LogCraft

Appearance

lgc services

The lgc services command manages the services you rely on for your defenses. Services are defined individually and then associated to environments

For example, you might have a SIEM in production as well as a development environment, this will result in 2 services: siem-prod and siem-dev. In addition, you might also have an EDR in production (and no development environment for that technology), so we end up with 3 services: siem-prod, siem-dev and edr-prod.

No Limits!

There are no limitations in the number of services that can be associated to an environment.

lgc services add

This command creates a new service.

For example, to create a splunk-prod service, run:

bash
~$ lgc services add --plugin-name splunk  splunk-prod
 INFO service `splunk-prod` created
~$

Plugins

To install or list instaled plugins, refer to the plugins command

See also lgc envs link to link a service to an environment.

kebab-case

Services IDs must respect kebab-case convention.

lgc services configure

This command configures a service.

As a service is associated to a plugin, so each service has different parameters.

bash
~$ lgc services configure splunk-prod
// interactive prompt with plugin specific parameters
~$

lgc services list

This command lists existing services.

bash
~$ lgc services list
- `splunk-dev` (`splunk`)
- `splunk-prod` (`splunk`)
~$

lgc services ping

This command opens a connection to one or more services to ensure network connectivity is working.

bash
~$ lgc ping
splunk-prod... OK
splunk-dev... when calling ping for plugin `splunk`: ErrorCode::DnsError(DnsErrorPayload { rcode: Some("address not available"), info-code: Some(0) })
tanium-prod... OK
~$

TIP

Technically speaking, a lgc services ping will open a socket to the remote host. This helps validating that name resolution (DNS), routing and firewalling are correctly configured.

lgc services remove

This command deletes an existing service.

For example, to delete the splunk-prod service, run:

bash
~$ lgc services remove splunk-prod

A service must be unlinked from environment before removal otherwise lgc will ask for confirmation. If you want to force its removal, add the --force option that will also unlink the service from the associated environments before removal.

See also lgc envs unlink

Copyright © 2023-present LogCraft, SAS