Install AxoRouter on Linux

AxoRouter is a key building block of Axoflow that collects, aggregates, transforms and routes all kinds of telemetry and security data automatically. AxoRouter for Linux includes a Podman container running AxoSyslog, Axolet, and other components.

To install AxoRouter on a Linux host, complete the following steps. For other platforms, see AxoRouter.

What the install script does

The AxoRouter installer will first install a software package which deploys a systemd service.

What the install script does

When you deploy AxoRouter, you run a command that installs the required software packages, configures them and sets up the connection with Axoflow.

The installer script installs the axorouter packages, then executes the configure-axorouter command with the right parameters. (If you’ve installed the packages in advance, the installer script only executes the configure-axorouter command.)

The configure-axorouter command is designed to be run as root (sudo), but you can configure axorouter to run as a non-root user. The configure-axorouter command is executed with a configuration snippet on its standard input which contains a token required for registering into the management platform.

The script performs the following main steps:

  • Generates a unique identifier (GUID).
  • Initiates a cryptographic handshake process to Axoflow.
  • Creates the initial configuration file for AxoRouter under /etc/axorouter/.
  • Installs a statically linked executable to /usr/local/bin/axorouter.
  • Creates the systemd service unit file /etc/systemd/system/axorouter.service, then enables and starts that service.
  • The service waits for an approval on Axoflow. Once you approve the host registration request, Axoflow issues a client certificate to AxoRouter.
  • AxoRouter starts to send telemetry data to Axoflow, and keeps sending them as long as the agent is registered and the certificate is valid.

Prerequisites

  • AxoRouter should work on most Red Hat and Debian compatible Linux distributions. For production environments, we recommend using Red Hat 9.

  • Podman must be installed on the host (sudo yum install podman)

Minimal resource requirements

  • CPU: at least 100m
  • Memory: 256MB
  • Storage: 8Gi

Network access

The hosts must be able to access the following domains related to the Axoflow Console:

  • <your-tenant-id>.cloud.axoflow.io: HTTPS traffic on TCP port 443, needed to download the binaries for Axoflow software (like Axolet and AxoRouter).
  • kcp.<your-tenant-id>.cloud.axoflow.io: HTTPS (mutual TLS) traffic on TCP port 443 for management traffic.
  • telemetry.<your-tenant-id>.cloud.axoflow.io: HTTPS (mutual TLS) traffic on TCP port 443, where Axolet sends the metrics of the host.
  • us-docker.pkg.dev: HTTPS traffic on TCP port 443, for pulling container images (AxoRouter only).

Install AxoRouter

  1. Select Provisioning > Select type and platform.

    Provisioning AxoRouter on Linux

  2. Select the type (AxoRouter) and platform (Linux). The one-liner installation command is displayed.

    Provisioning AxoRouter on Linux

    If needed, set the Advanced options (for example, proxy settings) to modify the installation parameters. Usually, you don’t have to use advanced options unless the Axoflow support team instructs you to do so.

  3. Open a terminal on the host where you want to install AxoRouter.

  4. Run the one-liner, then follow the on-screen instructions.

    Example output:

    Do you want to install AxoRouter now? [Y]
    y
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                    Dload  Upload   Total   Spent    Left  Speed
    100  4142  100  4142    0     0  19723      0 --:--:-- --:--:-- --:--:-- 19818
    Verifying packages...
    Preparing packages...
    axorouter-0.40.0-1.aarch64
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                    Dload  Upload   Total   Spent    Left  Speed
    100 31.6M  100 31.6M    0     0  2092k      0  0:00:15  0:00:15 --:--:-- 2009k
    Verifying packages...
    Preparing packages...
    axolet-0.40.0-1.aarch64
    Created symlink /etc/systemd/system/multi-user.target.wants/axolet.service → /usr/lib/systemd/system/axolet.service.
    Now continue with onboarding the host on the Axoflow web UI.
    
  5. Register the host.

    1. Reload the Provisioning page. There should be a registration request for the new AxoRouter deployment. Select .

      Provisioning AxoRouter - registration request

    2. Select Register to register the host. You can add a description and labels (in label:value format) to the host.

      Provisioning AxoRouter - registration details

    3. Select the Topology page. The new AxoRouter instance is displayed.

Create a flow

  1. If you haven’t already done so, create a new destination.
  2. Create a flow to connect the new AxoRouter to the destination.
    1. Select Flows.

