Lumu’s VA collectors enable the collection of network metadata from various sources, including firewall logs, proxy logs, DNS queries, DNS packets, and more. Some collectors also support secure metadata transmission via SSL/TLS for enhanced security.

This guide will help you configure your Lumu VA to collect metadata from these sources using technologies that support this type of traffic—such as Palo Alto Prisma, for example.

Requirements

• Lumu Virtual Appliance v4.1.0 or above. If you have not upgraded your VA to a supported version, refer to the following guide.
• You must have a TLS certificate. Otherwise, you must generate one. Alternatively you can acquire one from a certifying authority. To learn more about certificates and how to generate them you can refer to the following article.

These are the general steps you should follow to configure your Lumu VA to collect metadata via SSL/TLS:

Deploy and Set Up Lumu VA

All the detailed steps and guidance to create, download and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:

• Deploy Virtual Appliances
  

Install a new SSL/TLS Certificate on the Lumu VA

To install a new certificate on the Lumu VA, you must place it in a specific path so that it can be recognized by the Lumu VA. The path where the certificate must be placed is:

You can use whatever mechanism you think is most convenient to upload your certificates to the Lumu VA; however, we recommend scp, which is enabled by default on the Lumu VA. You can send the certificates from your local machine to the Lumu VA using the following command:

Replace the parameter in red with the corresponding information needed for the procedure. For example, if the parameter appears as /local/path/<VA name>, it should look something like /local/path/MyVA in the end.

In total, you must run one scp command for each file in your certificate: the CA file, the certificate itself, and the certificate key file—that's three times.

If a certificate file is not located in the specified path, you will receive an alert indicating its absence. To prevent overwriting existing files, be sure to assign clear and distinctive names to your certificates. This is a good example of an adequate certificate file name: palo-alto-ca.crt

Setup a Lumu VA Firewall Log Collector with TLS support

Go to the Lumu Virtual Appliance and refresh the VA Collectors settings by running the command lumu-appliance collectors refresh. If the appliance is running, it must be stopped in order to continue the setup process.

Example of screen when setting up a Firewall Collector

Enter the number of the option corresponding to the TLS version of the technology you want to collect data from, then input the following data as it is requested by the VA:

• Port number: Provide a number between 1024 and 65535, inclusive.
• SSL/TLS authorities file: Provide the name (and just the name) of the authorities file that you already put in /home/applianceadmin/lva_<VA appliance version>/stack/log_collector_certs directory.
• SSL/TLS certificate key file name (PEM format): Provide the name (and just the name) of the certificate key file that you already put in /home/applianceadmin/lva_<VA appliance version>/stack/log_collector_certs directory.
• SSL/TLS certificate file name (PEM format): Provide the name (and just the name) of the certificate file that you already put in /home/applianceadmin/lva_<VA appliance version>/stack/log_collector_certs directory.

Below, you will find a screenshot of the Lumu VA after entering all the required parameters successfully. This will serve as a reference to enter them correctly yourself.

Collector successfully created

You will then be asked whether you want to start the appliance back up. Enter y to do so. Now the appliance should be up and running and Lumu should be collecting metadata via SSL/TLS from your network.

Pointing your Logs to the Lumu VA

The final procedure to ensure that the Lumu VA can collect metadata from your network is to point your logs towards the VA’s IP through the port that was assigned during the Setup a Lumu VA Firewall Log Collector with TLS support step. The way to conduct this procedure may vary between technologies, so it’s recommended to consult the technology’s technical documentation to carry out this final step.