This article explain how to configure the SGBox Timezone. By default the SGBox timezone is set to Europe/Rome.
Following the steps, if you need to change it.

Connect via ssh (using a program like Putty) to the SGBox specifying the user cli.
If you haven’t changed them through the wizard, the default credentials are:

user: cli
pass: CL1changePW

Select Appliance Management > Set Timezone

First of all select Manage this host time zone in order to change the machine timezone.

Select your time zone

Save the configuration and remember the timezone set

After click OK  the restart of process starts. It should take time, wait till it’s finished.

After click OK  the restart of process starts. It should take time, wait till it’s finished.
Then select Manage DB time zone  in order to change the Database timezone

Select Edit configuration file, scroll down the configuration till <timezone> entry and put your timezone.
Be careful with changes made in the configuration file!

After saved the configuration Select Restart Database in order to apply your changes

There are some tools you can use via CLI in order to check if there are some problems to receive or visualize data.
Connect via ssh (using a program like Putty) to the collector specifying the user sgbox.
If you haven’t changed them through the wizard, the default credentials are:

user: sgbox
pass: sgbox

Choose Appliance statistics

Dump network traffic

This option allows you to run a tcpdump directly on SGBox in order to check if the platform is correctly receiving logs from the data source, using the right port or protocol.
From


it’s possible choose three different way:

1. Filter by IP: simple filter on data source IP all ports and protocols
2. Filter SGBox ports: simple filter on ports 514 and 443 from all the data source
3. Expert: you can enter all the tcpdump parameters.

In our example we choose Expert and we filter on host 192.168.2.9.

You can configure the SGBox network configuration using this tool.

Connection method:

• SSH
• Hypervisor Console

Connect via ssh (using a program like Putty) to SGBox specifying the user cli. If you haven’t changed them through the wizard, the default credentials are:

user: cli
pass: CL1changePW

Choose Network management

Configure SGBox interfaces

This option allows you to configure all the parameters (IP, Gateway, DNS and Domain) by following the wizard

Select the interface you want configure.

Select static option from the menu

Configure all the parameter.

Click on Submit to finish the configuration and choose when apply it.

Advanced network configuration

It’s also possible edit the interface file in order to specify advanced settings like: double interfaces, routes, etc..
From Network management select Edit interface file

specify the options and click on save.

There are some tools you can use via CLI  in order to check if there are some problems to receive or visualize data.
Connect via ssh (using a program like Putty) to SGBox specifying the user cli.
If you haven’t changed them through the wizard, the default credentials are:

user: cli
pass: CL1changePW

Choose Appliance statistics

Dump network traffic

This option allows you to run a tcpdump directly on SGBox in order to check if the platform is correctly receiving logs from the data source, using the right port or protocol.
From

it’s possible choose three different way:

1. Filter by IP: simple filter on data source IP all ports and protocols
2. Filter SGBox ports: simple filter on ports 514 and 443 from all the data source
3. Expert: you can enter all the tcpdump parameters.

In our example we choose Expert and we filter on host 192.168.2.9.

SGTop

This tool is designed to focus on SGBox processes. If you receive the packets from the data source but you can’t see the logs in SGBox, maybe they are still in the queues. When SGBox has no problems: the queues should contain few objects and you can see your logs in SGBox.

*Queues: is a portion of disk or memory where the logs is temporary stored before to be write to the database.

It’s possible configure SGBox to support TCP with TLS protocol to receive syslog messages.

Requirements:

• SGBox version 5.4.1
• Custom certificate must uploaded: Custom Certificate

Be careful!! Making errors in the configuration can cause that service will not start correctly

In this section will be described the steps:
Connect to SGBox using terminal (like putty). Go to Appliance Management > Syslog > Edit configuration File.

