Skip to main content

Collector proxy for a Windows OS

When you need an extra layer of security for your Microsoft Windows systems, the APEX AIOps Incident Management Collector can send events to a configured proxy server address. Configuring a proxy server address is often warranted when you have security policies that prohibit a collector from communicating directly with the Incident Management server.

The Incident Management Collector proxy setup allows you to do the following:

  • Use a forward proxy server to receive events from all of your collector traffic and forward them to Incident Management.

  • Configure new and existing collectors to work behind the forward proxy.

  • Use a reverse proxy for collector traffic.

Before you begin

Before you begin, check that you have performed the following actions:

  • You have signed into your Incident Management account.

  • You have installed and configured your Windows proxy server software or plan to use a Linux-based forwarding proxy server as described in Collector proxy for a Linux or Mac OS. You also can install and configure Nginx to use as a reverse proxy server on Windows. However, we do not recommend using Nginx as a forward proxy.

  • While you can use the built-in proxy for Windows, it routes all your Windows traffic through the proxy, not just collector traffic. You can also route Windows traffic through a Linux or Macintosh proxy server.

  • Test that your proxy server is active. You can use wget proxyservername:portnumber to test your proxy server.

Note

Read the Supported platforms, Install a Windows OS collector, and Collector operations topics before starting. These topics contain some key points about collector installation that you need to know.

Configure a Windows collector forward proxy

You can route your Windows collector traffic with a forward proxy for your Windows platforms. For best use of a collector proxy, you should install and configure the collector proxy before installing your collectors.

When you configure your Windows collector forward proxy, you need to provide the following information for the forward proxy configuration:

  • Specify the proxy server machine name and source.

  • Provide access to the machine using the machine name you specified above.

  • Specify the proxy server port number.

You can review a brief example in the section “Squid for Windows” later in this topic.

Install an Incident Management Collector behind the Windows forward proxy

To install your Incident Management Collector on a Windows instance, go to your Incident Management UI instance:

Note

Before starting, remove any existing Incident Management Collector if it is still installed. Review the Collector operations topic for more information about removing collectors.

  1. Go to Integrations > Ingestion Services > Collectors > Installation.

  2. Select the Windows collector platform.

  3. In the Windows installation pane, click Download installer to download the installer wizard on your Windows target client system.

    msw-download.png
  4. Open the installer wizard on your system and click Next.

  5. If you have an existing Incident Management Collector on your Windows client system, the installer prompts you to start a clean up and removal of the existing collector. Remove the existing collector, open the installer wizard again, and click Next.

  6. In the Set Environment Variables panel, fill in your API Key and Base URL. To do this:

    1. In your Incident Management UI, copy and paste the displayed API key into the Moogsoft Collector Setup wizard.

    2. Copy and paste the Base URL into the Moogsoft Collector Setup wizard. When using a reverse proxy, you would set the Base URL to the reverse proxy URL address. For more information, see the following section, “Install a collector behind a Windows reverse proxy.”

  7. Optional step: Paste your proxy URL ip address into the Proxy URL field and click Next.

    Your proxy URL is your Window proxy server ip address with the addition of the proxy server port number, in the following format:

    http or https://<ip address>:<proxy server port>
  8. Click Install and Finish.

  9. Switch to your Incident Management UI and click the Collectors tab to see your Windows collector.

Install an Incident Management Collector behind a reverse proxy

To install your Incident Management Collector behind a Windows reverse proxy, follow all the prior steps for installing a collector behind a forward proxy. However, in the Set Environment Variables panel, make the following changes:

  1. Enter your API key.

  2. Set the Base URL field to the name of your reverse proxy server.

  3. Leave the Proxy URL field blank.

    blank-proxyurl.png
  4. Click Next.

  5. Switch to your Incident Management UI and click the Collectors tab to see your Windows collector.

Validate and troubleshoot your Windows collector proxy

If you have any issues in running an Incident Management Collector behind a proxy, check the following:

  • When using a forward proxy, make sure Proxy URL field is filled in and not left blank.

  • Check that you have included the proxy server port number appended to the IP address.

  • When using a reverse proxy, check that the Proxy URL is blank and that the Base Moogsoft URL contains the reverse proxy domain name.

  • In the Incident Management UI, navigate to Integrations > Ingestion Services > Collectors and check:

    • The Collectors List to see if the Windows collector is in the list.

    • Windows collector > Collector Logs to review the logs. Check that your collector passed the Healthchecks.

  • Run wget in the Windows Powershell to the proxy server address, to verify that your proxy server is working. For example:

    wget proxyservername:portnumber
  • To verify that your Incident Management traffic is routed from your forward proxy server, check your proxy server logs.

    Note

    Local logs are not available for the Windows collector.

Squid for Windows example

You can install Squid for Windows and set it up as a forward proxy. After you configure Squid as your forward proxy, you can install an Incident Management Collector to use with the Squid forward proxy. To do this:

  1. Navigate to your Incident Management UI.

  2. Perform all of steps described in "Install a collector behind the Windows forward proxy," earlier in this topic.

  3. Paste your Proxy URL ip address into the Proxy URL field. The Proxy URL is the address of your Window proxy server with the addition of the proxy server port number. For Squid, you would paste the following information into the Proxy URL field, replacing my forward proxy with the ip address of your Squid forward proxy.

    https://<my forward proxy:3128> 

    See the following image as an example.

    msw-proxy-url.png
  4. Click Next.