- This topic is empty.
March 19, 2020 at 10:58 pm #2195Mike RiforgiateKeymaster
- >Data Node (Recommend 3)
- Streamer Node (Recommend 1 for each transport type: syslog, NetFlow, Splunk, eStreamer, Beats)
- IE/Management Node (Recommend 1)
Verify that each appliance has required resources outlined on https://www.witfoo.com/tech-specs/
- At least 8GB of RAM on IE/Streamer nodes(12GB ideal)
- At least 12GB of RAM on Data nodes(16GB ideal)
- At least 4 CPU Cores (8 Cores ideal)
- Verify by running htop in each appliance
Default log in on each appliance is witfooadmin : F00theN0ise!
- Can be reached via SSH or via Console Interface
Configure the IP address of the appliance by clicking on the Network icon in the Console UI or in accordance with Ubuntu documentation (https://help.ubuntu.com/lts/serverguide/network-configuration.html). Alternatively, use a DHCP lease reservation for assigning the IP address.
Run ./register script following directions (see: https://vimeo.com/422153063)
- Run on Data nodes
- Run on Management nodes
- Run on Streamer nodes
Wait 30 minutes for systems to initialize and pull code updates
In the interface go to Admin -> Settings -> General. Configure all settings.
Configure and test email integration at Admin -> Settings -> Email
Send syslog to the IP address of the Streamer node on 514/udp (most common), 514/tcp or 6514/tcp (for SSL or TLS). See https://community.witfoo.com/forums/forum/integrations/ for integration specific guidance.
If sending Winlogbeats or NetFlow, create an additional Streamer for each. Send NetFlow to 2055/udp. Use the following settings for Winlogbeats: https://community.witfoo.com/forums/topic/winlogbeats/
Create additional user accounts at Admin -> Users
- You must be logged in to reply to this topic.