15. Configuration » Servers

Any server running a Wanguard software component has to be manually defined in Configuration » Servers, except for the Console server, which is automatically added during installation.

To add a new server, click the [+] button from the title bar of the Configuration » Servers panel. To modify an existing server’s configuration, go to Configuration » Servers and click its name.

SERVER_CONFIGURATION8.01_png

Server Configuration parameters:

Server Name – A short name to help you identify the server
Server Color – The color used in graphs for this server. The default color is a random one. You can change it by clicking the drop-down menu
Server ID – A read-only, unique identifier of the server. This value is used when exporting NFS shares
Device Group – Optional description used to group servers by location, role, etc.
IP Address – An IP address defined on the server which is unique within your network. It can be public or private, IPv4 or IPv6, but it cannot be a loopback address (127.0.0.1). Enter an IP address that doesn’t change, to prevent licensing issues
Linux Distribution – Select the Linux distribution installed on the server
Hardware Key – A read-only string used for licensing. The WANsupervisor service updates this field when the hardware, IP, active NIC, or hostname changes. If the hardware key is unregistered, send it to <sales@andrisoft.com>.
Network Interfaces – The WANsupervisor service monitors packets/s, bits/s, errors, and dropped frames for each server interface added manually into this grid. The graphs are available in Reports » Servers » [Server] » Server Graphs » Data Units = Server Interfaces. These stats are provided by the Linux kernel
Comments – These observations are not visible elsewhere
If you can’t see any data collected for the server in Reports » Devices » Overview, follow the server troubleshooting steps below.

15.1. Server Troubleshooting

✔ For the server to be operational, ensure the WANsupervisor service is always running, and that NTP is properly synchronized. You can verify the operational status of each server and component in Reports » Devices » Overview » Servers:
[root@localhost ~]# ntpq -p || chronyc tracking || timedatectl status
✔ The WANsupervisor service stops when the MySQL/MariaDB service running on the Console server is restarted or unavailable even for a short amount of time (e.g., during a network outage). In this case, either restart WANsupervisor manually or use automated tools such as systemd, monitd or similar
✔ You can discover performance-related issues by monitoring Reports » Server » [Server] » Server Graphs and Reports » Server » [Server] » Server Events
✔ If the DB crashes (usually due to power failures and unexpected shutdowns) execute:
[root@localhost ~]# /opt/andrisoft/bin/WANmaintenance repair_db

15.2. Distributing Sensors and Filters

To distribute Sensors or Filters over multiple servers for load balancing, geographical distribution, high availability, or redundancy:

1. Add the new server in Console, under Configuration » Servers, enter a Server Name and a non-loopback IP address
2. Install the software on the new server by following the installation instructions from the link contained in the evaluation request’s response email
3. When executing /opt/andrisoft/bin/install_supervisor enter the IP of the Console server and the Console database password
4. Start the WANsupervisor service on the new server
5. Make sure that NTP is running on the server and that the status is OK in Reports » Devices » Overview
6. During the trial period, you do not need to register any server. Once the trial ends, register the server’s hardware key (visible in Configuration » Servers » [New Server]) after starting WANsupervisor. To register new hardware, email <sales@andrisoft.com>.
7. Define a new Sensor or Filter and set the Server parameter accordingly
8. Start the new Sensor or Filter from Configuration » Components
9. Watch the event log to see if there are any errors or warnings
10. Follow the instructions from NFS configuration steps

15.3. Accessing Remote Data via NFS

If you are using multiple servers to run the software, then you will have to follow the instructions listed below for each remote server that runs Sensor(s) or Filter(s). Otherwise, the Console will not be able to display packet traces and flows saved on remote servers.
  1. Install the necessary packages on the Console server:

[root@console ~]# apt-get install nfs-common
  1. Install the necessary packages on the remote server:

[root@remote ~]# apt-get install nfs-kernel-server nfs-common
  1. Log in to the Console and go to Configuration » Servers » [Remote Server] to find the Server ID. You will replace [server_id] with this number in the following steps.

  2. Find the UID and GID of the “andrisoft” user account from the Console server by executing:

[root@console ~]# id andrisoft
uid=4097(andrisoft) gid=4097(andrisoft) groups=4097(andrisoft)

In this particular case, in the next step you should replace [andrisoft_uid] with 4097 and [andrisoft_gid] with 4097.

