Frequently Asked Questions
If you have a question, it has likely been asked before. Provided below is a list of questions that have come up on several occasions. If you do not see your question on the list, please open up a support request and we would be happy to help you.
Bindplane OP Server
-
I have a setup question that isn't covered in the quickstart guide, how do I deploy with an advanced feature?
-
Check out our advanced setup page if you need additional installation options such as Kubernetes, TLS or if you will be using a Proxy.
-
What happens if my connection to BindPlane is interrupted / If the BindPlane OP server goes down, does data get lost?
BPOP Server is only for configuration. The BindPlane Agent, which is an OTel Collector, sends telemetry directly to the destination platform. If the BindPlane server goes down the agent telemetry is not interrupted. You cannot push new configurations to the agents until the connection is reestablished. The BindPlane Agent, which is an OTel Collector, sends telemetry directly to the destination platform.
-
How many agents can I run in one BP OP Server?
Our free tier license supports up to 10 agents. We have customers in production using 20,000+ agents. If you are interested in a larger suite of agents reach out to our sales team at [email protected].
-
How do you price BindPlane OP?
BindPlane OP has several editions and is priced based on the amount of data ingested by agents managed by BindPlane. For more information please reach out to our sales team at [email protected]
-
How do I upgrade BindPlane OP for Linux?
Running the install command without the --init flag at the end is enough to upgrade BindPlane. You can get the installer command from going to the download page. Run this script on your BindPlane server to upgrade BindPlane.
-
Can you deploy BindPlane OP on Kubernetes?
You can install the BindPlane OP server and agents on Kubernetes. See Kubernetes Installation for more information.
-
What license type do I need?
We offer a free tier license that supports up to 10 agents ingesting up to 10 GB/Day, a BindPlane for Google license that only supports Google Cloud as a destination, and our enterprise license with no limitations.
More information about our license types can be found on our solutions page.
Sources
File Source
-
How do you reset the file collector to re-read files in a directory?
Under the advanced configuration for the file source, set the file to read at the beginning and uncheck the “Enable File Offset Storage”.
Destinations
Google SecOps
Windows Events routing to Google SecOps:
-
Google SecOps can only read 'RAW' telemetry. Please verify that in the Google SecOps Destination settings 'Send Single Field' is checked, with the 'Field to Send' set to 'Body'.
-
The 'Log Type' in the Google SecOps Destination settings should be set to 'WINEVTLOG' to capture Windows Event Logs.
-
On the 'Windows Events' Source, under 'Advanced', please make sure 'Raw Logs' is selected.
-
To send events from a custom channel to Google SecOps, you can specify the channel name in the 'Windows Events' source under 'Advanced Settings'. To find the value for the custom channel name you can run the following commands on the Windows Server to find the value of the custom channel log name:
Get-WinEvent -ListLog *
-
To capture DNS logs on Windows, you can add the 'DNS Server' channel in the Windows Events source and under Advanced.
-
To capture DHCP logs on Windows, you can use the CSV source and point it to your DHCP logs that may be located at 'c:\windows\system32\dhcp\dhcpsrvlog.*.txt'