Appendix - Requirements¶
Prepare your environment¶
OwlH Node - 1G - traffic monitor
OwlH Node - 10G - traffic monitor
Capture configuration - interfaces¶
- Be sure you have at least one local interface connected to a SPAN or MIRROR PORT. This can work on physical and virtual appliances.
- Also, some configurations will use an internal dummy interface named owlh for using with Software TAP configurations. Be sure interface MTU is set to 65535.
OS versions support¶
You may need some help to find binaries, please be in contact with us to find the right configuration for your OS if you can’t find your deployment option
- CentOS 7, 8
- Ubuntu 16, 18
- RHEL 7, 8
- ARM Raspbidian
- FreeBSD and HardenedBSD
- Check requirements based on traffic analysis needs for RAM, CPU and Storage.
- Take care about storage, please size this paths as needed, be sure your rotation policies keep folders clean or configure rotation using OwlH log file rotation capability:
- /var/log/suricata folder is used by Suricata.
- /var/log/owlh folder is used by OwlH analyzer and API logs.
- /usr/local/zeek folder is used by Zeek.
- /data/moloch is used by Moloch. Take care, PCAP files usually are heavy and may require some TB to allow you the right retention period.