c
Balqess Odat
elasticsearch » 192.168.0.9 (events storage) correct me if I am wrong , need help !! :(
Need output of command corecfg get on core server
Size: a a a
2020 February 24
BO
ok i will check it and keep you updated
MH
hello guys
MH
am getting this error after finishing the medium load installation
MH
MH
i think i should execute a corecfg command but cannot find the syntax
IY
Mohammed Houssani
i think i should execute a corecfg command but cannot find the syntax
corecfg get
IY
some examples for corecfg provided by admin guide as I remember
MH
the english one ?
IY
Mohammed Houssani
the english one ?
Just execute corecfg get
MH
MH
but still the siem is not working
IY
Mohammed Houssani
but still the siem is not working
Yes, this is an informational command
IY
Mohammed Houssani
This is not full output
MH
RoleId = '3f678b9a-eb86-405b-bf64-72c53c0dcd19' (String)
HostAddress = '192.168.0.6' (String)
CybsiEnabled = 'False' (String)
CybsiHost = 'localhost' (String)
CybsiPort = '2443' (String)
SiemAddress = '192.168.0.6' (String)
SiemRMQUser = 'mpx_siem' (String)
SiemRMQPassword = 'P@ssw0rd' (String)
SiemElasticsearchHost = '192.168.0.6' (String)
CoreSiteId = '4D617850-6174-726F-6C39-536974654964' (String)
CoreInstallationId = 'd328246d-7a98-4ff0-ad67-e3cfdba00f41' (String)
SiteName = 'SIEM' (String)
DistributedDeployment = 'False' (Bool)
SqlServerName = 'localhost\MaxPatrolXCore' (String)
SqlServerUserName = 'sa' (String)
SqlServerPassword = 'P@ssw0rdP@ssw0rd' (String)
PostgreHost = 'localhost' (String)
PostgreUserName = 'pt_system' (String)
PostgrePassword = 'P@ssw0rdP@ssw0rd' (String)
SSLCertificateThumb = '805A6F12A9BF2978BCC718D718DB7E9F269E2D53' (String)
SmtpSender = 'Notification System <NoReply@SiemNotifications.com>' (String)
SmtpHost = 'localhost' (String)
SmtpPort = '25' (String)
SmtpUseDefaultCredentials = 'True' (Bool)
SmtpUser = '' (String)
SmtpPassword = '' (String)
SmtpSslEnabled = 'False' (Bool)
EmailNotificationRetryPeriodSeconds = '60' (String)
EmailNotificationRetryCount = '10' (String)
PtkbDbName = 'vm_content' (String)
UsePtbkServer = 'True' (Bool)
MongoDbHost = 'localhost' (String)
MongoDbPort = '27017' (String)
MongoDbLogin = 'admin' (String)
MongoDbPassword = 'P@ssw0rd' (String)
MongoDbAuthSource = 'admin' (String)
HideVulnerabilityGroups = 'False' (Bool)
PtkbFeatureHost = '192.168.0.6' (String)
DataVersion = '21.1.3058' (String)
InstallerVersion = '21.1.3058' (String)
RMQHost = 'localhost' (String)
RMQVirtualHost = 'mpx' (String)
RMQUser = 'mpx_core' (String)
RMQPassword = 'P@ssw0rd' (String)
RMQSslServerName = 'localhost' (String)
RMQSslCertPath = 'E:\Program Files\Positive Technologies\MaxPatrol SIEM Core\.install\scripts\Certificates\RMQ_Core_Client.p12' (String)
RMQSslCertPassword = 'oxah4kie2O' (String)
ServicesRMQHost = 'localhost' (String)
ServicesRMQVirtualHost = '/' (String)
ServicesRMQUser = 'mpx_core' (String)
ServicesRMQPassword = 'P@ssw0rd' (String)
ServicesRMQSslServerName = 'localhost' (String)
ServicesRMQSslCertPath = 'E:\Program Files\Positive Technologies\MaxPatrol SIEM Core\.install\scripts\Certificates\RMQ_Core_Client.p12' (String)
ServicesRMQSslCertPassword = 'oxah4kie2O' (String)
Replication = 'False' (Bool)
ReplicationPerScan = 'False' (Bool)
ReplicationInterval = '00:30:00' (String)
ReplicatedCores = '' (String)
StopOnMicroserviceError = 'False' (Bool)
IncidentAggregationTimeout = '00:01:00' (String)
IncidentIdenticalNotificationLimit = '100' (String)
PtmcHostAddress = '192.168.0.6' (String)
DefaultLocale = 'en-US' (String)
