This repository was archived by the owner on Apr 16, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 523
ChangingIPAddress
Doug Burks edited this page Mar 24, 2015
·
7 revisions
If you need to update the IP address of your server/sensor to move it to a different area of your network, you need to do a few things:
- update the actual IP address of the management interface
- update NSM config files to reflect the new IP address
To update the actual IP address of the management interface, you have two options:
- manually update /etc/network/interfaces OR
- re-run the FIRST phase of Setup (select "Yes, configure /etc/network/interfaces)
To update NSM config files to reflect the new IP address, you have two options:
- re-run the SECOND phase of Setup on all server/sensors (wiping all data and config) OR
- manually update the IP address as shown below
Modern versions of the NSM scripts should be doing this automatically, so you should no longer have to manually update /opt/bro/etc/node.cfg when your sensor IP address changes.
- /opt/bro/etc/node.cfg:
host=[SENSOR-IP]
sudo sed -i 's|OLD.SENSOR.IP.ADDR|NEW.SENSOR.IP.ADDR|g' /opt/bro/etc/node.cfg
sudo nsm_sensor_ps-restart --only-bro
set SERVER_HOST [SERVER-IP]
set SERVER_HOST [SERVER-IP]
set SERVER_HOST [SERVER-IP]
set SERVER_HOST [SERVER-IP]
SENSOR_SERVER_HOST="[SERVER-IP]"
set SERVER_HOST [SERVER-IP]
- /etc/nsm/ossec/ossec_agent.conf:
set SERVER_HOST [SERVER-IP]
- /root/.ssh/securityonion_ssh.conf
SERVERNAME=[SERVER-IP]
- /etc/elsa_web.conf
"pcap_url": "https://[SERVER-IP]/capme"
- /etc/salt/minion.d/onionsalt.conf
master: [SERVER-IP]
You may be able to use sed to update all files at once using something like this:
sudo service nsm stop
sudo sed -i 's|OLD.SERVER.IP.ADDR|NEW.SERVER.IP.ADDR|g' /etc/nsm/*/*agent* /etc/nsm/*/sensor.conf /root/.ssh/securityonion_ssh.conf /etc/salt/minion.d/onionsalt.conf /etc/elsa_web.conf
sudo service nsm start
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs