...
- Analyzes crowdsourced measurements received from End Users and correlates them with information received from RADIUS Logs if this information is available.
- Analyzes deterministic measurements received from WiFiMon Hardware Probes and correlates them with information received from RADIUS Logs if this information is available.
- Analyzes wireless network performance metrics received from WiFiMon Hardware Probes.
- Stores results of analysis and correlation.Provides the
The WiFiMon GUI
...
is a software component closely associated with the WiFiMon Agent that allows the Administrators to inspect their monitored WiFi networks.
In the sequelrest of the guide, we refer to the WiFiMon Agent as Non-Secure WiFiMon Agent if crowdsourced and deterministic measurements are streamed over HTTP or Secure WiFiMon Agent if measurements are streamed over HTTPS.
...
.
The guide presents the commands needed to install the WiFiMon Analysis Station (WAS) in a Debian-based distribution (Debian, Ubuntu, etc.). Other distributions can also be used, by adjusting the apt install commands appropriately.
0. Prerequisites to Install WiFiMon Analysis Station (WAS)
To install WiFiMon Analysis Station (WAS) successfully, the following software components are required:
- WiFiMon Agent package
- PostgreSQL (required, tested on version 9.6) and phpPgAdmin (optional)
- Java 8 (or later)
- Elasticsearch (required, tested on version 7.4.2 required)
- Kibana (required, tested on version 7.4.2 required)
- Logstash (version 7.4.2 required in case of correlation with RADIUS Logs, tested on version 7.4.2)
By default, the following ports must be available on the installation server. However, the ports may be changed manually depending on your needs:
- 5044: for Logstash
- 5432: for PostgreSQL
- 5601: for Kibana
- 8441: for WiFiMon GUI
- 8443: for WiFiMon Secure Agent
- 9000: for WiFiMon Non-secure Agent (optional) 9200: for communication with Elasticsearch
- : for Logstash
- 5432: for PostgreSQL
- 5601: for Kibana
- 8441: for WiFiMon GUI
- 8443: for WiFiMon Secure Agent
- 9000: for WiFiMon Non-secure Agent (optional)
- 9200: for communication with Elasticsearch
1. Overview of WiFiMon Analysis Station (WAS) installation
A summary of the mandatory steps for the installation (detailed in the linked sections below):
Install PostgreSQL (and optionally phpPgAdmin)
Create database, tables and users in PostgreSQL
Install WiFiMon Agent and WiFiMon GUI
There are also some optional steps:
Configure dashboard for subnets
Configure dashboard for HW probes
Anchor PostgreSQL PostgreSQL
2. PostgreSQL & phpPgAdmin
| PostgreSQL | |
| PostgreSQL |
To install PostgreSQL and phpPgAdmin (optional), you must use the following commands:
...
By default, PostgreSQL is configured to listen on localhost. We suggest that you do not change this default configuration. After the successful installation of PostgreSQL, the database and tables of the following sections should be created.
Anchor database database
Create Database and User
| database | |
| database |
Run the following commands to create the database wifimon_database and user wifimon_user. This database will store information related to Subnets, Access Points and user accounts that can access the GUI. From root user become user postgres with “su postgres”. Afterwards, use the following commands and appropriately set the password for the wifimon_user:
psql CREATE USER
| Code Block | ||
|---|---|---|
| ||
CREATE USER wifimon_user WITH PASSWORD 'wifimonpass'; |
...
CREATE DATABASE wifimon_database OWNER wifimon_user; |
Once the database is created, you should connect to wifimon_database:
| Code Block | ||
|---|---|---|
| ||
\c wifimon_database; |
Execute the commands in the following paragraphs to create the necessary tables.
...
