Login to IDSTower

  1. After Installing IDSTower, login to IDSTower web interface using the url configured in appsettings.json “URL” Key, you can get the url by running the following command in the IDSTower host:

$ cat /opt/idstower/appsettings.json | grep URL | cut -d "\"" -f4

Tip

Make sure that IDSTower service is running correctly by running:

$ sudo systemctl status idstower.service

The output of the above command should indicate that the service is running as in the following picture:

../_images/login_idstower_service_status.png

  1. Fill in your credentials in the login page, then click login.

Tip

If you have not added your admin user yet, please ssh to your IDSTower host/vm and run the following commands to do so:

$ sudo ./IDSTower -a [Your Admin Username]

example:

$ sudo ./IDSTower -a admin

Then you will be prompted to enter the password, please pick a secure one!

  1. Now you are logged in to IDSTower, by default you will be redirected to the Rules Management Page.

  1. Now click on “Add new Cluster” link on the top left of the screen:

../_images/add_new_cluster.png
  1. This will take you to the Cluster Setup Wizard, this wizard allows you to deploy Suricata and optionally a Logshipper into multiple hosts at once, once the cluster is added, you will be able to start, stop & configure Suricata service deployed on those hosts from IDSTower Clusters page.

To proceed click on “Start Now!” Button

../_images/new_cluster_start_now.png