If you have ever tried to configure an ELM data storage connected via iSCSI you found out it's buggy and broken. So did I a few days ago. If you are interested in how to accomplish the goal set in the topic of this post, read on.
Disclaimer: I'm in not an expert and can not be held liable for any results of following the procedures below, including losing your data, damaging or destroying your SIEM, burning down your house, or anything else.
This example was configured on the all-in-one combo device. If you have separate ELM box some of the configuration should probably(?) done on the ELM box itself.
This example uses IP address of iSCSI target 192.168.20.20 and target IQN iqn.1992-04.com.emc:cx.fcnmm121100125.a1.
First: set up your storage
Make sure your SIEM can communicate with the storage. Most typically TCP ports 860 and 3260 are used.
Define iSCSI target and LUNs to be used by ELM. Note the IP and port of the iscsi portal.
I strongly suggest using authentication even if this example doesn't.
Allow initiator on your machine connect to the defined target. Find initiator name on the SIEM box in /etc/iscsi/initiatorname.iscsi
Second: discover the target
This is the part that mostly works even through GUI. It will however at least show wrong size if you use multiple LUNs.
Login to terminal on the SIEM box as root.
# /usr/local/bin/IscsiDiscovery -n STORAGE001 -a 192.168.20.20 -p 3260
Where STORAGE001 is the name you want to give to this storage, 192.168.20.20 IP address of the iSCSI target and 3260 TCP port where storage is listening. This should discover your target and with some luck log on to it and attach the devices. If you run:
# lsscsi -t
And see something like this:
[1:0:0:0] cd/dvd ata: /dev/scd0
[2:0:0:0] disk spi:0 /dev/sda
[3:0:0:0] disk iqn.1992-04.com.emc:cx.fcnmm121100125.a1,t,0x2 /dev/sdb
[3:0:0:1] disk iqn.1992-04.com.emc:cx.fcnmm121100125.a1,t,0x2 /dev/sdc
you can consider yourself lucky. The last two devices in example above are iSCSI LUNsYou can check what was discovered under /etc/NitroGuard/iscsi_discovered/* and /etc/iscsi/nodes/*
Another tool to check the status is IscsiGetIQNStatus:
# /usr/local/bin/IscsiGetIQNStatus -a 192.168.2.20 -p 3260 -i iqn.1992-04.com.emc:cx.fcnmm121100125.a1
Third: get volumes ready
If you are not logged to the terminal on the SIEM box as root yet, do it now.
Get the status of the attached volumes:
You should see all the devices (LUNs) that were attached in the previous step. The 'status' value will most probably be 'needs formating'.
Create partitions and filesystems with:
# /usr/local/bin/FormatSanVolume sdX
Where sdX is the name of device. Repeat for each device that you want to use and is listed by GetSanVolumes.
Fourth: make them storage devices
You will have to create storage device config file now. For our example with two LUNs it should look like this (explanation follows):
Within the square brackets is the name you want to give to your storage device.
The 'mount' parameter is the mount point where device will be mounted. AFAIK it is arbitrary and will be created if it doesn't exist. Use /elm_storage/something.
The 'maxbytes' parameter is maximum available space on the file system. Size in example is 970GB.
The 'elm' parameter is identifier of your ELM. On the combo box you can find the value on the top of the /etc/NitroGuard/thirdparty.conf file as the value in the '# ESM:' line.
The 'uuid' parameter is the uuid of the device. You can find it in the output of the GetSanVolumes command.
After editing and double-checking save your storage_device_config file.
Run the tool to configure your storage devices:
# /usr/local/bin/SetStorageConf /yourpath/storage_device_config
If command does not return an error you are done!
you should see something like
/dev/sdc on /elm_storage/pool1_20150112163745 type ext4 (rw)
/dev/sdb on /elm_storage/pool1_20150112163744 type ext4 (rw)
in the output.
Reboot your SIEM box to see if everything comes up ok.