In order to measure the WiFi performance, WiFiMon embeds JavaScript in frequently-visited websites and the tests are triggered once the End User visits these websites. However, the tests should be restricted only to users/subnets that are served by the WiFi network that is measured. To achieve this, a list of the registered Subnets that are allowed to perform tests is included in subnets table: table:
| Code Block | ||
|---|---|---|
| ||
CREATE TABLE subnets ( |
...
subnet text, |
...
subnet_id serial PRIMARY KEY ); |
Create Users Table
WiFiMon GUI can be accessed by two types of WiFiMon Users: ADMIN and USER. ADMIN has full access to the WiFiMon GUI and can for example add/remove registered Subnets and Access Points, and add/remove Users. USER has limited rights and may only navigate through the measurements results and timeseries dashboards. Table users is used to store the WiFiMon Users information in the database.
| Code Block | ||
|---|---|---|
| ||
CREATE TABLE users ( |
...
id serial PRIMARY KEY, |
...
email text NOT NULL, |
...
password_hash text NOT NULL, |
...
role text NOT NULL); |
Create Accesspoints Table
Table accesspoints is used to store the Access Point information (latitude, longitude, building, floor, notes) in the database. This information is later used to depict the measurements per Access Point.
| Code Block | ||
|---|---|---|
| ||
CREATE TABLE accesspoints ( |
...
apid serial PRIMARY KEY, |
...
mac text NOT NULL, |
...
latitude text, |
...
longitude text, |
...
building text, |
...
floor text, |
...
notes text); |
Create Options Table
Options table stores important privacy settings such as hiding or showing End User related data in the WiFiMon GUI. Correlation options are also included in this table.
| Code Block | ||
|---|---|---|
| ||
CREATE TABLE options ( |
...
optionsid serial PRIMARY KEY, |
...
userdata text NOT NULL, |
...
uservisualoption text NOT NULL, |
...
correlationmethod text NOT NULL |
...
); |
Now, exit from the database by entering \q.
...
To set SELECT, INSERT, DELETE, UPDATE privileges to wifimon_user, follow the commands bellow:
su postgres
psql
| Code Block | ||
|---|---|---|
| ||
GRANT USAGE ON SCHEMA public to wifimon_user; |
...
GRANT CONNECT ON DATABASE wifimon_database to wifimon_user; |
...
\c wifimon_database |
...
GRANT USAGE ON SCHEMA public to wifimon_user; |
...
GRANT SELECT ON subnets, users, accesspoints, options TO wifimon_user; |
...
GRANT INSERT ON subnets, users, accesspoints, options TO wifimon_user; |
...
GRANT DELETE ON subnets, users, accesspoints, options TO wifimon_user; |
...
GRANT UPDATE ON accesspoints, options TO wifimon_user; |
...
GRANT USAGE, SELECT ON SEQUENCE subnets_subnet_id_seq TO wifimon_user; |
...
GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO wifimon_user; |
...
GRANT USAGE, SELECT, UPDATE ON SEQUENCE options_optionsid_seq TO wifimon_user; |
...
GRANT USAGE, SELECT, UPDATE ON SEQUENCE accesspoints_apid_seq TO wifimon_user; |
Exit from the database by entering \q.
...
An initial ADMIN WiFiMon User should be created to allow access to the WiFiMon GUI.
su postgres
psql
| Code Block | ||
|---|---|---|
| ||
\c wifimon_database |
...
INSERT INTO users VALUES ('1', ' |
...
admin@test.com', '$2a$06$AnM.QevGa4BPGg7hc3nEBua6stnbZ8h4PrCjSbDxW.LWL7t4MX8vO', 'ADMIN'); |
By inserting this entry to the users table, you will be able to login as ADMIN with the following credentials (this account can be later deleted from the WiFiMon GUI; however, an ADMIN account should always be present in order to access the GUI and manage the WiFiMon Users, Access Points and Subnets):
Email: admin@test.com
Password: admin1
We suggest that you change your password from the WiFiMon GUI when the installation is complete (Section 5).
