Set Cluster Settings

  1. Now you are in the Cluster Settings page, First, choose a unique name for your cluster, later, this name will listed under the Clusters Menu and help you distinguish different IDS Clusters you manage.

../_images/new_cluster_name.png
  1. Choose The repository you wish to install Suricata from

../_images/new_cluster_choose_repository.png

Note

IDSTower support three different repositories types:

  • The Official Suricata Repository

    When you choose this option, Suricata will be installed from OISF Copr repository, this requires that your Suricata hosts have access to the said repository and you will be able to install the latest Suricata version available there.

    Normally, this repository offers the latest Suricata version.

Note

CentOS/RHEL Hosts will use OISF Copr repository while Ubuntu Hosts will use OISF suricata-stable PPA

  • The Built-in Packages repository

    This repository contain all the necessary packages to deploy Suricata into offline Hosts, normally it will offer the latest stable Suricata packages obtained from either OISF repository or the Linux Distribution repository. To use this repository, follow Configuring the Built-In Packages repository guide.

  • The User Custom Packages repository

    Users who wish to deploy custom-built Suricata packages can choose this option. To add your custom build Suricata Packages to IDSTower, follow Configuring the User-Custom Packages repository guide.


  1. Select the IDS Software version you want to deploy, the available options will vary depending on the chosen repository.

../_images/new_cluster_select_software_and_version.png

Note

The Built-in Packages repository & the user custom packages repository will offer no option if the packages were not setup-ed correctly on IDSTower host.


  1. Choose the Logshipper you want to deploy along with the IDS, the Logshipper can be used to sent the Alerts and IDS metrics to your SIEM, Analytics system or Log Collector, if you don’t want to install any logshipper, select None.

../_images/new_cluster_choose_logshipper.png

Note

the “Filebeat (Latest on OS Repository)” option requires internet connectivity to access Elastic Filebeat Repository.


  1. Enter the FQDNs or the IP addresses of the Target Hosts you want to deploy the IDS to, one host per line.

../_images/new_cluster_target_hosts.png
  1. Enter the SSH credentials IDSTower should use to install the IDS Software with, make sure the user account used have enough permissions to deploy packages and configure the target hosts.

../_images/new_cluster_ssh_credentials.png

Note

IDSTower will not store those credentials anywhere, they will only used once to setup SSH trust between the IDSTower host and the Target IDS Hosts, during the SSH trust setup, IDSTower will generate a unique ssh keys for each cluster, which will later enable you to run various Management tasks through IDSTower.


  1. Once everything is filled correctly, Click on Next, IDSTower then will run several verification tasks on the Target Hosts to make sure they have the the minimum requirements to install the selected IDS Software, this task will take a while depending on number of target hosts, their Hardware specifications & internet speed.

../_images/new_cluster_verify_target_hosts.png

Tip

the Next button will be disabled if there is a required field missing or invalid.