  1. On the remote server add the following lines to the /etc/exports file:

/opt/andrisoft/dumps/[server_id] [console_ip](no_subtree_check,rw,anonuid=[andrisoft_uid],anongid=[andrisoft_gid])
/opt/andrisoft/flows/[server_id] [console_ip](no_subtree_check,rw,anonuid=[andrisoft_uid],anongid=[andrisoft_gid])

Execute on the remote server:

[root@remote ~]# mkdir -p /opt/andrisoft/dumps/[server_id]
[root@remote ~]# chown -R andrisoft:andrisoft /opt/andrisoft/dumps/[server_id]
[root@remote ~]# mkdir -p /opt/andrisoft/flows/[server_id]
[root@remote ~]# chown -R andrisoft:andrisoft /opt/andrisoft/flows/[server_id]
  1. On the Console server, add the following lines to the /etc/fstab file:

[sensor_ip]:/opt/andrisoft/dumps/[server_id] /opt/andrisoft/dumps/[server_id]  nfs  intr,soft,_netdev
[sensor_ip]:/opt/andrisoft/flows/[server_id] /opt/andrisoft/flows/[server_id]  nfs  intr,soft,_netdev

Execute on the Console server:

[root@console ~]# mkdir -p /opt/andrisoft/dumps/[server_id]
[root@console ~]# chown andrisoft:andrisoft /opt/andrisoft/dumps/[server_id]
[root@console ~]# mkdir -p /opt/andrisoft/flows/[server_id]
[root@console ~]# chown andrisoft:andrisoft /opt/andrisoft/flows/[server_id]
  1. Ensure ports 2049 (NFS) and 111 (RPC) are open in the remote server’s firewall. Refer to your Linux distribution’s documentation on how to open these ports if they are closed. You can check the firewall status by running:

[root@remote ~]# ufw status || firewall-cmd --list-all-zones || iptables -L -n -v && iptables -t raw -L -n -v
  1. Restart the NFS service on the remote server:

[root@remote ~]# service nfs-kernel-server restart
[root@remote ~]# systemctl enable nfs-kernel-server # for Systemd-based distributions
[root@remote ~]# update-rc.d nfs-kernel-server defaults 99 # for System V distributions
  1. Mount on the Console server the directories exported by the remote server:

[root@console ~]# mount /opt/andrisoft/dumps/[server_id]
[root@console ~]# mount /opt/andrisoft/flows/[server_id]

Note: If you plan to remove a NFS-linked directory from your Console server, unmount it first with ‘umount -l -f /opt/andrisoft/…’

  1. Configure the remote server with the same time zone as the Console server. This ensures consistent timestamps for packet captures and flow data.

15.4. Transferring Console

If you want to move your Console to a new server, please follow these steps:

On the old server:

1. Stop all Components (Sensors, Filters, BGP Connectors) from Configuration » Components.
2. Stop the WANsupervisor service and backup the database:
[root@old_console ~]# service WANsupervisor stop
[root@old_console ~]# /opt/andrisoft/bin/WANmaintenance backup_db

On the new server:

1. Follow the software installation instructions for the Console.
2. If you had a running Console on this machine, stop all Components (Sensors, Filters, BGP Connectors) from Configuration » Components.
3. Stop WANsupervisor if it’s running:
[root@new_console ~]# service WANsupervisor stop
4. In case you have a Console set up on this machine, make a backup of its configuration:
[root@new_console ~]# /opt/andrisoft/bin/WANmaintenance backup_db
5. Copy the backup file from your OLD machine to the NEW machine:
[root@new_console ~]# scp -r user@old_machine:/root/wanguard_db_backup_xxxx_xx_xx_xx_xx.sql /root
6. Restore the backup on the new machine:
[root@new_console ~]# mysql -p andrisoft < /root/wanguard_db_backup_xxxx_xx_xx_xx_xx.sql
7. Go to Configuration » Servers and change the IP Address for each server.
8. Update the configuration of the Sensors, Filters and BGP Connectors in order to reflect the interfaces and IP addresses of the new machine.
9. Start the WANsupervisor service:
[root@new_console ~]# service WANsupervisor start
If you use InfluxDB, follow the Back up and restore InfluxDB article to move the graph data from the old server to the new server.