Anchor java java
3. Java 8
| java | |
| java |
To install Java 8, please see the instructions at HERE. These instructions are tested for a Debian 10 Installation and will install the OpenJDK 8 using the AdoptOpenJDK repository. The following commands are taken from the aforementioned link:
sudo apt update
sudo apt install apt-transport-https ca-certificates wget dirmngr gnupg software-properties-common
wget -qO - https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public | sudo apt-key add -
sudo add-apt-repository --yes https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/
sudo apt update
sudo apt install adoptopenjdk-8-hotspot
...
apt-get install -y default-jdk default-jre
Anchor elasticsearch elasticsearch
4. Elasticsearch and Kibana
| elasticsearch | |
| elasticsearch |
To install Elasticsearch and Kibana, execute the following commands:
- Elasticsearch 7.4.2
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.4.2-amd64.deb
sudo dpkg -i elasticsearch-7.4.2-amd64.deb
Kibana 7.4.2Anchor kibana kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.4.2-amd64.deb
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.4.2-amd64.deb.sha512
shasum -a 512 kibana-7.4.2-amd64.deb
sudo dpkg -i kibana-7.4.2-amd64.deb
Anchor elasticsearch_configure elasticsearch_configure
Elasticsearch Configuration
| elasticsearch_configure | |
| elasticsearch_configure |
In the configuration file of Elasticsearch (/etc/elasticsearch/elasticsearch.yml), insert/change the following lines. Note that, bold parts must be adjusted to your particular configuration. In the following, we configure Elasticsearch to be accessible from the outside of the WiFiMon Analysis Station
| cluster.name: elasticsearch node.name: ${HOSTNAME} node.master: true node.voting_only: false node.data: true node.ingest: true node.ml: false cluster.remote.connect: false path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch network.host: INSERT the Fully Qualified Domain Name (WAS_FQDN) to which the server listens discovery.seed_hosts: [“INSERT the WAS_FQDN to which the server listens”] cluster.initial_master_nodes: INSERT the HOSTNAME (not WAS_FQDN) of the server xpack.ml.enabled: false xpack.security.enabled: false |
You may start the Elasticsearch cluster with: service elasticsearch restart
Verify that Elasticsearch is running via: netstat -tlnpu (ports 9200, 9300)
Note that "cluster.initial_master_nodes" must be commented out after the first initialization of your Elasticsearch cluster. The above configuration assumes that your setup includes only one Elasticsearch node. For more advanced setups, you may find information in the following WiFiMon guide "RADIUS Logs Streaming to Elasticsearch - Simulation".
Anchor kibana_configure kibana_configure
Kibana Configuration
| kibana_configure | |
| kibana_configure |
After the installation some configurations are required. Open the Kibana configuration file (/etc/kibana/kibana.yml) and make the following changes in the corresponding sections/fields of the configuration file. Note that, bold parts must be adjusted to your particular configuration.
| server.port: 5601 server.host: “INSERT the Fully Qualified Domain Name (WAS_FQDN) to which the server listens” server.name: “wifimon-kibana” elasticsearch.hosts: [ |
...
| “http://WAS_FQDN: |
...
| 9200”] server.ssl.enabled: false |
You may start Kibana with: service kibana restart
Verify that kibana is running via: netstat -tlnpu (port 5601)
Anchor wifimon wifimon
5. WiFiMon Installation
| wifimon | |
| wifimon |
To install WiFiMon, use the following commands:
wget https://fl-5-205.unil.cloud.switch.ch/wifimon-agent-0.1.1-SNAPSHOT.deb --no-check-certificate
sudo apt-get update
sudo apt-get install -y gdebi
sudo gdebi wifimon-agent-0.1.1-SNAPSHOT.deb
...
elasticsearch.sh: Script to create Elasticsearch indices
kibana-import.ndjson: JSON file to be imported in Kibana to create the necessary visualizations and dashboards
start.sh: Script for starting WiFiMon GUI and Agent
secure-processor-0.1.1.war: This incorporates both the WiFiMon Secure and Non-Secure Agent.
ui-0.1.1.war: This incorporates the WiFiMon GUI.
config: Directory with configuration files that need to be filled in
keystore: Directory where the Java Keystore should be stored in order to run WiFiMon Agent and GUI on HTTPS
- probes: Contains files related to the configuration of WiFiMon Hardware Probes.
- subnets: Contains files related to the configuration of the different subnets visualization.
Give permissions to execute the scripts with the following commands:Anchor run run
...
Start the WiFiMon Secure Agent and WiFiMon GUI: ./start.sh
Anchor compile compile
6. Compile WiFiMon Code
| compile | |
| compile |
Note: This step is only required if you make changes to the WiFiMon Code, as the ones listed in sections below.
