Enabling the Siren Investigate Gremlin Server

The Siren Investigate Gremlin Server is a backend component that is required by the Graph Browser visualization.

To enable the Gremlin Server, ensure that the investigate.yml file contains the following configuration:

investigate_core:
  gremlin_server:
    url: http://127.0.0.1:8061
    path: gremlin_server/gremlin-es2-server.jar

To use the Gremlin Server with an authentication-enabled cluster, you must enable HTTPS. For more information, see Enabling HTTPS in Gremlin Server.

The Gremlin Server certificate is a node certificate in JKS format. If you are running Elasticsearch and security (SSL) on the same server as Siren Investigate, you can check the elasticsearch.yml file to see which of the following parameters it contains:

searchguard.ssl.http.keystore_filepath

or

searchguard.ssl.http.pemcert_filepath

If it contains the first parameter (searchguard.ssl.http.keystore_filepath), you can use the same JKS certificate as the certificate for gremlin server.

If it contains the second parameter (searchguard.ssl.http.pemcert_filepath), you can generate your JKS certificate by running the following commands:

openssl pkcs12 -export -inkey YOUR_KEY.key -in YOUR_PEM.pem -name gremlin -out gremlin.p12keytool -importkeystore -srckeystore gremlin.p12 -srcstoretype pkcs12 -destkeystore gremlin.jks

In both cases, you must change the gremlin_server.url parameter in investigate.yml, to match the IP/name that is used in the certificate.

Log4J file configuration path

You can customize the logging output of Gremlin Server for troubleshooting purposes by setting investigate_core.gremlin_server.log_conf_path in the investigate.yml file to point to a Log4J2 properties file. The following is a sample Log4J2 properties file that logs INFO-level messages to the console and the log/gremlin-server.log file:

name=PropertiesConfig
appenders=console,file

appender.console.type=Console
appender.console.name=STDOUT
appender.console.layout.type=PatternLayout
appender.console.layout.pattern =[%-5level] %d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %c{1} - %msg%n

appender.file.type=File
appender.file.name=LOGFILE
appender.file.fileName=log/gremlin-server.log
appender.file.layout.type=PatternLayout
appender.file.layout.pattern=[%-5level] %d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %c{1} - %msg%n

rootLogger.level=INFO
rootLogger.appenderRefs=stdout,logfile
rootLogger.appenderRef.stdout.ref=STDOUT
rootLogger.appenderRef.logfile.ref=LOGFILE