Enabling the Siren Investigate Gremlin Server

The Siren Investigate Gremlin Server is a backend component that is required by the Graph Browser visualization.

To enable the Gremlin Server, ensure that the investigate.yml file contains the following configuration:

investigate_core:
  gremlin_server:
    url: http://127.0.0.1:8061
    path: gremlin_server/gremlin-es2-server.jar

To use the Gremlin Server with an authentication-enabled cluster, you must enable HTTPS. For more information, see Enabling HTTPS in Gremlin Server.

The Gremlin Server certificate is a node certificate in JKS format. If you are running Elasticsearch and security (SSL) on the same server as Siren Investigate, you can check the elasticsearch.yml file to see which of the following parameters it contains:

searchguard.ssl.http.keystore_filepath

or

searchguard.ssl.http.pemcert_filepath

If it contains the first parameter (searchguard.ssl.http.keystore_filepath), you can use the same JKS certificate as the certificate for gremlin server.

If it contains the second parameter (searchguard.ssl.http.pemcert_filepath), you can generate your JKS certificate by running the following commands:

openssl pkcs12 -export -inkey YOUR_KEY.key -in YOUR_PEM.pem -name gremlin -out gremlin.p12keytool -importkeystore -srckeystore gremlin.p12 -srcstoretype pkcs12 -destkeystore gremlin.jks

In both cases, you must change the gremlin_server.url parameter in investigate.yml, to match the IP/name that is used in the certificate.

Log4J file configuration path

Log4J configuration file is optional for the Gremlin Server. If you want to use your own custom configuration, you can specify the path to your file with the investigate_core.gremlin_server.log_conf_path parameter inside your investigate.yml file. Here is an example of how to configure the log4j.properties file for your Gremlin Server:

# For the general syntax of property based configuration files see
# the documentation of org.apache.log4j.PropertyConfigurator.

# The root category uses two appenders: A1 and FILE.
# Both gather all log output starting with the priority INFO.
log4j.rootLogger=INFO, A1, FILE

log4j.appender.A1=org.apache.log4j.ConsoleAppender
log4j.appender.A1.layout=org.apache.log4j.PatternLayout
log4j.appender.A1.threshold=INFO
# Print the date in ISO 8601 format
log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %c - %m%n

log4j.appender.FILE=org.apache.log4j.FileAppender
log4j.appender.FILE.append=true
log4j.appender.FILE.file=log/gremlin-server.log
log4j.appender.FILE.threshold=INFO
log4j.appender.FILE.layout=org.apache.log4j.PatternLayout
log4j.appender.FILE.layout.ConversionPattern=%-5p %c: %m%n


# Print only messages of level WARN or higher in the package org.springframework
log4j.logger.org.springframework=WARN