Get the WiFiMon code from the official repository (https://bitbucket.software.geant.org/projects/WFMON/repos/agent/browse). A requirement to compile WiFiMon code is Apache Maven. You can install it via the following commands:
...
cp /agent/wifimon-assembly/target/wifimon-agent-bin/secure-processor-0.1.1-SNAPSHOT.war /usr/lib/wifimon/secure-processor-0.1.1.war
cp /agent/wifimon-assembly/target/wifimon-agent-bin/ui-0.1.1-SNAPSHOT.war /usr/lib/wifimon/ui-0.1.1.war
Anchor configure_subnets configure_subnets
7. Configuring New Subnets for the Subnets Tab
| configure_subnets | |
| configure_subnets |
Apart from entering a new subnet in the configuration tab, you are required to create a new entry in the Subnets Tab to monitor your WiFi network. This requires performing a few modifications to the WiFiMon Java code as well as modifying HTML code. In the following, we will demonstrate an example of creating an entry for the subnet a.b.c.d/xx where xx is the subnet netmask. The folder that contains the WiFiMon code is called “agent”. Note that the WiFiMon code includes an entry for the subnet “147.102.13.0/24” for demonstration purposes. You may remove this Subnet or overwrite it with yours.
Edit file /agent/wifimon-ui/src/main/resources/templates/fragments/header.htmhtml
Insert the red lines as below:
<li th:class="${classActiveSettingsSubnets}" class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">Subnets<span class="caret"></span></a> <ul class="dropdown-menu"> <li><a href="#" th:href="@{/secure/Subnets/147_102_13_0_24}">147.102.13.0/24</a></li> <li><a href="#" th:href="@{/secure/Subnets/a_b_c_d_xx}">a.b.c.d/xx</a></li> </ul></li> |
Copy the template file /usr/lib/wifimon/subnets/elasticsearchSubnets_a_b_c_d_xx.html to /agent/wifimon-ui/src/main/resources/templates/secure/ and substitute a, b, c, d, xx according to the details of the monitored subnet. Inside this file, you should also substitute a, b, c, d, xx according to your setup. In the following, we provide the head of elasticsearchSubnets_147_102_13_0_24 that corresponds to the monitored subnet 147.102.13.0/24:
<head> <title>Subnets 147.102.13.0/24</title> <meta name="viewport" content="width=device-width, initial-scale=1"/> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <script src="//code.jquery.com/jquery-1.12.0.min.js"></script> <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.css"/> <link href="../../static/css/styling.css" rel="stylesheet" /> <script src="//netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js"></script> </head> |
In /usr/lib/wifimon/subnets, you are given a template MeasurementsController_subnets.txt. You have to include this code extract in /agent/wifimon-ui/src/main/java/net/geant/wifimon/agent/controller/MeasurementsController.java and (a) change a, b, c, d and xx according to your setup and (b) enter the link from the Kibana Dashboard where it is requested.
@RequestMapping(value = "/secure/Subnets/a_b_c_d_xx") public String elasticsearchSubnets_a_b_c_d_xx(Model model, HttpSession session, HttpServletRequest request) { UrlParameters urlParameters = createUrlParameters(request); String elasticsearchURL; elasticsearchURL = environment.getProperty(KIBANA_PROTOCOL) + "://" + environment.getProperty(SERVER_HOST_NAME) + ":" + environment.getProperty(KIBANA_PORT) + "ENTER_KIBANA_VISUALIZATION_LINK_HERE"; model.addAttribute("classActiveSettingsSubnets", "active"); model.addAttribute("elasticsearchURL", elasticsearchURL); return "secure/elasticsearchSubnets_a_b_c_d_xx"; } |
Anchor configure_probes configure_probes
8. Configuring New Entries in the HW Probes Tab
| configure_probes | |
| configure_probes |
In the following, we will demonstrate an example of creating an entry for the HW Probe corresponding to the number x, i.e. testtools are NetTest-x, boomerang-x and speedtest-x. The folder that contains the WiFiMon code is called “agent”. Note that the WiFiMon code includes 10 preconfigured WiFiMon HW Probes.
...