    2. Select Create New Flow.

    3. Enter a name for the flow, for example, my-test-flow.

      Create a flow

    4. In the Router Selector field, enter an expression that matches the router(s) you want to apply the flow. To select a specific router, use a name selector, for example, name = my-axorouter-hostname.

    5. Select the Destination where you want to send your data. If you don’t have any destination configured, see Destinations.

    6. (Optional) To process the data transferred in the flow, select Add New Processing Step. For details, see Processing steps. For example:

      1. Add a Reduce step to automatically remove redundant and empty fields from your data.
      2. To select which messages are processed by the flow, add a Select Messages step, and enter a filter into the Query field. For example, to select only the messages received from Fortinet Fortigate firewalls, use the meta.vendor = fortinet + meta.product = fortigate query.
      3. Save the processing steps.

      Example processing steps

    7. Select Create.

    8. The new flow appears in the Flows list.

      The new flow

Send logs to AxoRouter

Configure your hosts to send data to AxoRouter.

  • For appliances that are specifically supported by Axoflow, see Data sources.

  • For other appliances and generic Linux devices, see Generic tips.

  • For a quick test without an actual source, you can also do the following (requires nc to be installed on the AxoRouter host):

    1. Open the Axoflow Console, select Topology, then select the AxoRouter instance you’ve deployed.

    2. Select ⋮ > Tap log flow > Input log flow. Select Start.

    3. Open a terminal on your AxoRouter host.

    4. Run the following command to send 120 test messages (2 per second) in a loop to AxoRouter:

      for i in `seq 1 120`; do echo "<165> fortigate date=$(date -u +%Y-%m-%d) time=$(date -u +"%H:%M:%S%Z") devname=us-east-1-dc1-a-dmz-fw devid=FGT60D4614044725 logid=0100040704 type=event subtype=system level=notice vd=root logdesc=\"System performance statistics\" action=\"perf-stats\" cpu=2 mem=35 totalsession=61 disk=2 bandwidth=158/138 setuprate=2 disklograte=0 fazlograte=0 msg=\"Performance statistics: average CPU: 2, memory:  35, concurrent sessions:  61, setup-rate: 2\""; sleep 0.5; done | nc -v 127.0.0.1 514
      

      Alternatively, you can send logs in an endless loop:

      while true; do echo "<165> fortigate date=$(date -u +%Y-%m-%d) time=$(date -u +"%H:%M:%S%Z") devname=us-east-1-dc1-a-dmz-fw devid=FGT60D4614044725 logid=0100040704 type=event subtype=system level=notice vd=root logdesc=\"System performance statistics\" action=\"perf-stats\" cpu=2 mem=35 totalsession=61 disk=2 bandwidth=158/138 setuprate=2 disklograte=0 fazlograte=0 msg=\"Performance statistics: average CPU: 2, memory:  35, concurrent sessions:  61, setup-rate: 2\""; sleep 1; done | nc -v 127.0.0.1 514
      

Manage AxoRouter

This section describes how to start, stop and check the status of the AxoRouter service on Linux.

Start AxoRouter

To start AxoRouter, execute the following command. For example:

systemctl start axorouter

If the service starts successfully, no output will be displayed.

The following message indicates that AxoRouter can not start (see Check AxoRouter status):

Job for axorouter.service failed because the control process exited with error code. See `systemctl status axorouter.service` and `journalctl -xe` for details.

Stop AxoRouter

To stop AxoRouter

  1. Execute the following command.

    systemctl stop axorouter

  2. Check the status of the AxoRouter service (see Check AxoRouter status).

Restart AxoRouter

To restart AxoRouter, execute the following command.

systemctl restart axorouter

Reload the configuration without restarting AxoRouter

To reload the configuration file without restarting AxoRouter, execute the following command.

systemctl reload axorouter

Check the status of AxoRouter service

To check the status of AxoRouter service

  1. Execute the following command.

    systemctl --no-pager status axorouter

  2. Check the Active: field, which shows the status of the AxoRouter service. The following statuses are possible:

    • active (running) - axorouter service is up and running

    • inactive (dead) - axorouter service is stopped