Set Cluster Settings¶
Now you are in the Cluster Settings page, First, choose a unique name for your cluster, later, this name will listed under the Clusters Menu and help you distinguish different IDS Clusters you manage.
Choose The repository you wish to install Suricata from
IDSTower support three different repositories types:
- The Official Suricata Repository
When you choose this option, Suricata will be installed from OISF Copr repository, this requires that your Suricata hosts have access to the said repository and you will be able to install the latest Suricata version available there.
Normally, this repository offers the latest Suricata version.
CentOS/RHEL Hosts will use OISF Copr repository while Ubuntu Hosts will use OISF suricata-stable PPA
- The Built-in Packages repository
This repository contain all the necessary packages to deploy Suricata into offline Hosts, normally it will offer the latest stable Suricata packages obtained from either OISF repository or the Linux Distribution repository. To use this repository, you will need to download the additional installation packages and place them in the IDSTower directory (guide coming soon)
- The User Custom Packages repository
Users who wish to deploy custom-built Suricata packages can choose this option. To add your custom build Suricata Packages to IDSTower, please follow this guide
Make sure to include all of the necessary Suricata dependencies to the custom packages directory.
Select the IDS Software version you want to deploy, the available options will vary depending on the chosen repository.
The Built-in Packages repository & the user custom packages repository will offer no option if the packages were not setup-ed correctly on IDSTower host.
Choose the Logshipper you want to deploy along with the IDS, the Logshipper can be used to sent the Alerts and IDS metrics to your SIEM, Analytics system or Log Collector, if you don’t want to install any logshipper, select None.
the “Filebeat (Latest on OS Repository)” option requires internet connectivity to Elastic Filebeat Repository.
Enter the FQDNs or the IP addresses of the Target Hosts you want to deploy the IDS to, one host per line.
Enter the SSH credentials IDSTower should use to install the IDS Software with, make sure the user account used have enough permissions to deploy packages and configure the target hosts.
IDSTower will not store those credentials anywhere, they will only used once to setup SSH trust between the IDSTower host and the Target IDS Hosts, during the SSH trust setup, IDSTower will generate a unique ssh keys for each cluster, which will later enable you to run various Management tasks through IDSTower.
Once everything is filled correctly, Click on Next, IDSTower then will run several verification tasks on the Target Hosts to make sure they have the the minimum requirements to install the selected IDS Software, this task will take a while depending on number of target hosts, their Hardware specifications & internet speed.
the Next button will be disabled if there is a required field missing or invalid.