Insert the red lines as below:
<li th:class="${classActiveSettingsHWProbes}" class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">HWProbes<span class="caret"></span></a> <ul class="dropdown-menu"> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe1}">HWProbe1</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe2}">HWProbe2</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe3}">HWProbe3</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe4}">HWProbe4</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe5}">HWProbe5</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe6}">HWProbe6</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe7}">HWProbe7</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe8}">HWProbe8</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe9}">HWProbe9</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbe10}">HWProbe10</a></li> <li><a href="#" th:href="@{/secure/HWProbes/HWProbex}">HWProbex</a></li> </ul> </li> |
Copy the template file /usr/lib/wifimon/probes/elasticsearchHWProbesx.html to /agent/wifimon-ui/src/main/resources/templates/secure/ and substitute x according to your setup. Inside this file, you should also substitute x according to your setup. In the following, we provide the head of elasticsearchHWProbes10 that corresponds to the HW Probe with testtool number 10:
<head> <title>Metrics for HW Probe 10</title> <meta name="viewport" content="width=device-width, initial-scale=1"/> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <script src="//code.jquery.com/jquery-1.12.0.min.js"></script> <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.css"/> <link href="../../static/css/styling.css" rel="stylesheet" /> <script src="//netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js"></script> </head> |
In /usr/lib/wifimon/probes, you are given a template MeasurementsController_probes.txt. You have to include this code extract in /agent/wifimon-ui/src/main/java/net/geant/wifimon/agent/controller/MeasurementsController.java and (a) change x according to your setup and (b) enter the link from the Kibana Dashboard where it is requested.
@RequestMapping(value = "/secure/HWProbes/HWProbex") public String elasticsearchHWProbe1(Model model, HttpSession session, HttpServletRequest request) { UrlParameters urlParameters = createUrlParameters(request); String elasticsearchURL; elasticsearchURL = environment.getProperty(KIBANA_PROTOCOL) + "://" + environment.getProperty(SERVER_HOST_NAME) + ":" + environment.getProperty(KIBANA_PORT) + "INSERT_KIBANA_DASHBOARD_LINK_HERE"; model.addAttribute("classActiveSettingsHWProbes", "active"); model.addAttribute("elasticsearchURL", elasticsearchURL); return "secure/elasticsearchHWProbesx"; } |
Anchor subnet_dashboard subnet_dashboard
9. Creating a New Dashboard for a Subnet
| subnet_dashboard | |
| subnet_dashboard |
In the Kibana user interface, choose the Dashboard section. There, you will find a Dashboard called “SubnetsTimeseries_a.b.c.d/xx”. Add the appropriate filter corresponding to the number of your monitored subnet. For example, if the subnet is a.b.c.d/xx, you should add the following filter “requesterSubnet is a.b.c.d/xx”. Save your dashboard as a new dashboard. Remember to store time with your dashboard.
In Share --> Permanent Links --> Snapshot you can find the URL to include in the WiFiMon Java code.
Anchor probe_dashboard probe_dashboard
10. Creating a New Dashboard for a HW Probe
| probe_dashboard | |
| probe_dashboard |
In the Kibana user interface, choose the Dashboard section. There, you will find a Dashboard called “HW Probe Dashboard x”. Add the appropriate filter corresponding to the number of your monitored WiFiMon HW Probe. For example, if the testtool number of your WiFiMon HW Probe is 11, you should add the following filter “testTool is one of NetTest-11 boomerang-11 speedtest-11”. Save your dashboard as a new dashboard. Remember to store time with your dashboard.
In Share --> Permanent Links --> Snapshot you can find the URL to include in the WiFiMon Java code.
Anchor letsencrypt letsencrypt
11. Configuring WiFiMon Secure Agent
| letsencrypt | |
| letsencrypt |
We will demonstrate the configuration of the WiFiMon Secure Agent with a Let’s encrypt certificate. WiFiMon Administrators are free to use whatever certificates they prefer. In the following, we assume that both WiFiMon Analysis Station and WiFiMon Test Server are installed in the same server and thus, use the same certificate. WiFiMon Administrators may install them in separate servers.
...
