Cluster Configs Tab¶
The Cluster configs tab allow you to configure & tune the IDS and the logshipper service.
Rather than changing those options by editing text files (eg: suricata.yaml), IDSTower allows you to set the most common options via the GUI.
Moreover you can edit the both the service configuration files (eg: suricata.yaml) and the systemd service file under the advanced section.
We will explain various features IDSTower offer by explaining each section in the image below
1. IDSTower saves all of the configuration changes you made to the cluster as a config versions, each time you change a configuration option and save it, IDSTower will save the configurations as a new version that will be displayed in the config version dropdown menu.
This will help you to keep a track record of all of the changes made to the cluster configurations, and revert back to old configurations by simply selecting the version number you want to go back to, and clicking on “Revert To This Version” button.
The config version numbers are incremental, and they are displayed along with a reference note that you add when you save the new changes, this reference note will help you quickly remember what you were trying to change.
2. IDSTower groups Hosts inside a cluster in “Config Groups”, by default there is a single config group that all hosts are assigned to, named “Default”.
Each Config Group has its own “Config Versions” associated with it, you can create as many config group in a cluster as you need.
This feature are normally used when some of the IDS Hosts in a cluster has minor difference (eg: Hardware specs) that necessitate a slight configuration change, while the rest of the configurations stays the same as in the “Default” Config Group.
For this you will Create a new Config Group by clicking on the Plus Icon beside the Config groups dropdown menu, then “Override” configuration options in the Default config group by clicking on pencil icon beside the option you want to change.
You will need to assign those hosts to the new Config Group by changing their config group in the Hosts Tab->Hosts Actions sub-menu.
3. Cluster Services configuration options are grouped as tabs, you can navigate different tabs to access different settings, for example, the output tab will contain IDS output related settings and so on…
The advanced tab contain all of the configuration template that IDSTower uses to create the final configuration files, IDSTower utilize Jinja2 templating to create the final configuration file.
You can edit any configuration file template if you need to change advance settings that are not managed as a dedicated option in IDSTower, please note that the changes to the configuration file template are versioned as well, so you can revert back to older versions at any time.
4. Here you will find different configuration option associated with the cluster.
next, we will explain the cluster Hosts tab.