This manual covers the administration of Falcon LogScale Self-Hosted 1.71.0-1.76.3 deployments. Self-hosted deployment means that you, the customer manages them yourself within an on-premise bare metal, cloud, or virtual environment, or your own managed cloud environment — as opposed to LogScale Cloud, which is managed by CrowdStrike.Initial Administration
Initially, you'll have to do a few things to use LogScale on your own server. First you'll have to download and install our software. Then configure it for your organization, including putting basic systems and procedures in place (e.g., backups). You should also add security and users. And you'll need to install software on your servers to send log data and metrics to your LogScale. These steps are fully covered in the sections listed and described below:
Since you've decided to use LogScale on your own server, the first obvious step is to install the software. This section provides details on how to install Falcon LogScale using containers, bare metal, or your own cloud infrastructure.
Once you have LogScale installed on your server, there are some other initial administrative tasks to perform. This includes setting up systems to make backups, to configure internal logging, and implementing procedures for checking performance. Also, you'll need to ensure you have the appropriate LogScale license. All of this is covered in this section.
Users and system security is a very important topic and one of particular interest to CrowdStrike. In this section, you'll find information on how to secure your LogScale cluster, and configure security and authenetication for your installation. You'll also see how to ensure that your data and access to it is managed effectively.
Once you have a LogScale installed and configured and ingesting data the way you want, you and the members of your organization will want to start accessing the data that LogScale is assembling. The sections related to managing and using that data are located in the Data Management & Analysis manual.Advanced Administration
The previous sections covered the basic installation and configuration for LogScale. You may want to fine tune your system more, to go beyond the default settings. These sections listed below explain how to configure LogScale for your particular needs. They also include advanced topics like clustering and packages.
Although the basic installation of LogScale and its default settings are fine typically, you can tweak it to your likes and needs, as well as add a variety of components. These configuration options are explained in this section.
The core of LogScale software, how it behaves is determined by a large set of environment variables. Here you can find a complete list of those variables and their parameters.
Managing a cluster can be complex, but it cannot be neglected. Configuring a cluster, monitoring it properly, and having systems and staff prepared for potential problems can ensure a well run cluster, high availability, and uninterrupted service. This section provides advice and guidance on effective management of a LogScale cluster.
Packages provide discrete expansion of the Falcon LogScale environment, assembling parsers, queries, widgets and dashboards designed for specific third-party integrations. New packages can also be created and shared across installations through the LogScale Package marketplace.