entry in the hawkconsole-user.cfg file is:
<user_name>:<encrypted_password>
For example,
admin:#####***###
You can use the tibhawkpassword utility at OIHR_HOME/bin to encrypt the password. For more details on user authentication properties, see OI Hawk Console Configuration Options.
Database-Based Authentication
In the database based authentication, the user names and passwords are stored in the database. The OI Hawk Console supports both in memory database and external database to store authentication details. For more information about configuring an external database in the OI Hawk Console, see Configuring an External Database.
You can add a new user in the external database using the following steps:
| 1. | Add the new user in the users table. |
For example:
insert into users (name, password, email, role_id) values('new_user', '#!SXcfN3U19IiH/Eai55LWvV4XNKV/eQIDfri6+J+rho4=', 'newUser@xyz.com',1);
| 2. | Create a mapping in the table user_privilege_mapping. |
For example:
insert into user_privilege_mapping (user_id, privilege_id) values((select id from users where name = 'new_user'), 1);
LDAP-Based Authentication
For the LDAP-based authentication, the user details are stored in the hawkconsole.cfg file. By default, the configuration file is located at CONFIG_FOLDER/bin.
For selecting LDAP as the user store, modify the hawkconsole.cfg file as follows:
-
Under
-M UserAuth, specify LDAP as the user store type:-user_store_type ldap -
Under
-user_store_type ldap, specify the LDAP-based user authentication properties.
For more details about user authentication properties that can be specified, see OI Hawk Console Configuration Options.
Secure Communication over OI Hawk Console
You can access the OI Hawk Console over a secure channel by using SSL or TLS security protocols. To enable the secure communication, uncomment and configure the following fields in the OI Hawk Console configuration file (hawkconsole.cfg):
| • | -key_alias
|
| • | -key_password
|
| • | -key_store
|
| • | -key_store_password
|
| • | -protocol
|
| • | -ciphers
|
For more details on these properties, see OI Hawk Console Configuration Options.
Configuring an External Database
Hawk alerts can be persisted by configuring an external database to store the alerts. If the OI Hawk Console is restarted, then also you can view the previous alerts since when the Hawk agent is active. Following databases are supported in this release:
| • | MySQL |
| • | Apache Ignite |
| • | H2 database in server and disc mode |
| • | You must set up the database and perform database-specific configuration depending on the database vendor. |
| • | Add the appropriate .jar file of the JDBC Driver classes, from the database vendor, to the folder OIHR_HOME/<version>/lib/ext/console-ext. |
Procedure
To configure the external database, uncomment and configure the following fields in the OI Hawk Console configuration file (hawkconsole.cfg). By default the configuration file is located at CONFIG_FOLDER/bin.
| • | -datasource_url
|
| • | -datasource_drivername
|
| • | -datasource_username
|
| • | -datasource_password
|
| • | -datasource_connection_pool_initial_size
|
| • | -datasource_connection_pool_max_idle
|
| • | -datasource_connection_pool_max_active
|
For more details on these properties, see OI Hawk Console Configuration Options.
Configuring OI Hawk Console Database Schema
You can configure the attributes of the table for the database which stores the OI Hawk Console data. To do so, you must first uncomment the sql_schema_path configuration option in the hawkconsole.cfg file and then provide the folder path as a parameter. The path must contain the scripts that enable you to configure the database schema. By default, this parameter is configured with the CONFIG_FOLDER/hawk/sql or OIHR_HOME/7.1/sql.
The path specified for the sql_schema_path configuration option contains the following files:
| • | Schema files: These files contain the Data Definition Language (DDL) which is used to define data structures for the database. You can configure the following files depending on the database management software currently is use:
|
| • | Data files: These files contain the Data Manipulation Language (DML) which is used to manipulate data for the database.You can configure the following files depending on the database management software currently is use:
|
For example, if you have configured the alerts to provide detailed information about the events, then you can configure the sql_schema_path option so that you can increase the size of the alert_text column in the alert table. This enables the OI Hawk Console to store more data for the alert_text than it was previously allowed to.
OI Hawk Console Configuration Options
You can configure the Hawk agent for the on-premises platforms such as Linux or Microsoft Windows. All the required configuration parameters are stored in CONFIG_FOLDER/bin/hawkconsole.cfg.
Each of the parameters are explained in more detail in the following table:
|
Property |
Description |
|||||||||||||||||||||
|
|
Path of file that contains the domain and transport configurations for OI Hawk Console. For details on the domain and transport configuration file, see Domain and Transport Configuration for OI Hawk Console.
Mandatory: No Suggested Value: |
|||||||||||||||||||||
|
|
The server port to access OI Hawk Console
Mandatory: No Suggested Value: 8083 |
|||||||||||||||||||||
|
Secure Communication (SSL Authentication) Options |
||||||||||||||||||||||
|
|
Key alias
Mandatory: No Suggested Value: - |
|||||||||||||||||||||
|
|
Encrypted key password
Mandatory: No Suggested Value: - |
|||||||||||||||||||||
|
|
The path of the key store file
Mandatory: No Suggested Value: - |
|||||||||||||||||||||
|
|
The password for the key store file
Mandatory: No Suggested Value: - |
|||||||||||||||||||||
|
|
The security protocol for a secure communication
Mandatory: No Suggested Value: TLSv1.2 |
|||||||||||||||||||||
|
|
The ciphers to be used for the specified security protocol. You can specify multiple ciphers as a comma-separated list.
Mandatory: No Suggested Value: |
|||||||||||||||||||||
repository_path
|
The path to the rulebase repository
Mandatory: No Suggested Value: |
|||||||||||||||||||||
|
|
A bounded circular queue is maintained for each subscription for storing its results. This parameter defines the maximum size of the queue. If the maximum size of the queue is reached then old results are overridden by the new ones.
