Configuring Site Servers


Example Root Site Server configuration



Type of Site Servers

  • Root - The top level Site Server that reports to the FTK Central service, and can collect from on-network targets.
  • Private - A child Site Server that reports to a parent Site Server, and can collect from on-network targets.
  • Private (Protected) - A child Site Server that reports to a parent Site Server when only one-way communication is allowed, and can collect from on-network targets.
  • Public - A child Site Server that reports to a parent Site Server, and can collect from off-network targets.

Note: See network requirements for each Site Server type here.


Field: Friendly Name

Description: A user-defined name to easily identify the Site Server


Field: Logging Level

Description: Level of message detail to record in site_server.log.

Default Value: ERROR


Field: Agent Port

Description: Port used by on-network agents.

Default Value: 3999


Field: Catch All Delay(s)

Description: When a Site Server is looking for new jobs every x mins, this setting will delay that cycle by specified interval. This is useful when you mark a particular SS to catch all IPs and you want it to execute only if others have failed. 

Default Value: 0



Secure Communications

Field: Private Certificate

Description: The private certificate used to communicate with the FTK Central service and other Site Servers.

Note: See certificate requirements here.


Field: Public Certificate

Description: The public certificate used to communicate with the FTK Central Service and other Site Servers.

Note: See certificate requirements here.


Field: Agent Certificate

Description: The private certificate used to communicate with Agents.

Note: See certificate requirements here.



Database

Field: System Password

Description: Password to the locally-installed PostgreSQL database where Site Server stores its settings and metadata.


Field: Database Port

Description: Port used by the locally-installed PostgreSQL database where Site Server stores its settings and metadata.

Default Value: 5432



IP Configuration

Field: Internal Addresses/FQDN

Description: Internal (on-network) IP or FQDN of a Public Site Server.


Field: External Addresses/FQDN

Description: External (internet-facing) IP or FQDN of a Public Site Server.


Field: Port

Description: Port used for communication between Site Servers, and for Agent heartbeat/check-in.

Default Value: 54545


Field: Heartbeat Port

Description: Additional Port used for Agent heartbeat/check-in.

Default Value: 54555


Field: Client Port

Description: Port used FTK Central to Root Site Server communication.

Default Value: 54321



Results

Field: Results Directory or UNC Path

Description: Path to store collected data in temporarily.


Field: Results Share Domain

Description: Domain to use if Results Directory is a UNC path.


Field: Results Share Username

Description: Username to use if Results Directory is a UNC path.


Field: Results Share Password

Description: Password to use if Results Directory is a UNC path.



Site Server System

Field: Parent Instance

Description: The parent of a Private or Public site server, in the format IP/FQDN:Port.


Field: Children Instances

Description: The children of a Root or Private site server, in a comma-delimited list in the format IP/FQDN:Port.


Field: Public Instances

Description: A list of all an environment's available Public Site Servers, in a comma-delimited list in the format IP/FQDN:Port.

NoteThis is used to notify Public Agents of other available Public Site Servers that may be closer/faster.



Locality

Field: Managed Subnet Address(es)

Description: A comma-delimited list of CIDR ranges that includes all targets the given Site Server is allowed to collect from.



Configuration

Field: Max Client Connections

Description: The number of clients/applications that are allowed to connect to the Client Port.

Default Value: 10


Field: Max Incoming Threads

Description: The number of threads created for incoming connections by Site Servers and Agents over the Port.

Default Value: 50


Field: Max Outgoing Threads

Description: The number of threads created for outgoing connections to Site Servers and Agents over the Port.

Default Value: 50


Field: Max Event Threads

Description: The number of threads created for handling agent events that were previously added to the Site Server database.

Default Value: 50


Field: Replication Threads

Description: The number of threads created for replicating data between Site Servers.

Default Value: 5


Field: Retry Count

Description: The number of retries to make when replicating data.

Default Value: 5


Field: Retry Delay (ms)

Description: The time between retries.

Default Value: 100



Bandwidth Control

Field: In From SiteServer

Description: Max bandwidth allowed in from other Site Servers.

Default Value: Unlimited


Field: Out To SiteServer

Description: Max bandwidth allowed out to other Site Servers.

Default Value: Unlimited


Field: In From Agent

Description: Max bandwidth allowed in from Agents.

Default Value: Unlimited


Field: Out To Agent

Description: Max bandwidth allowed in from Agents.

Default Value: Unlimited