• For administrators
  • Configure telemetry UI

Setup telemetry UI

ℹ️ In SalaX Secure Mail, telemetry data includes logs and measurements of different kinds. Please refer to the Access telemetry data section to see what kinds of telemetry data is supported.

Data storage and access

Storing telemetry data is optional, but enabled by default.

When enabled, the telemetry data is stored in InfluxDB. We support the OpenSource Community Edition of InfluxDB v2. For a comprehensive overview of InfluxDB itself, please refer to the official InfluxDB Documentation.

The official InfluxDB Documentation contains detailed guidance on how to effectively use InfluxDB for data query, analytics, dashboard, and alerts. The data can be accessed and managed either via InfluxDB web UI or via InfluxDB CLI.

The InfluxDB Documentation also contains information about how to assign access to different users and their respective access controls. Such user and access management can be done via InfluxDB CLI.

Data retention policy

By default, the system sets a retention period for each data bucket within InfluxDB. However, they can be updated via InfluxDB's CLI by setting the appropriate retention periods on the respective buckets. The following are the defaults on the current data buckets:

  • mail_audit: infinite

Configure InfluxDB UI

Installation

InfluxDB gets installed as part of the system installation or upgrade.

InfluxDB can be accessed and managed via InfluxDB CLI. However, if there is a need to enable the InfluxDB UI, some additional steps are needed, as described below.

Enabling the web UI

InfluxDB web UI is not enabled by default. This is because it needs to run on a different hostname or port, and likely needs an external firewall opening too.

This requires updating the nginx configuration as described below. The nginx template for getting it to work can be found at /opt/DSuite/identity-service/templates/influxdb.nginx.conf.template.

  1. Copy the nginx template to /etc/nginx/conf.d/$instance_name.influxdb.conf file.

  2. Change following in this file: 

    • $instance_name = name of the instance you are adding InfluxDB
    • $instance_ip:8086 = IP and Port on host server on where you want InfluxDB UI to work
    • $server_name = fqdn of it
    • $cert = path to certificate 
    • $key = path to certificate key
    • $influxdb_ip = IP of InfluxDB container. The IP can be found out by checking .env file as grep INFLUXDB_IP /server/$instance_name/dsuite/identity-service/config/.env

  3. Restart nginx.

Logging into the UI

In order to login to the UI, please use the following username and password:

  • Username: influx-admin

  • Password: Use the value of INFLUXDB_PWD env var from the env file at /server/$instance_name/dsuite/identity-service/config/.env.

Opening local firewall on host server

  1. Update the following:

    • $admin_ip = IP address from where you allow access to InfluxDB (should not open to whole public)
    • $instance_ip = IP on host server on where you want InfluxDB UI to work, same as nginx configurations above
    • $port = Port on host server on where you want InfluxDB UI to work, same as nginx configurations above 
    • $influxdb_ip = IP of InfluxDB container, same as nginx configurations above 

  2. Add following lines to /etc/opt/Sec@GW/nftables/instance-rules/$instance_name/docker_rules_$instance_name

    add rule filter INPUT ip saddr $admin_ip ip daddr $instance_ip tcp dport $port ct state new accept
add rule filter OUTPUT ip daddr $influxdb_ip tcp dport $port ct state new accept

  3. Run following command 

    nft add rule filter INPUT ip saddr $admin_ip ip daddr $instance_ip tcp dport $port ct state new accept 
nft add rule filter OUTPUT ip daddr $influxdb_ip tcp dport $port ct state new accept

Was this page helpful?