Monitoring VMware ESX Virtual Switches



Similar documents
AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

How to send s triggered by events

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

Device Integration: Citrix NetScaler

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

How to monitor network traffic inside an ESXi host

Device Integration: CyberGuard SG565

Device Integration: Checkpoint Firewall-1

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

AlienVault Offline Key Activation

Device Integration: Cisco Wireless LAN Controller (WLC)

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

Suricata IDS. What is it and how to enable it

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

Deploying HIDS Client to Windows Hosts

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Altor Virtual Network Security Analyzer v1.0 Installation Guide

How to Configure an Initial Installation of the VMware ESXi Hypervisor

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

How to Create a Virtual Switch in VMware ESXi

User Management Guide

Building a Penetration Testing Virtual Computer Laboratory

How to Create VLANs Within a Virtual Switch in VMware ESXi

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

Assets, Groups & Networks

How to enable File Integrity Monitoring (FIM)

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Install Guide for JunosV Wireless LAN Controller

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN

Virtual Appliance Setup Guide

Security Analytics Virtual Appliance

Network Metrics Content Pack for VMware vrealize Log Insight

Netflow Collection with AlienVault Alienvault 2013

Quick Start Guide. for Installing vnios Software on. VMware Platforms

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

StarWind iscsi SAN Software: Configuring High Availability Storage for VMware vsphere and ESX Server

Intrusion Detection in AlienVault

F-SECURE MESSAGING SECURITY GATEWAY

Exinda How to Guide: Virtual Appliance. Exinda ExOS Version Exinda, Inc

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Network Troubleshooting & Configuration in vsphere VMware Inc. All rights reserved

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Monitoring ESX/ESXi servers with Verax NMS & APM

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

Multipathing Configuration for Software iscsi Using Port Binding

Aerohive Networks Inc. Free Bonjour Gateway FAQ

The SIEM Evaluator s Guide

ESX Configuration Guide

Active Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide

Network Agent Quick Start

Virtual Web Appliance Setup Guide

Configuring Network Load Balancing with Cerberus FTP Server

Sophos UTM Software Appliance

Web Application Firewall

Simplifying. Single view, single tool virtual machine mobility management in an application fluent data center network

VMware vsphere 5.0 Evaluation Guide

ISERink Installation Guide

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Virtual Managment Appliance Setup Guide

Lab - Configure a Windows 7 Firewall

VMware vcloud Air Networking Guide

VMware for Bosch VMS. en Software Manual

Installing Intercloud Fabric Firewall

PHD Virtual Backup for Hyper-V

Barracuda Backup Vx. Virtual Appliance Deployment. White Paper

NETFORT LANGUARDIAN INSTALLING LANGUARDIAN ON MICROSOFT HYPER V

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

Installing and Using the vnios Trial

Integrating Citrix EasyCall Gateway with SwyxWare

StarWind iscsi SAN Software: Using StarWind with VMware ESX Server

EMC Data Domain Management Center

RSA Security Analytics Virtual Appliance Setup Guide

Microsoft Office Live Meeting Audio Controls Users' Guide

Configuring a VPN between a Sidewinder G2 and a NetScreen

Virtual Appliance Setup Guide

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

In this lab you will explore the Windows XP Firewall and configure some advanced settings.

GVRP Overview. Overview

vsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN

CommandCenter Secure Gateway

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

SevOne NMS Download Installation and Implementation Guide

Using Virtual Machines

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

6.0. Getting Started Guide

F-Secure Messaging Security Gateway. Deployment Guide

Bosch Video Management System High availability with VMware

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

LOAD BALANCING 2X APPLICATIONSERVER XG SECURE CLIENT GATEWAYS THROUGH MICROSOFT NETWORK LOAD BALANCING

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

Lab - Configure a Windows Vista Firewall

Field Installation Guide

Equalizer VLB Beta I. Copyright 2008 Equalizer VLB Beta I 1 Coyote Point Systems Inc.

Trend Micro PC-cillin Internet Security 2006

Transcription:

Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved.

AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

CONTENTS 1. INTRODUCTION... 4 2. CREATE THE VSWITCH SPAN PORT GROUP... 4 3. GRANT PROMISCUOUS MODE PERMISSIONS TO THE PORT GROUP... 6 4. ASSIGN ALIENVAULT USM INTERFACES TO THE PORT GROUP... 7 5. USM GETTING STARTED WIZARD: CONFIGURE ALIENVAULT TO MONITOR THE NEW INTERFACE... 8 6. USM COMMAND LINE INTERFACE: CONFIGURE ALIENVAULT TO MONITOR THE NEW INTERFACE... 9 DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 3 of 13

1. INTRODUCTION The objective of this document is to explain how to configure the AlienVault USM All in One virtual appliance to monitor a virtual network. The AlienVault USM All in One virtual appliance has six network interfaces: one for management (eth0) and the other five network interfaces for log collection and traffic capture on the network segment monitored. Connecting the monitor interface to a SPAN port enables the following functions to operate: Network IDS Netflow and Traffic Monitoring Passive Asset Identification 2. CREATE THE VSWITCH SPAN PORT GROUP Virtual Switches are configured through the ESX vsphere GUI via the master Configuration tab. Select Networking from the side panel and bring up Properties on the VSwitch you want AlienVault to monitor. Figure 1. ESX vsphere GUI console To capture all traffic over the vswitch, a new port group must be created to direct traffic to. This port group will act like a network hub, with all network traffic within the vswitch visible to interfaces connected to this port group. DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 4 of 13

Add a new Virtual Machines port group to the existing switch. The port group should be named to indicate it has visibility to all traffic ( SPAN port ). VLAN ID All (4095) is a special ID in VMware vswitches that has visibility to all traffic on the switch. Figure 2. Configure vswitch with a span port group DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 5 of 13

SPAN port is created. Any VM interface connected to this SPAN port group will be able to enter promiscuous mode and capture traffic from any other VM interface connected to the other port groups on this vswitch. Figure 3. Add Network Wizard: span port is created 3. GRANT PROMISCUOUS MODE PERMISSIONS TO THE PORT GROUP The port group must have permission for interfaces to enter promiscuous mode before they can capture network traffic. DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 6 of 13

Figure 4. vswitch Properties If the defaults are to deny promiscuous mode, open the properties sheet (click on Edit... ) for the SPAN port group and manually assign permission for promiscuous mode. Figure 5. SPAN Ports Properties 4. ASSIGN ALIENVAULT USM INTERFACES TO THE PORT GROUP Now the port group is created, connect one or more interfaces to the AlienVault USM to the SPAN port group and power it on. Edit settings of the target virtual appliance to assign the network adapter to the port group created (SPAN port). DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 7 of 13

Figure 6. USM Virtual Machine Properties: Network Connection 5. USM GETTING STARTED WIZARD: CONFIGURE ALIENVAULT TO MONITOR THE NEW INTERFACE Configuring the network interface assigned to the port group in order to perform network monitoring has to be done as part of the first step of the USM Getting Started Wizard. Select Network Monitoring as the Purpose of the NIC previously assigned in the ESX configuration. DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 8 of 13

Figure 7. USM Getting Started Wizard: Network Interfaces 6. USM COMMAND LINE INTERFACE: CONFIGURE ALIENVAULT TO MONITOR THE NEW INTERFACE 1. Open a console terminal and write the following command: ssh root@ip_address IP_address refers to the default IP of your appliance. 2. The AlienVault Setup main menu is displayed: DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 9 of 13

Figure 8. AlienVault Setup main menu 1. Use the arrow keys to move to the option Configure Sensor. Then, press Enter to accept the selection (<OK>). Figure 9. AlienVault Setup: Configure Network Monitoring 2. Use the arrow keys to move to the option Configure Network Monitoring. Then, press Enter to accept the selection (<OK>). DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 10 of 13

Figure 10. AlienVault Setup: select sensor listening interfaces (promiscuous mode) 3. Use the arrow keys on the keyboard to move to the desired interface and select/deselect it by pressing the Space Bar on the keyboard. Accept the selection (<OK>) by pressing Enter key. It is possible to select several interfaces. 4. Use the arrow keys to move to the option (<Back>), then, press Enter and the AlienVault Setup main menu appears. Figure 11. AlienVault Setup: Apply all Changes option 5. Use the arrow keys to move to the option Apply all Changes. Then, press Enter to accept the selection (<OK>). DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 11 of 13

Figure 12. AlienVault Setup: confirmation of changes 6. Press Enter to accept the changes (<Yes>). This process may take several minutes depending on the Internet connection. During the process, the following screen appears: Figure 13. AlienVault USM Reconfig 7. At the end, the following message appears: DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 12 of 13

Figure 14. AlienVault Setup: Changes applied 8. Press Enter to accept (<OK>), the AlienVault Setup main menu appears. DC-00129 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 13 of 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information