Mandatory: No Suggested Value: 128 |
|||||||||||||||||||||
|
|
Time (in milliseconds) after which a subscription expires if the results of subscription are accessed
Mandatory: No Suggested Value: 90000 |
|||||||||||||||||||||
|
Proxy Domain Options |
||||||||||||||||||||||
|
|
Time interval (in milliseconds) in which the alert count is fetched from proxy domains
Mandatory: No Suggested Value: 15000 |
|||||||||||||||||||||
|
|
Time interval (in milliseconds) in which proxy domains are checked for reachability
Mandatory: No Suggested Value: 15000 |
|||||||||||||||||||||
| Alert Configurations | ||||||||||||||||||||||
retention_count_for_notification
|
Alert limit for notifications
Mandatory: Yes Suggested Value: 100000 |
|||||||||||||||||||||
retention_count_for_high_alerts
|
Alert limit for high level alerts
Mandatory: Yes Suggested Value: 100000 |
|||||||||||||||||||||
retention_count_for_medium_alerts
|
Alert limit for medium level alerts
Mandatory: Yes Suggested Value: 100000 |
|||||||||||||||||||||
retention_count_for_low_alerts
|
Alert limit for low level alerts
Mandatory: Yes Suggested Value: 100000 |
|||||||||||||||||||||
alert_manager_activity_interval
|
Time interval (in milliseconds), after which the alert manager starts to store alerts in the database and purge extra alerts in the database
Mandatory: Yes Suggested Value: 20000 |
|||||||||||||||||||||
max_reconnect_attempts_after_restart
|
Specifies the number of reconnect attempts to be made when the agent gets disconnected from the Daemon
Mandatory: No Suggested Value: 1000 |
|||||||||||||||||||||
max_reconnect_attempts_during_connect
|
Specifies the number of reconnect attempts made when the connection is disconnected from the Daemon after it has been established
Mandatory: No Suggested Value: 20 |
|||||||||||||||||||||
|
External Database Configuration |
||||||||||||||||||||||
|
|
URL which identifies the database connection
Mandatory: No Suggested Value: " |
|||||||||||||||||||||
|
|
Name of the JDBC driver
Mandatory: No Suggested Value: " |
|||||||||||||||||||||
|
|
User name to connect to the database
Mandatory: No Suggested Value: " |
|||||||||||||||||||||
|
|
User’s password to connect to the database
Mandatory: No Suggested Value: "" |
|||||||||||||||||||||
|
|
Initial number of database connections to be allocated
Mandatory: No Suggested Value: "10" |
|||||||||||||||||||||
|
|
Maximum number of idle connections allowed in the database connection pool
Mandatory: No Suggested Value: "20" |
|||||||||||||||||||||
|
|
Maximum number of active connections allowed in the database connection pool
Mandatory: No Suggested Value: "100" |
|||||||||||||||||||||
|
Logging |
||||||||||||||||||||||
|
|
The directory in which to store log files generated by the Hawk agent
Mandatory: No Suggested Value: |
|||||||||||||||||||||
|
|
The maximum size of a rotating log files in KB. You can apply a suffix ’
Mandatory: No Suggested Value: 10M |
|||||||||||||||||||||
|
|
The maximum number of rotating log files
Mandatory: No Suggested Value: 10 |
|||||||||||||||||||||
|
|
Specifies the level of diagnostic information stored in the logs. The following are the logging levels:
Mandatory: No Suggested Value: 7 |
|||||||||||||||||||||
|
|
The format for trace log messages
Mandatory: No Suggested Value: ae4 |
|||||||||||||||||||||
|
User Authentication |
||||||||||||||||||||||
|
|
Specify whether OI Hawk Console uses an inbuilt database or a file for user authentication. The values are:
Mandatory: No Suggested Value: |
|||||||||||||||||||||
|
|
If
Mandatory: No Suggested Value: |
|||||||||||||||||||||
|
User Authentication: LDAP-Based |
||||||||||||||||||||||
|
|
Host name for the LDAP server
Mandatory: Yes Suggested Value: - |
|||||||||||||||||||||
|
|
Port of the LDAP server
Mandatory: No Suggested Value: 389 |
|||||||||||||||||||||
|
|
LDAP manager user DN for accessing the server, to avoid anonymous access to the server
Mandatory: Yes Suggested Value: - |
|||||||||||||||||||||
|
|
LDAP admin password for accessing the server. The password is obfuscated.
Mandatory: Yes Suggested Value: - |
|||||||||||||||||||||
|
|
Base DN for the users to search
Mandatory: Yes Suggested Value: - |
|||||||||||||||||||||
|
|
UID attribute to perform the user search
Mandatory: No Suggested Value: UID |
|||||||||||||||||||||
ldap_groupDN
|
Group DN for the users to log in who belong to a particular group. Multiple groups can be specified by separating the string with the pipe(|) operator.
Mandatory: No Suggested Value: - |
|||||||||||||||||||||
ldap_group_search_filter
|
Query attribute to search in group
Mandatory: No Suggested Value: |
|||||||||||||||||||||
|
|
Specifies whether to connect to LDAP over SSL or not
Mandatory: No Suggested Value: false |
|||||||||||||||||||||
ldap_disable_hostname_verification
|
Specifies whether the host name verification is enabled or disabled
Mandatory: No Suggested Value: false |
|||||||||||||||||||||
hawkconsole_user_access_list
|
Specifies the file path for user based agent/node filtering
Mandatory: No Suggested Value: |
|||||||||||||||||||||