DefaultAssetTtl = '90.00:00:00' (String)
TtlCheckPeriod = '01.00:00:00' (String)
SaltMasterHost = '192.168.0.9' (String)
SaltMasterPort = '9035' (String)
MicroservicesCertificateThumb = '7EA87DDE95A95FD2D2BA8C9C1237110A9177DA46' (String)
OnlineHelpPortalUrl = '' (String)
UseOnlineHelpPortal = 'False' (Bool)
ConsiderEventsImportance = 'True' (Bool)
HostAddress = '192.168.0.6' (String)
CybsiEnabled = 'False' (String)
CybsiHost = 'localhost' (String)
CybsiPort = '2443' (String)
SiemAddress = '192.168.0.6' (String)
SiemRMQUser = 'mpx_siem' (String)
SiemRMQPassword = 'P@ssw0rd' (String)
SiemElasticsearchHost = '192.168.0.6' (String)
CoreSiteId = '4D617850-6174-726F-6C39-536974654964' (String)
CoreInstallationId = 'd328246d-7a98-4ff0-ad67-e3cfdba00f41' (String)
SiteName = 'SIEM' (String)
DistributedDeployment = 'False' (Bool)
SqlServerName = 'localhost\MaxPatrolXCore' (String)
SqlServerUserName = 'sa' (String)
SqlServerPassword = 'P@ssw0rdP@ssw0rd' (String)
PostgreHost = 'localhost' (String)
PostgreUserName = 'pt_system' (String)
PostgrePassword = 'P@ssw0rdP@ssw0rd' (String)
SSLCertificateThumb = '805A6F12A9BF2978BCC718D718DB7E9F269E2D53' (String)
SmtpSender = 'Notification System <NoReply@SiemNotifications.com>' (String)
SmtpHost = 'localhost' (String)
SmtpPort = '25' (String)
SmtpUseDefaultCredentials = 'True' (Bool)
SmtpUser = '' (String)
SmtpPassword = '' (String)
SmtpSslEnabled = 'False' (Bool)
EmailNotificationRetryPeriodSeconds = '60' (String)
EmailNotificationRetryCount = '10' (String)
PtkbDbName = 'vm_content' (String)
UsePtbkServer = 'True' (Bool)
MongoDbHost = 'localhost' (String)
MongoDbPort = '27017' (String)
MongoDbLogin = 'admin' (String)
MongoDbPassword = 'P@ssw0rd' (String)
MongoDbAuthSource = 'admin' (String)
HideVulnerabilityGroups = 'False' (Bool)
PtkbFeatureHost = '192.168.0.6' (String)
DataVersion = '21.1.3058' (String)
InstallerVersion = '21.1.3058' (String)
RMQHost = 'localhost' (String)
RMQVirtualHost = 'mpx' (String)
RMQUser = 'mpx_core' (String)
RMQPassword = 'P@ssw0rd' (String)
RMQSslServerName = 'localhost' (String)
RMQSslCertPath = 'E:\Program Files\Positive Technologies\MaxPatrol SIEM Core\.install\scripts\Certificates\RMQ_Core_Client.p12' (String)
RMQSslCertPassword = 'oxah4kie2O' (String)
ServicesRMQHost = 'localhost' (String)
ServicesRMQVirtualHost = '/' (String)
ServicesRMQUser = 'mpx_core' (String)
ServicesRMQPassword = 'P@ssw0rd' (String)
ServicesRMQSslServerName = 'localhost' (String)
ServicesRMQSslCertPath = 'E:\Program Files\Positive Technologies\MaxPatrol SIEM Core\.install\scripts\Certificates\RMQ_Core_Client.p12' (String)
ServicesRMQSslCertPassword = 'oxah4kie2O' (String)
Replication = 'False' (Bool)
ReplicationPerScan = 'False' (Bool)
ReplicationInterval = '00:30:00' (String)
ReplicatedCores = '' (String)
StopOnMicroserviceError = 'False' (Bool)
IncidentAggregationTimeout = '00:01:00' (String)
IncidentIdenticalNotificationLimit = '100' (String)
PtmcHostAddress = '192.168.0.6' (String)
DefaultLocale = 'en-US' (String)
DefaultAssetTtl = '90.00:00:00' (String)
TtlCheckPeriod = '01.00:00:00' (String)
SaltMasterHost = '192.168.0.9' (String)
SaltMasterPort = '9035' (String)
MicroservicesCertificateThumb = '7EA87DDE95A95FD2D2BA8C9C1237110A9177DA46' (String)
OnlineHelpPortalUrl = '' (String)
UseOnlineHelpPortal = 'False' (Bool)
ConsiderEventsImportance = 'True' (Bool)
MH
this the full output
IY
Mohammed Houssani
this the full output
Thx
IY
Is 192.168.0.6 an address of SIEM server component?
MH
no the core is 192.168.0.6
MH
the debian is 192.168.0.9