Go down to SGBox customization Section and add the following strings:

# provides TCP TLS syslog reception
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/etc/apache2/custom_certs/chain_bundle.crt"
DefaultNetstreamDriverCertFile="/etc/apache2/custom_certs/crt_bundle.crt"
DefaultNetstreamDriverKeyFile="/etc/apache2/custom_certs/key_bundle.key"
)
module(
load="imtcp"
StreamDriver.Name="gtls"
StreamDriver.Mode="1"
StreamDriver.Authmode="anon"
)
input(
type="imtcp"
port="6514"
ruleset="remote"
)


Save the configuration and click Restart Service

It’s possible configure SGBox to support both UDP and TCP protocol to receive syslog messages.

Be careful!! Making errors in the configuration can cause that service will not start correctly

In this section will be described the steps:
Connect to SGBox using terminal (like putty). Go to Appliance Management > Syslog > Edit configuration File.

Go down ti SGBox customization Section and it should appear as following:

# provides UDP syslog reception
$ModLoad imudp
$InputUDPServerBindRuleset remote
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imptcp
$InputPTCPServerBindRuleset remote
$InputPTCPServerRun 514

Save the configuration and click to Restart Service

This article explains how to change the OpenVAS password on collectors version 5.

Connect to the collector on port 4000:

https://192.168.2.103:4000
user: admin
pass: admin

Go in the top right corner and select My Settings

Click on Edit My Settings

Enter the current admin’s password and type the new password.

!!! Be Careful !!!
If you change the admin password you need to change it also in NVS Configuration editor

Connect to the collector using cli interface, default user are:

user: sgbox
pass: sgbox

Go to Configuration > NVS Configuration editor

This article explains how to expand the capacity of SGBox’s disk. With version 5 is possible extend the full disk, not only the data partition. In order to extend the disk:

Requirements:

• SGBox version 5 is required.
• You need to extend SGBox disk from your hypervisor.
• ⚠️ It may be necessary to reboot the machine after expansion on the hypervisor

Connect in ssh (using for example Putty program) to SGBox specifying the user cli.
If you haven’t changed them through the wizard, the default credentials are:

user: cli
pass: CL1changePW

Select Hard disk management

Select Show current configuration in order to see your disk.

In our case, we see that:

• The hard disk is called: vda.
• The partition with root mounted is the number: 2.
• The SGBox partition is: 20G.

If the disk size is not increased maybe you need to restart you virtual machine! (also done after expansion by CLI interface, Appliance Management -> Reboot)

Select Resize HDD to maximum partition size.

Enter your hard disk name, in our case: vda.

Enter the partition number, in our case: 2.

Details has been shown during the partitioning…

The hard disk is now succesfully extended.

• • New partition size is: 22G.

This article explains how to expand the capacity of SGBox’s data disk. Using LVM partitions you can add new disks and show them as a big single disc.
In order to extend disk

Requirements:

• Sgbox must support LVM partitions: in the login screen there is an L next to the version number.
• You have to add a new disk to the virtual machine.
• SGBox must be updated to version 4.0.0.

Connect in ssh (using for example Putty program) to SGBox specifying the user cli.
If you haven’t changed them through the wizard, the default credentials are:

user: cli
pass: CL1changePW

Select Hard disk management

Re-enter cli user password.

Select Rescan drives.

In our case, we see that:

• The hard disk sda: has a partition ( sda2 ) with the LVM configured (vg_sgbox-lv_sgbox)
• New added disk appears with sdb and is not partitioned

Select Extend SGBox storage to another disk.

A warning asks if we want to continue with the installation.
Click on Yes.

Write the name of the hard disk you want to partition, in our case sdb.

A warning tells us that hard disk will be partitioned and all data on the hard disk we have indicated will be deleted.
Click on Yes.

We are shown as first step the partitioned sdb hard disk.
Click on OK

We are then shown the hard disk with LVM configured.
Click on OK.

Click OK again to exit the wizard.

Below we can see two images of the dashboard, before and after the disk extension.
data disk is 15G

After the procedure, the data disk is 16G

This article explains how to reset the web interface admin password.

Connect via ssh (using a program like Putty) to SGBox specifying the user cli.
If you haven’t changed them through the wizard, the default credentials are:

user: cli
pass: CL1changePW

Select Password management

Select Reset admin password (web interface)

Enter the user’s password cli.

Enter new admin user password

Re-enter admin user password

Click on OK