OwlH UI (user interface)



Use our OwlH installer to install your OwlH UI.

Download and prepare OwlH Installer

OS version URL
if you run OS like CentOS 7 wget http://repo.owlh.net/current-centos/owlhinstaller.tar.gz
if you run OS like Ubuntu wget http://repo.owlh.net/current-debian/owlhinstaller.tar.gz

Now let’s install it.

# mkdir /tmp/owlhinstaller
# tar -C /tmp/owlhinstaller -xvf owlhinstaller.tar.gz

We are almost done. In order to allow OwlH installer to do its work, we need to tell it what is/are out target/s for this box. A target is an OwlH component that must be installed or updated. All this info is provided in the config.json file included in the owlhinstaller folder


Right now, our target is “owlhui” and “owlhmaster”, our action is “install”

"action": "install",      <===
"target": [
    "owlhmaster",         <===
    "owlhui"              <===


you can change your installation paths as needed. Changing default paths may need further paths change for some configurations like service init files. If you are not familiar with it, keep defaults until it is really needed or ask for help.

run OwlH Installer to install OwlH UI and OwlH Master

# cd /tmp/owlhinstaller
# ./owlhinstaller

OwlH Master service :centos: http://repo.owlh.net/current-centos/owlhmaster-service.sh :debian: http://repo.owlh.net/current-debian/owlhmaster-service.sh

OwlH UI virtualhost definition and configuration :centos: http://repo.owlh.net/current-centos/owlhui-httpd.sh :debian: http://repo.owlh.net/current-debian/owlhui-httpd.sh


Usually, OwlH UI is installed in the same machine than OwlH Master. You can choose to install OwlH Master and OwlH UI in different servers (advanced)

OwlH UI access means to point your web browser to your MASTER/UI ip using:

for the first time you will need to approve and accept our default self-signed certs. And you will do it for both https and API services. You will see option to ‘check API connection’ if you need to accept the API certs.

OwlH UI Main Menu

Current main menus:

  • nodes - OwlH nodes list, status and configuration
  • open rules - Ruleset management, create 3rd party and custom rulesets, schedule auto-update, etc.
  • master - OwlH master status and configuration
  • config - Define Master API IP

Coming soon:

  • adapt and response

First time you connect to your OwlH UI

verify your master ip is correctly set in your ‘config’ menu.

home -> config
  • Set the right master ip
  • Save
  • Reload page
  • Click on check master api
  • If answer is ack: true, then go back to Nodes menu.


your master ip must accesible from your browser using port 50001/tcp (you can modify it)

Your First Node

OwlH default configuration comes with a default sensor configured. You can ADD your new sensors or modify the current one by using ‘Actions -> Modify node’ option.

Please be sure you include:

  • node name
  • node ip
  • node port (50002 is default port)

Accept your modification

Now you should see your node status set to OFF-LINE (red) if we can’t reach Node API using provided IP and port 50002 (or the one defined) or ON-LINE (green) if we can access Node API.

Suricata and Zeek controls

in ‘network IDS’ node menu you will find Suricata and Zeek details. If you didn’t install suricata and/or Zeek in your node yet they will appear as N/A (black). if it is installed but not running will appear as OFF (red) and if they are running will appear as ON (green)

OwlH - current v0.8 - Aug : New version details

documentation last updated - Sep 18, 2019