How to deploy the agent via MSI to an external host?

Article ID: 423
Category: Installation
Updated: 2020-04-08

If you are unable to deploy the agent to a remote host via the management console, then the EventSentry Management Console can generate a MSI file that can be used to install the agent. There are several considerations to take into account before this can be completed:

  • The collector is reachable by the remote hosts
  • Create TCP port-forwarding rules on external firewall
  • Hosts must be added to groups in EventSentry
  • WIX Toolset (free) must be installed

In the management console under "Collector," specify a host name which is resolvable by all hosts that need to connect to the collector. In most cases it is recommended to specify a DNS name that is resolvable by both internal an external hosts, utilizing split DNS. An example would be eventsentry.yourcompany.com. You can also specify an IP address, but this may make it impossible for local agents to connect (if necessary) and also makes future changes difficult.

Fig.1: Collector Hostname

Windows Firewall rules are generated automatically during the installation process to allow traffic to the management console machine over the default TCP port 5001.

Fig.2: Example EventSentry Auto Generated Firewall Rules

Since the monitored hosts are on a different network, your public facing firewall must have the necessary rules to allow inbound traffic to the collector TCP port (5001 by default). Port-forwarding needs to be setup to forward any traffic from the external address to the internal IP on the collector TCP port. While it's possible to change the default port from 5001 to something else, it's important that the external port on the firewall matches the port the collector is listening on.

Before creating an agent-MSI it's necessary to add any host to which the agent will be deployed to, to a group in the management console; otherwise the agents may not get the proper configuration and may be rejected by the collector.

Fig.3: Host added to a group before creating an agent-MSI

Since EventSentry utilizes the WIX Toolset to generate the MSI files used for deploying the agent, it's necessary to install it before attempting to create the agent MSI.

  • Open the management console and click on “Computer Groups
  • On the ribbon, click “Agent Deployment” on the right-hand side
  • In the resulting dialog, select “Create MSI
  • If the WIX Toolset is not installed, you will be prompted to install at this time. Otherwise, the management console will generate both a 32-bit and 64-bit MSI installer and store them in C:\Program Files (86)\EventSentry\deployment\msi

Once the installers are created and the MSI is executed on the remote hosts, it's a good idea to verify that the connection to the collector was successfully established. Open the Windows Event Viewer and look in the Application Log for a 910 EVENT ID, which should be logged after a 1014 EVENT ID (EventSentry agent boot-event). If there are any 905 EVENT IDs, then KB 348 should help with troubleshooting.

If the collector is configured to automatically deploy configuration updates (Collector -> Agent Management), then any configuration update (via "Save") will be automatically deployed to all connected agents. If the collector is set to "Semi-Automatic" configuration updates, select "Save & Deploy" to have the latest configuration sent to all connected agents.