I was reading the Top 47 Log Management Tools from ProfitBricks’ blog. During quick scanning the key features and cost, I decided to give LOG Storm a try. This post is the recording steps for installation and basic configuration of this product.

Key Features: 
  • In-depth threat analysis
  • Flexible deployment options
  • Intuitive graphical user interface
  • Incident response, forensics, and discovery
  • Built-in support for 1,000+ devices
  • Simple device integration tool
  • Reporting packs for major regulatory compliance standards
  • Master console for centralized log management
  • MetaRules Correlation
Cost: 
  • LOG Storm Virtual SIEM Appliance: FREE
  • Other deployment options and advanced solutions: Contact for a quote
Note: Free license is only for up to 5 devices and 5G storage.
blackstratus.png?resize=400%2C185blackstratus.png?resize=400%2C185

1. Download

From the green “Free LOG STROM DOWNLOAD” link, you will be guided to a page with following links:
Download LOG Storm image file here.
Download LOG Storm torrent file here.
If you need to request a license key for LOG Storm, please click here.

Click the image file the downloading will automatically started. You will get a 1.39G LOG_Storm_4.5.0.20_Eval_VA.ova file.

2. Import OVA into VM lab environment

Double click the downloaded ova file, VM Workstation will import it into your default Virtual Machine folder.

2015-01-06_16-35-23.png?resize=320%2C2832015-01-06_16-35-23.png?resize=320%2C283

Default vm setting for LOG Storm is using 6GB memory. I changed it to 4GB and it is still working fine in my lab environment.

3. Start your VM 

Default user name/password is htadmin/htadmin
You will have to accept the agreement, change the htadmin password, do basic network and information configuration. Then wait at most 5 minutes to let virtual appliance to configure itself based on your input.

2015-01-06_16-39-45.png?resize=320%2C1832015-01-06_16-39-45.png?resize=320%2C183

2015-01-06_16-40-33.png?resize=320%2C1622015-01-06_16-40-33.png?resize=320%2C162

4. First SSH Log in

After virtual appliance rebooted, use SSH log into system with htadmin username.

2015-01-06_16-44-47.png?resize=320%2C1452015-01-06_16-44-47.png?resize=320%2C145

After logged into system, it will ask you to enter valid license you got from the email.

Linux logstorm 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
Last login: Tue Jan  6 11:02:13 2015
Do you need to change your configuration before entering your license? ([Y]es, [N]o, Enter = , ‘?’ for help) : N
Please enter your LOG Storm appliance license (what you enter will NOT be echoed back to you): (‘help’ for help) : 
License is valid

Activating LOG Storm services

2015-01-06_16-47-40.png?resize=320%2C1992015-01-06_16-47-40.png?resize=320%2C199

 From the main menu, you will need to select 2. Password Management to set Admin Account Password which will be used to log into WebUI

2015-01-06_16-48-01.png?resize=320%2C2572015-01-06_16-48-01.png?resize=320%2C257

5. WebUI Log in

Using your browser to open https://<Virtual Appliance IP address>, you will get following screenshot.
2015-01-06_16-50-04.png?resize=320%2C1952015-01-06_16-50-04.png?resize=320%2C195

 Click ‘Launch Client’

2015-01-06_16-50-51.png?resize=320%2C2132015-01-06_16-50-51.png?resize=320%2C213

 Enter Admin username and password

2015-01-06_16-51-04.png?resize=320%2C1972015-01-06_16-51-04.png?resize=320%2C197

 Now it is the dashboard for your SIEM Virtual Appliance.

2015-01-06_16-51-39.png?resize=640%2C3522015-01-06_16-51-39.png?resize=640%2C352

6. Reference