Ossim Network Card Setup Considerations

Ossim Network Card Setup Considerations

"Unix/linux Network log analysis and traffic monitoring," a book to tell you how to pass Alienvault-center Mode modification, in addition to the Ossim in the process of setting up the network card, there are also the following 3 issues:

1) Why do I manually modify Ossim host address,eth0 Nic IP after other service startup error?

when Ossim Server after installation, it is wrong to modify the command from the command line or configuration file .

because only the network card is modified IP address, but other processes are still listening on the previous address, so the system will get an error.

For example, the installation server is configured ip Span style= "font-family: ' The song Body '; > 10.0.2.20 installation complete discovery ip inappropriate, and manually Span style= "font-family: ' Times New Roman ';" >ipconfig modified eth0 IP address, but with the discovery appearing, error! Unable to launch remote network Scan:can ' t connect with FRAMEWORKD (10.0.2.20:40003) error

2). Do I need to set a static IP address for the promiscuous mode NIC?

first you need to know that the NIC is in promiscuous mode ( Promiscuous Mode ) represents what it means. promiscuousmodeis a machine that can receive all the traffic that passes through it, regardless of whether its destination address is it, but in the era of the switch, there is a new problem, when you get a switch, plug in the network cable of this port, By default, it is not possible to collect all the data . at this point , even if the network card is set to promiscuous mode, you will not be able to listen to all the packets (only the data and broadcast data to the IP itself).

one way to implement data monitoring in a switched network is to set the switch's SPAN . back to our question, set the IP for the promiscuous mode NIC as if it were superfluous.

See if the NIC supports promiscuous (Promisc) Mode

# ifconfig Eth0

Setup Support Promisc

# ifconfig Eth0 Promisc

The normal working mode of the Nic is Multicast , the promiscuous mode is: Promisc Multicast

To cancel the NIC mix-and-tie mode

#ifconfig Eth0-promisc

3). Complete Ossim system Installation Deployment test, a minimum number of network cards required?

for this problem we need to have the basis of the above solution, in the case of a network card, but also a small amount of traffic (less than 50% standard capacity), fully simulates all Ossim Test, this NIC specifies IP is to facilitate the management and collection of logs, which are set to promiscuous mode in order to listen for network packet traffic. It is recommended that the management and monitoring ports be served by different network cards when the conditions permit.

Ossim Network Card Setup Considerations