Install BeyondInsight Event Server

The event collector role collects events and serves policy for BeyondTrust integrations. Event Server is FIPS 140-2 compliant and supports TLS versions up to TLS 1.2.

 

You can deploy additional event collectors to scale BeyondInsight to accommodate regional deployments in larger environments. However, it is not a typical installation scenario. It is recommended that BeyondTrust's Professional Services advise you on whether this installation scenario is suited to your BeyondInsight deployment.

For more information about BeyondTrust Professional Services, please see https://www.beyondtrust.com/services/all-services.

Installation Overview

Use the following instructions to deploy BeyondInsight and the event collectors. The following install files and port requirements must be in place:

  • BeyondInsight
  • Event Server and patches. Confirm the latest version with BeyondTrust. A license is required.
  • Port 21690 must be listening for TCP traffic. The port is used to receive SSL encrypted events from agents.

 

All files can be downloaded from the client portal.

The license key for all event collectors must match the license key for the main BeyondInsight installation.

Below is a high level overview of the installation steps.

  1. Run the Event Server installer and set up the connection to the database.
  2. Set up the crypto keys.

For more information, please see Export and Import Crypto Keys for Event Server Configuration.

  1. Export the crypto key from the primary BeyondInsight server.
  2. Import the key to all Event Server machines.
  3. Set up the certificates.

For more information, please see Export and Import Certificates for Event Server Configuration.

  1. Export the three certificates with private keys from primary BeyondInsight server.
  2. Import the certificates to all event collector machines.
  3. Configure scanners to point to the Central Policy and send events to the Event Server.
  4. If using Windows authentication, the Event Server machine name must be added to a local group created on the SQL Server host.

For more information, please see the BeyondInsight Install Guide.

Run the Installer

  1. Run the Event Server installer.
  2. Click Next on the Welcome page.
  3. Click the check box to accept the licensing terms.
  4. Select the location for the installation.

An image of an example database configuration on the Event Server Configuration screen.

  1. Configure the connection to the database.
    • Enter the IP address of the server hosting SQL Server.
    • Enter the name of the database and include the credentials.
    • Select the Trust Server Certificate check box.
    • Select the Use Encryption check box.

     

 

If the connection to the database is lost, all events are stored in an encrypted local database. There are no limits on the number of events that can be stored.

  1. Click Test Connection to ensure the Event Server machine can successfully contact the database machine.
  2. Set the log settings, including location for the log file, level of logging, and log type.
  1. Click Apply.

Update the Events Client

You must update the IP address for the client to establish a connection to the Event Server.

  1. Start the Events Client.

An image of an example Receiver configuration on the Events Client Settings screen.

  1. Click the Receiver tab.

 

  1. Click OK.

Windows Authentication

If you use Windows authentication for the Event Server, you must create a local group on the SQL Server host. This group requires db_owner access to the BeyondInsight database and is assigned the REM3Admins role.

You must add each Event Server machine name to this local group. For example, DomainName\EventServerMachineName$.

For more information, please see the BeyondInsight Install Guide.