Back to binalyze.com

How to install a Responder with Relay Server support

When deploying a new responder to an asset, you will encounter a new configuration where you can choose a connection route. This allows you to deploy a responder that either directly connects to the AIR Console or utilizes a connection route via a Relay Server.

By selecting "Relay Server Connection," you will be presented with a list of registered Relay Servers associated with this organization. From this list, you can select one and proceed with the configuration.

The subsequent steps remain the same when deploying a new responder, regardless of the connection route chosen (Relay Server). Once you have successfully installed a new asset using the Relay Server connection, you will observe the newly deployed asset associated with the Relay Server on the "Organization Detail" page.

After selecting the installed Relay Server from the list on the "Organization Detail" page, you can access your associated assets by clicking on the "Assets" tab. Additionally, you can view comprehensive details of your Relay Server on this page by clicking on the "Information" tab.

Updating the Connection Route address

Furthermore, you can view and manage assets that are connected through this Relay Server. If you wish to modify the connection routing of your assets, you can do so on the "Assets" tab. Simply select the asset that you would like to view or edit.

Within the "Connection Route" setting, you have the option to choose between a direct connection to the AIR Console or selecting another Relay Server for your asset to connect to. This action will bring up the same settings page for connection routing that you encountered when deploying a new asset.

Updating Connection Route addresses for multiple assets

To update the connection route addresses for multiple assets in the same organization, follow these steps:

  1. Go to the organization's page (Organization of the assets you want to update) or the Assets page.

  2. Selected the desired assets within the same organization.

  3. Click "Edit Connection Route" in the "Actions" menu.

  4. Modify the connection route addresses or choose a Direct connection.

By following these steps, you can easily update the connection route addresses for multiple assets in the same organization.

Updating the responder’s connection route address using the command line

Even if you manually update your connection route, during the next visit to AIR Console from the responder, the responder will retrieve and set the old connection route address. This occurs because the AIR Console is unaware of the address you have set. To avoid this, any changes to the connection route must be made directly from the AIR Console. The configure command mentioned below is primarily utilized for troubleshooting and testing the connection to the Relay Server.

To manually update the connection route of your responder, you can run the responder with the "configure" flag. Follow these steps:

  1. Open a Terminal.

  2. Navigate to the directory where the responder is located.

  3. Run the configure command as shown below:

$ cd /opt/binalyze/air/agent 
$ sudo ./air configure relay --address 192.168.1.XX 

Failed to acquire lock. An instance of the AIR Agent is running. Trying to stop the service... 
Checking lock if it is still held... 
Lock is held. AIR Agent is not running 
AIR Agent service started 
Completed 
$ cat config.yml | grep ConnectionRouteAddress 
ConnectionRouteAddress: 192.168.1.XX

Upon running the configuration command, the responder service will automatically restart with the updated configuration, including the new connection route that has been set. This ensures that the responder incorporates the changes and operates according to the new configuration.

PreviousHow to change IP address of Relay ServerNextProxy configurations

Last updated