Skip to Content
CyberDoyen SIEM 2.0 is released 🎉
Installation GuideLinux

Installation Guide: Linux

This guide describes how to install CyberDoyen SIEM on Linux-based systems.

Supported Linux distributions:

  • Ubuntu 22.04 LTS or later
  • CentOS 9 or RHEL 9 or equivalent

1. Pre-Installation Checklist

Before starting installation:

  • Ensure you are running as a user with root or sudo privileges.
  • Verify that your Linux system is fully updated.
  • Confirm that your system meets the System Requirements.
  • Ensure required ports (default: 9200, 5044, 5601) are open in the firewall.

Tip: It is strongly recommended to install CyberDoyen SIEM on a clean, dedicated server for optimal performance.

2. Download the Installer

  1. Download the latest CyberDoyen SIEM Linux package (CyberDoyenSIEM-Linux-x86_64.tar.gz) from the official source.

  2. Place the downloaded file in a directory of your choice, e.g., /opt/CyberDoyen.

3. Extract the Package

  1. Open a terminal session and navigate to the directory where you downloaded the file.

  2. Extract the tarball:

tar -xvzf CyberDoyenSIEM-Linux-x86_64.tar.gz -C /opt/

After extraction, you should see the following directories under /opt/CyberDoyen:

  • /bin - Startup scripts and management tools
  • /config - Configuration files
  • /data - Data storage directory
  • /logs - Application logs
  • /modules - Plugins and modules

4. Configure CyberDoyen SIEM

Minimal configuration is required to get started:

  1. Open /opt/CyberDoyen/config/cyberdoyen.yml in your preferred text editor, e.g., nano or vim:
nano /opt/CyberDoyen/config/cyberdoyen.yml
  1. Review and update the following settings:
# cyberdoyen.yml
server:
  host: "0.0.0.0"
  port: 5601
 
elasticsearch:
  host: "localhost"
  port: 9200
 
logging:
  path: "/opt/CyberDoyen/logs"
  1. Save and close the configuration file.

Note: Advanced configuration (TLS, user roles, cluster setup) is covered in the Configuration Guide.

5. Start the SIEM Server

  1. Open a terminal session and navigate to the CyberDoyen directory:
cd /opt/CyberDoyen/bin
  1. Start the server:
./start-siem.sh

The server will initialize, start internal services (Elasticsearch, Filebeat, Web UI), and begin listening for events.

6. Access the Web Interface

Once the server is running:

  1. Open a web browser.
  2. Visit: http://localhost:5601 

You should see the CyberDoyen SIEM dashboard.

Tip: If accessing remotely, use http://<server-ip>:5601 and ensure the system firewall allows traffic on port 5601.

7. Verifying the Installation

Check that:

  • Web UI loads without errors.
  • Logs are generated under /opt/CyberDoyen/logs.
  • Processes are running (Elasticsearch, Filebeat, SIEM API Server).

You can also check logs by viewing:

cat /opt/CyberDoyen/logs/cyberdoyen.log

Look for Started CyberDoyen SIEM successfully in the logs.

8. Troubleshooting

IssueSolution
Port 5601 not reachableCheck firewall rules and open the port
Server startup failureCheck logs under /logs for error messages
Configuration file errorsVerify syntax in cyberdoyen.yml (YAML sensitive)
Service not startingEnsure no existing service is using ports 9200/5601

For more detailed troubleshooting, refer to the Troubleshooting Guide.

Next Steps

➡️ Proceed to Configuration Guide to set up ingestion pipelines, security rules, and dashboards.

Last updated on
WindowsPerformance Tuning