Next, we will insert generated certificates/keys in the Apache configuration files. Edit file /etc/apache2/sites-available/default-ssl.conf and change the following lines:
| SSLCertificateFile /etc/letsencrypt/live/WAS_FQDN/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/WAS_FQDN/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/WAS_FQDN/chain.pem |
Apply changes and enable SSL:
...
You may find more information in the following links:
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=ssl&f=2
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=httpd&f=8
Copy these files in /usr/lib/wifimon/keystore:
...
In /usr/lib/wifimon/config/secure-processor.properties, make the following changes:
| server.port=8443 server.ssl.key-store=./keystore/wifimon.jks server.ssl.key-store-password=[PASSWORD_keystore] server.ssl.key-password=[PASSWORD_key] |
In /usr/lib/wifimon/config/ui.properties, make the following changes:
| server.ssl.key-store=./keystore/wifimon.jks server.ssl.key-store-password=[PASSWORD_keystore] server.ssl.key-password=[PASSWORD_key] kibana.protocol=https |
Furthermore, change the following parameters of the file /etc/kibana/kibana.yml:
| server.ssl.enabled: true server.ssl.certificate: /usr/lib/wifimon/keystore/cert.pem server.ssl.key: /usr/lib/wifimon/keystore/privkey.pem |
Moreover, in your WiFiMon Test Server, change the agentPort from 9000 to 8443 in every testtool HTML page as well as http to https. Moreover, do not forget to change http to https in /var/www/html/wifimon/js/nettest/nettest-swfobject.js.
WiFiMon is now configured to use HTTPS for WiFiMon GUI and Agent.
Anchor xpack xpack
12. Configuring ELK Stack Security (X-Pack)
| xpack | |
| xpack |
We will secure the ELK stack using a self-signed certificate. First, you have to create the file “/usr/share/elasticsearch/instances.yml” with the following contents:
...
In /etc/elasticsearch/elasticsearch.yml add the following and restart the Εlasticsearch cluster:
| xpack.security.enabled: true (you have previously set this value to false) xpack.security.http.ssl.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: full xpack.security.http.ssl.key: /etc/elasticsearch/certs/elasticsearch.key xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt xpack.security.transport.ssl.key: /etc/elasticsearch/certs/elasticsearch.key xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt |
Generate passwords for the built-in users. Note the passwords as they are not provided again. Inside directory /usr/share/elasticsearch/bin/, use the following command:
./elasticsearch-setup-passwords auto -u "https://WAS_FQDN:9200"
Configure Kibana keystore using the following command:
...
In /etc/kibana/kibana.yml, add the following and restart Kibana:
| elasticsearch.hosts: [“https://WAS_FQDN:9200”] elasticsearch.ssl.certificateAuthorities: [ “/etc/kibana/certs/ca.crt” ] elasticsearch.ssl.verificationMode: full |
Make sure that certificates and keys in /etc/elasticsearch/certs/, /etc/kibana/certs/ and /usr/lib/wifimon/keystore/ are accessible by both Εlasticsearch and Kibana.
Next, you will configure the WiFiMon Agent properties. Create the truststore for X-Pack:
...
Edit /usr/lib/wifimon/config/secure-processor.properties and add the following lines:
| xpack.security.enabled=true ssl.certificate.type=keystore ssl.http.user.username=elastic ssl.http.user.password=[elastic built-in user password] ssl.http.keystore.filepath=/usr/lib/wifimon/keystore/keystore.jks ssl.http.keystore.password=[keystore.jks password] ssl.http.truststore.filepath=/usr/lib/wifimon/keystore/truststore.jks ssl.http.truststore.password=[truststore password] ssl.http.key.password=[elasticsearch.key password] |
Anchor links links
13. Links to Installed Software
| links | |
| links |
The installation is now complete and you can access:
The WiFiMon GUI at https://WAS_FQDN:8441/login (see Figure 1)
The Kibana admin page at https://WAS_FQDN:5601
Figure 1: WiFiMon login page
Credentials to login as ADMIN (see paragraph 1.1):
Email: admin@test.com
Password: admin1
Once you login, you will be able to see the following tabs at the top of the WiFiMon GUI:
...