Requirements for Tripwire Log Center Manager

To prepare a Primary or Secondary Manager for the installation of TLC Manager software, complete the following steps.

Note 

To install TLC Manager on a Secondary Manager system, you must first install TLC Manager on your Primary Manager system.

1. Install your database software (see About the Installation Process).
2. Verify that the Manager host system complies with the platform and system requirements for TLC Manager:

https://www.tripwire.com/products/tripwire-log-center/system-requirements/

Caution 

Since TLC is a high-performance product, the systems in your TLC environment must comply with all installation requirements.

3. To determine if the host system is compliant with Federal Information Processing Standards (FIPS), see:

https://support.microsoft.com/en-us/kb/811833

If it is compliant with FIPS, then Transport Layer Security (TLS) is not required. Otherwise, you must ensure that TLS 1.1 and TLS 1.2 are not disabled on the Manager host system (see Verifying Transport Layer Security (TLS)).

4. Install Oracle Java 8 (or higher) 64-bit JRE:

https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

5. Create the JAVA_HOME system-environment variable in Microsoft Windows on the Manager host system, and enter the 64-bit installation path for the Oracle Java JRE as the value for the variable; for example:

C:\Program Files\Java\jre1.8.0_121

6. Install the Java Cryptography Extension (JCE):

https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

For further details, see the README file in the download file (.zip).

Note 

If you upgrade the Oracle Java JRE (see above), you must also re-install the JCE.

7. Verify that all required ports are open on the Manager host system (see Table 1).
8. Locate the purchase-confirmation e-mail from Tripwire. This e-mail includes your serial number and a direct link to the TLC installation package. (If you cannot find this e-mail, contact your Tripwire customer service representative.)
9. Confirm that the Manager host system has Internet access.

If the Manager host system does not have Internet access:

a. Ask your Tripwire customer service representative for a license key.
b. Confirm that .NET Framework 2.0, 3.5, and 4.6 are installed on the Manager host system.
10. If you plan to collect Windows Event Logs from a Windows system, Tripwire recommends the installation of Tripwire Axon Agent for TLC software and the use of the Advanced Windows Collector for this purpose. However, if you plan to collect Windows Event Logs from a Windows system with the WinLog Collector, you must configure a Windows user account for WMI collection (see Appendix I. Configuring a Windows User Account for the WinLog Collector).
11. If 1) you plan to collect log messages from an Oracle server with the Oracle Database Collector, and 2) Oracle Advanced Security is enabled on the Oracle server, install the Oracle Client Library on the Manager host system. For further instructions, see your Oracle Client Library documentation.
12. Download the TLC installation package from the Tripwire Customer Center:

https://tripwireinc.force.com/customers

13. Unzip the contents of the TLC installation package to any available directory.

Table 1. Required and optional ports for a Manager

Default Port/Protocol

Configurable during TLC Manager installation process?

Used for ...

1433/TCP

Yes

... communication between the Manager and a Remote Database Server running Microsoft SQL Server.

3306/TCP

Yes

... communication between the Manager and a Remote Database Server running MySQL Server.

5432/TCP

Yes

... communication between the Manager and a Remote Database Server running PostgreSQL.

5670/TCP

No

... collection of log messages from Axon Agents.

Note: This port may be configured when you install the Tripwire Axon Agent for TLC software (see Getting Started with Tripwire Axon Agent for TLC).

8091/TCP

No

... System-Database operations between your Primary Manager and Secondary Managers.

8717/TCP

Yes

... inbound and outbound communication with other Managers and TLC Console host systems.

Verifying Transport Layer Security (TLS)

If your Manager host system is not compliant with Federal Information Processing Standards (FIPS), you must ensure that Transport Layer Security (TLS) 1.1 and 1.2 are not disabled on your Manager host system. For an overview of TLS settings, see:

https://technet.microsoft.com/en-us/library/dn786418.aspx

To begin, back up your Windows Registry:

1. From the Start menu, select Run and enter regedit.
2. At the top of the Registry Editor, select Computer, and then File > Export.
3. In the Export Registry File dialog, select a folder in which to save the exported registry file, and then click Save.

To ensure TLS 1.1 and 1.2 have not been disabled:

1. In the Registry Editor, open the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1

2. If any of the sub-keys are set to Disabled, change the setting to either (Default) or Enabled.
3. In the Registry Editor, open the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2

4. If any of the sub-keys are set to Disabled, change the setting to either (Default) or Enabled.