On any remote server that runs Sensors and/or Filters:

1. Update the software packages to the latest version, and execute on each one:
[root@remote_server ~]# /opt/andrisoft/bin/install_supervisor
When prompted, provide the new Console IP and database password.
2. Restart the WANsupervisor service:
[root@remote_server ~]# service WANsupervisor restart

15.5. Fault-Tolerant Console Setup

The Distributing Sensors and Filters section describes how to add redundant servers that run Sensors and/or Filters. If the Console becomes unavailable due to a network, hardware, or power failure, you can switch to a secondary Console server with minimal downtime and no data loss:

1. Install a secondary Console server that fulfills the system requirements.
2. On the primary Console server stop all components from Configuration » Components, then logout.
3. Connect to each remote server that uses the primary Console and stop the WANsupervisor service:
[root@remote ~]# service WANsupervisor stop
4. On the primary Console server execute:
[root@primary ~]# service WANsupervisor stop
[root@primary ~]# service apache2 stop || service httpd stop
[root@primary ~]# /opt/andrisoft/bin/WANmaintenance db_convert_to_innodb
[root@primary ~]# mkdir /opt/andrisoft/sql/primary ; cd /opt/andrisoft/sql/primary
[root@primary ~]# /opt/andrisoft/bin/WANmaintenance backup_db

InnoDB has a worse read performance than MyISAM or Aria, but it is the only database engine that supports replication. You can improve its performance by tuning InnoDB-specific parameters in the MySQL/MariaDB configuration file.

5. On the secondary server follow the Console software installation instructions from the download link sent to you when entering the trial programme.
6. Execute on the secondary Console server:
[root@secondary ~]# service WANsupervisor stop
[root@secondary ~]# service apache2 stop || service httpd stop
[root@secondary ~]# /opt/andrisoft/bin/WANmaintenance backup_db
7. Transfer and import the backup file generated at step 4 to the secondary Console server:
[root@secondary ~]# mkdir /opt/andrisoft/sql/primary
[root@secondary ~]# scp root@<primary_server_IP>:/opt/andrisoft/sql/primary/wanguard_db_backup*.sql /opt/andrisoft/sql/primary
[root@secondary ~]# mysql -p andrisoft < /opt/andrisoft/sql/primary/wanguard_db_backup*.sql
8. On the secondary Console server put the primary Console IP in /opt/andrisoft/etc/dbconsole.conf:
[root@secondary ~]# nano /opt/andrisoft/etc/dbconsole.conf
9. Follow the instructions needed for replicating the database from the primary server to the secondary server. An example for MariaDB can be found here. Distribution-specific instructions can be found on the Internet.
10. Once the replication is done and the databases are in sync, execute on the primary Console server:
[root@primary ~]# service WANsupervisor start
[root@primary ~]# service apache2 start || service httpd start
11. Connect to each remote server, if any, and restart the WANsupervisor service:
[root@remote ~]# service WANsupervisor restart
12. In the Console from the primary server, start all components from Configuration » Components. In General Settings » Graphs & Storage set the InfluxDB from the secondary server as Graph Storage Engine 2. By default, InfluxDB is only accessible from localhost, so you might need to edit /etc/influxdb/influxdb.conf to allow the primary server to connect.

15.6. Disaster Recovery Steps for Console

If the primary Console server in a Fault-Tolerant Console Setup setup becomes unavailable, follow these steps:

1. Execute on the secondary Console server:
[root@secondary ~]# mysql -p
Enter the password if requested. Execute in mysql:
mysql> stop slave;
mysql> reset slave;
mysql> exit;
2. Execute on the secondary server:
[root@secondary ~]# rm /opt/andrisoft/etc/dbconsole.conf
[root@secondary ~]# service WANsupervisor restart
[root@secondary ~]# service apache2 start || service httpd start
3. On the secondary Console go to Configuration » Servers » Console and replace the IP of the primary server with the IP of the secondary server. Then, in Configuration » General Settings » Graphs & Storage set Graphing Engine Backend to Graph Storage Engine 2.
4. Connect to each remote server (if any) and run:
[root@remote ~]# /opt/andrisoft/bin/install_supervisor   # enter the secondary Console IP
[root@remote ~]# service WANsupervisor restart
5. Make sure that all components are running correctly by monitoring Reports » Devices » Overview.