This repository has been archived by the owner on Apr 16, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 521
ChangingIPAddress
doug edited this page Aug 27, 2019
·
7 revisions
Please note! This wiki is no longer maintained. Our documentation has moved to https://securityonion.net/docs/. Please update your bookmarks. You can find the latest version of this page at: https://securityonion.net/docs/ChangingIPAddress.
If you need to update the IP address of your server/sensor to move it to a different area of your network, you need to do a few things:
- update the actual IP address of the management interface
- update NSM config files to reflect the new IP address
To update the actual IP address of the management interface, you have two options:
- manually update
/etc/network/interfaces
OR - re-run the
FIRST
phase of Setup (select "Yes, configure /etc/network/interfaces)
To update NSM config files to reflect the new IP address, you have two options:
- re-run the
SECOND
phase of Setup on all server/sensors(wiping all data and config)
OR - manually update the IP address as shown below
- /etc/nsm/HOSTNAME-INTERFACE/http_agent.conf:
set SERVER_HOST [SERVER-IP]
- /etc/nsm/HOSTNAME-INTERFACE/pads_agent.conf:
set SERVER_HOST [SERVER-IP]
- /etc/nsm/HOSTNAME-INTERFACE/pcap_agent.conf:
set SERVER_HOST [SERVER-IP]
- /etc/nsm/HOSTNAME-INTERFACE/sancp_agent.conf:
set SERVER_HOST [SERVER-IP]
- /etc/nsm/HOSTNAME-INTERFACE/sensor.conf:
SENSOR_SERVER_HOST="[SERVER-IP]"
- /etc/nsm/HOSTNAME-INTERFACE/snort_agent-N.conf:
set SERVER_HOST [SERVER-IP]
- /etc/nsm/ossec/ossec_agent.conf:
set SERVER_HOST [SERVER-IP]
- /root/.ssh/securityonion_ssh.conf
SERVERNAME=[SERVER-IP]
- /etc/elsa_web.conf
"pcap_url": "https://[SERVER-IP]/capme"
- /etc/salt/minion.d/onionsalt.conf
master: [SERVER-IP]
You may be able to use sed to update all files at once using something like this:
sudo service nsm stop
sudo sed -i 's|OLD.SERVER.IP.ADDR|NEW.SERVER.IP.ADDR|g' /etc/nsm/*/*agent* /etc/nsm/*/sensor.conf /root/.ssh/securityonion_ssh.conf /etc/salt/minion.d/onionsalt.conf /etc/elsa_web.conf
sudo service nsm start
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs