Installing the product as a Windows or Linux service

Copy the elasticsearch folder and its contents from the ZIP archive you downloaded to your Program Files folder.

Edit the elasticsearch.yml file in the %ProgramFiles%\elasticsearch\config folder.

In the Path section, enter the data and log paths, for example:

path.data: C:\Program Files\elasticsearch\data
path.logs: C:\Program Files\elasticsearch\logs

In the Network section, change the network.host to 127.0.0.1 and save the file.

From the command prompt, enter:

cd %ProgramFiles%\elasticsearch
bin\elasticsearch-service install

Open the Services management console (you can enter services.msc at the command prompt).

Locate the  Elasticsearch service and change Startup Type to Automatic.

Right-click the service and select Start.

Copy the siren-investigate folder and its contents from the Siren platform ZIP archive you downloaded to your %ProgramFiles% folder.

Copy the nssm.exe program from the win64 folder in the NSSM ZIP archive you downloaded to the %ProgramFiles%\siren-investigate\bin folder.

Set the INVESTIGATE_HOME environment variable to %ProgramFiles%\siren-investigate.

From the command prompt, enter %ProgramFiles%\siren-investigate\bin\nssm install "Siren Investigate".

In the Application Path box, enter %ProgramFiles%\siren-investigate\bin\investigate.bat.

In the Startup directory box, enter %ProgramFiles%\siren-investigate.

On the Details tab, in the Display name box, enter Siren Investigate.

On the Dependencies tab, in the box enter elasticsearch-service-x64.

Click Install service.

Open the Services management console (you can enter services.msc at the command prompt).

Locate the Siren Investigate  service, right-click it and select Start .

Create a system user for the service, for example adduser --system elasticsearch.

Copy the elasticsearch folder and its contents from the ZIP archive you downloaded to the /opt folder and then set the permissions for the system user, for example sudo chown -R elasticsearch /opt/elasticsearch.

Edit the elasticsearch.yml file in the /opt/elasticsearch/config folder.

In the Path section, enter the data and log paths, for example:

path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs

In the Network section, change the network.host to 127.0.0.1 and save the file.

From the command prompt, as root enter:

cat <<EOF >/opt/elasticsearch.environment
ES_JAVA_OPTS="-Xms4g -Xmx4g"
EOF

cat <<EOF >/etc/systemd/system/elasticsearch.service
[Unit]
Description=Elasticsearch (Siren)
After=network.target auditd.service

[Service]
WorkingDirectory=/opt/elasticsearch
EnvironmentFile=-/opt/elasticsearch.environment
ExecStart=/opt/elasticsearch/bin/elasticsearch
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=simple
User=elasticsearch
LimitMEMLOCK=infinity
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
Alias=elasticsearch.service
EOF

echo "vm.max_map_count = 262144" > /etc/sysctl.d/99-elasticsearch.conf
sysctl -p /etc/sysctl.d/99-elasticsearch.conf
ln -s ../elasticsearch.service /etc/systemd/system/multi-user.target.wants/
systemctl daemon-reload
systemctl start elasticsearch

Create a system user for the service, for example adduser --system siren.

Copy the siren-investigate folder and its contents from the ZIP archive you downloaded to the /opt folder and then set the permissions for the system user, for example sudo chown -R siren /opt/siren-investigate.

From the command prompt, as root enter:

cat <<EOF >/etc/systemd/system/siren.service
[Unit]
Description=Siren Investigate
After=network.target auditd.service

[Service]
WorkingDirectory=/opt/siren-investigate
EnvironmentFile=-/opt/siren.environment
ExecStart=/opt/siren-investigate/bin/investigate
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=simple
User=siren

[Install]
WantedBy=multi-user.target
Alias=siren.service
EOF

ln -s ../siren.service /etc/systemd/system/multi-user.target.wants/
systemctl daemon-reload
systemctl start siren