Perch Help
menu
close Browse All Contact Us

Integrations

ConnectWise Automate Advanced Monitoring

To install Perch’s ConnectWise Automate Advanced Monitoring, follow the steps below.

Prerequisites:

  • ConnectWise Automate On-Prem (LabTech) instance with access to MySQL.
  • The ability to log in to MySQL with a user that has the ability to GRANT SELECT on the tables within the LabTech database (typically root).
  • The ability to create a read-only user in the MySQL instance.
  • Document the read-only user and password.
  • IP Address of MySQL Server (typically 127.0.0.1, if installed locally).
  • Port of MySQL Server (typically 3306).
  • Database name of the Automate/LabTech database (typically labtech).
  • If you are running Automate 2021.1 or greater, ConnectWise is adjusting the way MySQL users are managed in the Automate/LabTech database. You will need to follow the ConnectWise Automate guidance published here to ensure the read-only user is preserved https://docs.connectwise.com/ConnectWise_Automate/ConnectWise_Automate_Supportability_Statements/Supportability_Statement:_MySQL_Database_Access

Getting started

This article will cover the following:

  • Creating a read-only user with access to all of the tables on the Automate MySQL database.
  • Scripted Installation:
    • Running the Perch-provided PowerShell script to install Metricbeat and the appropriate config files.
  • Manual Installation (Alternative):
    • Installing and configuring Metricbeat to access the database and report the data back to Perch.
    • Deploying the appropriate config files to monitor the MySQL server.

Creating a read-only user in MySQL

  1. Open your preferred SQL CLI. For this article, we used SQLYog.

  2. Create a new SQL user and set it to have access from only the machine running MetricBeat (ideally the server running the MySQL instance).

    CREATE USER ‘user’@’localhost’ IDENTIFIED BY ‘password’;

    • Replace user and password with the appropriate values you wish to use, for example:

      CREATE USER ‘perch-monitor’@’localhost’ IDENTIFIED BY ‘YourRandomComplex!!!PasswordHere6329920’;

  3. Grant the user read-only permissions to all tables in the LabTech database.

    GRANT SELECT ON labtech.* TO ‘user’@’localhost’

  4. Apply the changes in permissions:

    FLUSH PRIVILEGES;

Scripted installation

  1. Download the following script to the server running the Automate database instance: https://github.com/PerchSecurity/metricbeat-config/blob/master/automate/perch-automate-monitoring.ps1
  2. Open a PowerShell console as Administrator (right-click, Run As Administrator).
  3. Execute the script and follow the prompts.

The installation is now complete and you should see your Automate logs in Perch within 5 minutes. Check out the Marketplace for reports and event notifications for CW Automate Advanced Monitoring.

Manual installation (alternative)

The following steps will walk you through how to perform a manual installation of ConnectWise Automate Advanced Monitoring. If you’ve run the PowerShell script in the previous section, you don’t need to perform these actions.

  1. Download MetricBeat 7.8 Windows MSI from: https://www.elastic.co/downloads/beats/metricbeat

  2. Install MetricBeat on your Automate Server (this is the server running the MySQL instance), then open: C:\ProgramData\Elastic\Beats\MetricBeat

  3. Open the following file:

    metricbreat.example.yml

    We will be modifying the output and modules section, and leaving the rest commented. The processor and preprocessor sections can be left uncommented.

  4. Log in to Perch and navigate to the Sensors page: https://app.perchsecurity.com/settings/sensors.

  5. Copy the Client Token at the top. This value is required to get the logs into Perch.

  6. Find the section titled Elasticsearch-Output and modify the following:

    #================ Elasticsearch-Output ================
output.elasticsearch:
  hosts: ['ingest.perchsecurity.com:443/elastic']
  headers:
    X-Perch-Header: 'perch-client-token-here'
  protocol: 'https'

  7. Save your completed config in the same directory, saving it as it:

    metricbeat.yml

  8. Download the Automate Advanced Monitoring Metricbeat modules: https://github.com/PerchSecurity/metricbeat-config/tree/master/automate/modules.d

  9. Deploy your desired YML files to: C:\ProgramData\Elastic\Beats\MetricBeat\modules.d

  10. From an elevated command prompt (Run As Administrator), run the following commands:

    1. Stop the Metricbeat service:

      net stop metricbeat

    2. Create the Metricbeat keystore:

      "C:\Program Files\Elastic\Beats\7.8.0\metricbeat\metricbeat.exe" --path.home "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.config "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.data "C:\ProgramData\Elastic\Beats\metricbeat\data" --path.logs "C:\ProgramData\Elastic\Beats\metricbeat\logs" keystore create

    3. Input the Read-Only User created in the previous section:

      "C:\Program Files\Elastic\Beats\7.8.0\metricbeat\metricbeat.exe" --path.home "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.config "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.data "C:\ProgramData\Elastic\Beats\metricbeat\data" --path.logs "C:\ProgramData\Elastic\Beats\metricbeat\logs" keystore add perch-read-only-sql-user

    4. Input the Read-Only User Password created in the previous section:

      "C:\Program Files\Elastic\Beats\7.8.0\metricbeat\metricbeat.exe" --path.home "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.config "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.data "C:\ProgramData\Elastic\Beats\metricbeat\data" --path.logs "C:\ProgramData\Elastic\Beats\metricbeat\logs" keystore add perch-read-only-sql-pass

    5. Input the IP address of the LabTech/Automate MySQL Server – this will be 127.0.0.1 in most instances:

      "C:\Program Files\Elastic\Beats\7.8.0\metricbeat\metricbeat.exe" --path.home "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.config "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.data "C:\ProgramData\Elastic\Beats\metricbeat\data" --path.logs "C:\ProgramData\Elastic\Beats\metricbeat\logs" keystore add sql-server-ip

    6. Input the port of the LabTech/Automate MySQL port – this will be 3306 in most instances:

      "C:\Program Files\Elastic\Beats\7.8.0\metricbeat\metricbeat.exe" --path.home "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.config "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.data "C:\ProgramData\Elastic\Beats\metricbeat\data" --path.logs "C:\ProgramData\Elastic\Beats\metricbeat\logs" keystore add sql-server-port

    7. Input the port of the LabTech/Automate MySQL database name – this will be labtech in most instances:

      "C:\Program Files\Elastic\Beats\7.8.0\metricbeat\metricbeat.exe" --path.home "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.config "C:\Program Files\Elastic\Beats\7.8.0\metricbeat" --path.data "C:\ProgramData\Elastic\Beats\metricbeat\data" --path.logs "C:\ProgramData\Elastic\Beats\metricbeat\logs" keystore add sql-server-db

    8. Restart the Metricbeat service:

      net start metricbeat

The installation is should now be complete, and you should see your Automate logs in Perch within 5 minutes. Check out the Marketplace for reports and event notifications for CW Automate Advanced Monitoring.

Note:

This help article was created using version 7.8 of Metricbeat.

Still having trouble? Reach out to one or our specialists at help@perchsecurity.com