Skip to main content

Collector proxy for a Windows OS

When you need an extra layer of security for your Microsoft Windows systems, Moogsoft Cloud collectors can send events to a configured proxy server address. Configuring a proxy server address is often warranted when you have security policies that prohibit a collector from communicating directly with the Moogsoft server.

The Moogsoft collector proxy setup allows you to do the following:

  • Use a forward proxy server to receive events from all of your collector traffic and forward them to Moogsoft.

  • Configure new and existing collectors to work behind the forward proxy.

  • Use a reverse proxy for collector traffic.

Before you begin

Before you begin, check that you have performed the following actions:

  • You have signed into your Moogsoft account.

  • You have installed and configured your Windows proxy server software or plan to use a Linux-based forwarding proxy server as described in Collector proxy for a Linux or Mac OS. You also can install and configure Nginx to use as a reverse proxy server on Windows. However, we do not recommend using Nginx as a forward proxy.

  • While you can use the built-in proxy for Windows, it routes all your Windows traffic through the proxy, not just collector traffic. You can also route Windows traffic through a Linux or Macintosh proxy server.

  • Test that your proxy server is active. You can use wget proxyservername:portnumber to test your proxy server.

Note

Read the Supported platforms, Install a Windows OS collector, and Collector operations topics before starting. These topics contain some key points about collector installation that you need to know.

Configure a Windows collector forward proxy

You can route your Windows collector traffic with a forward proxy for your Windows platforms. For best use of a collector proxy, you should install and configure the collector proxy before installing your collectors.

When you configure your Windows collector forward proxy, you need to provide the following information for the forward proxy configuration:

  • Specify the proxy server machine name and source.

  • Provide access to the machine using the machine name you specified above.

  • Specify the proxy server port number.

You can review a brief example in the section “Squid for Windows” later in this topic.

Install a collector behind the Windows forward proxy

To install your collector on a Windows instance, go to your Moogsoft UI instance:

Note

Before starting, remove any existing collector if it is still installed. Review the Collector operations topic for more information about removing collectors.

  1. Go to Integrations > Ingestion Services > Collectors > Installation.

  2. Select the Windows collector platform.

  3. In the Windows installation pane, click Download installer to download the installer wizard on your Windows target client system.

    msw-download.png

  4. Open the installer wizard on your system and click Next.

  5. If you have an existing collector on your Windows client system, the installer prompts you to start a clean up and removal of the existing collector. Remove the existing collector, open the installer wizard again, and click Next.

  6. In the Set Environment Variables panel, fill in your API Key and Base URL. To do this:

    1. In your Moogsoft UI, copy and paste the displayed API key into the Moogsoft Collector Setup wizard.

    2. Copy and paste the Base URL into the Moogsoft Collector Setup wizard. When using a reverse proxy, you would set the Base URL to the reverse proxy URL address. For more information, see the following section, “Install a collector behind a Windows reverse proxy.”

  7. Optional step: Paste your proxy URL ip address into the Proxy URL field and click Next.

    Your proxy URL is your Window proxy server ip address with the addition of the proxy server port number, in the following format:

    http or https://<ip address>:<proxy server port>

  8. Click Install and Finish.

  9. Switch to your Moogsoft UI and click the Collectors tab to see your Windows collector.

Install a collector behind a reverse proxy

To install collector behind a Windows reverse proxy, follow all the prior steps for installing a collector behind a forward proxy. However, in the Set Environment Variables panel, make the following changes:

  1. Enter your API key.

  2. Set the Base URL field to the name of your reverse proxy server.

  3. Leave the Proxy URL field blank.

    blank-proxyurl.png

  4. Click Next.

  5. Switch to your Moogsoft UI and click the Collectors tab to see your Windows collector.

Validate and troubleshoot your Windows collector proxy

If you have any issues in running a Moogsoft collector behind a proxy check the following:

  • When using a forward proxy, make sure Proxy URL field is filled in and not left blank.

  • Check that you have included the proxy server port number appended to the IP address.

  • When using a reverse proxy, check that the Proxy URL is blank and that the Base Moogsoft URL contains the reverse proxy domain name.

  • In the Moogsoft UI, navigate to Integrations > Ingestion Services > Collectors and check:

    • The Collectors List to see if the Windows collector is in the list.

    • Windows collector > Collector Logs to review the logs. Check that your collector passed the Healthchecks.

  • Run wget in the Windows Powershell to the proxy server address, to verify that your proxy server is working. For example:

    wget proxyservername:portnumber

  • To verify that your Moogsoft traffic is routed from your forward proxy server, check your proxy server logs.

    Note

    Local logs are not available for the Windows collector.

Squid for Windows example

You can install Squid for Windows and set it up as a forward proxy. After you configure Squid as your forward proxy, you can install a collector to use with the Squid forward proxy. To do this:

  1. Navigate to your Moogsoft UI.

  2. Perform all of steps described in "Install a collector behind the Windows forward proxy," earlier in this topic.

  3. Paste your Proxy URL ip address into the Proxy URL field. The Proxy URL is the address of your Window proxy server with the addition of the proxy server port number. For Squid, you would paste the following information into the Proxy URL field, replacing my forward proxy with the ip address of your Squid forward proxy. 

    https://<my forward proxy:3128>

    See the following image as an example.

    msw-proxy-url.png

  4. Click Next.

In this section: