Friday, December 16, 2005

InstantNSM - Sensor Setup in a minute

If you are using InstantNSM for Sguil setup, everything becomes easy and handy. After you have proper setup of everything, and you want to add another sensor so that you can watch out another network segment, adding additional sensor for Sguil in one Box becoming painless process, just 3 steps will do.

1. Plug in add on Network Interface which will be configured as the sensor, for example eth2.

2. Download snort rules, untar it and copy all of them to /usr/local/snortrules-$SENSORNAME, ignore the doc directory since it is not used by sguil.

3. Run the InstantNSM script, it's Q & A base and everything will be brought up in minute.

Just enter and configuration will be done automagically :P

There you get your additional Sensor named Internal.

InstantNSM rocks!!!!!

3 comments:

Anonymous said...

Hey,

I don't know how I've missed your blog for so long, but seriously, we need to talk. Can I get your contact info so I can get in touch? Email or IM.

Thanks

C.S.Lee said...

I guess my email is not confidential and lots of people know, my email address is geek00L[at]gmail.com. Any spammers are welcomed to spam me :P

You should state to me who you are in the email or else I won't be bothering.

Anonymous said...

I bet you will bother me even if I don't state who am I.