Sannu abokan aiki! Bayan ƙaddamar da mafi ƙarancin buƙatun don tura StealthWatch a ciki , za mu iya fara tura samfurin.
1. Hanyoyi don tura StealthWatch
Akwai hanyoyi da yawa don "taɓa" StealthWatch:
- - sabis na girgije don aikin dakin gwaje-gwaje;
- Cloud Based: - Anan Netflow daga na'urar ku za ta gudana cikin gajimare kuma za a bincika ta wurin software na StealthWatch;
- POV na kan layi () - hanyar da na bi, za su aiko muku da fayilolin OVF 4 na na'urori masu mahimmanci tare da lasisin da aka gina don kwanaki 90, wanda za'a iya aikawa a kan uwar garken da aka keɓe akan cibiyar sadarwar kamfanoni.
Duk da ɗimbin injunan kama-da-wane da aka zazzage, don ƙaramin tsarin aiki 2 kawai sun isa: StealthWatch Management Console da FlowCollector. Koyaya, idan babu na'urar hanyar sadarwa wacce zata iya fitar da Netflow zuwa FlowCollector, to shima ya zama dole a tura FlowSensor, tunda karshen yana ba ku damar tattara Netflow ta amfani da fasahar SPAN/RSPAN.
Kamar yadda na fada a baya, ainihin hanyar sadarwar ku na iya aiki azaman benci na dakin gwaje-gwaje, tunda StealthWatch yana buƙatar kwafi kawai, ko kuma, mafi daidai, matsi na kwafin zirga-zirga. Hoton da ke ƙasa yana nuna hanyar sadarwa ta, inda a kan ƙofar tsaro zan saita mai fitar da Netflow kuma, a sakamakon haka, zan aika Netflow zuwa mai tarawa.
Don samun dama ga VMs na gaba, ya kamata a ba da izinin tashar jiragen ruwa masu zuwa akan Tacewar zaɓin ku, idan kuna da ɗaya:
TCP 22 l TCP 25 l TCP 389 l TCP 443 l TCP 2393 l TCP 5222 l UDP 53 l UDP 123 l UDP 161 l UDP 162 l UDP 389 l UDP 514 l UDP 2055 l UDP 6343
Wasu daga cikinsu sanannu ne sabis, wasu an keɓe su don sabis na Cisco.
A cikin yanayina, kawai na tura StelathWatch akan hanyar sadarwa iri ɗaya da Check Point, kuma ba sai na saita kowace ƙa'idodin izini ba.
2. Sanya FlowCollector ta amfani da VMware vSphere a matsayin misali
2.1. Danna Bincike kuma zaɓi fayil OVF1. Bayan duba wadatar albarkatu, je zuwa menu Duba, Inventory → Networking (Ctrl+Shift+N).
2.2. A cikin Networking shafin, zaɓi Sabuwar rukunin tashar tashar Rarraba a cikin saitunan canza kama-da-wane.
2.3. Saita sunan, bari ya zama StealthWatchPortGroup, sauran saitunan za a iya yin su kamar yadda yake a cikin hoton allo kuma danna Next.
2.4. Mun kammala ƙirƙirar Rukunin tashar jiragen ruwa tare da maɓallin Gama.
2.5. Bari mu gyara saitunan Ƙungiyar Port ɗin da aka ƙirƙira ta danna-dama akan rukunin tashar jiragen ruwa kuma zaɓi Saitunan Shirya. A cikin Tsaro shafin, tabbatar da kunna "yanayin karuwanci", Yanayin lalata → Karɓa → Ok.
2.6. A matsayin misali, bari mu shigo da OVF FlowCollector, hanyar zazzagewa wacce injiniyan Sisiko ya aika bayan buƙatar GVE. Danna-dama akan mai watsa shiri wanda kake shirin tura VM kuma zaɓi Sanya Samfuran OVF. Game da sararin da aka keɓe, zai "farawa" a 50 GB, amma don yanayin fama ana bada shawara don ware 200 gigabytes.
2.7. Zaɓi babban fayil inda fayil ɗin OVF yake.
2.8. Danna "Next".
2.9. Muna nuna suna da uwar garken inda muka tura shi.
2.10. A sakamakon haka, muna samun hoton da ke gaba kuma danna "Gama".
2.11. Muna bin matakan guda ɗaya don tura StealthWatch Gudanarwar Console.
2.12. Yanzu kuna buƙatar ƙayyade hanyoyin sadarwar da ake buƙata a cikin musaya don FlowCollector ya ga duka SMC da na'urorin da za a fitar da Netflow daga gare su.
3. Farawa StealthWatch Gudanarwar Console
3.1. Ta hanyar zuwa na'ura mai ba da hanya tsakanin hanyoyin sadarwa na injin SMCVE da aka shigar, zaku ga wurin shigar da shiga da kalmar wucewa ta tsohuwa. sysadmin/lan1cope.
3.2. Muna zuwa abin Gudanarwa, saita adireshin IP da sauran sigogin cibiyar sadarwa, sannan tabbatar da canje-canjen su. Na'urar za ta sake yi.
3.3. Je zuwa mahaɗin yanar gizo (ta https zuwa adireshin da kuka ƙayyade a cikin SMC) kuma fara fara wasan bidiyo, tsoho shiga / kalmar wucewa - admin/lan411cope.
PS: yana faruwa cewa Google Chrome baya buɗewa, Explorer koyaushe zai taimaka.
3.4. Tabbatar canza kalmomin shiga, saita DNS, sabar NTP, yanki, da sauransu. Saitunan suna da hankali.
3.5. Bayan danna maɓallin "Aiwatar", na'urar za ta sake yin aiki. Bayan mintuna 5-7 zaku iya sake haɗawa zuwa wannan adireshin; StealthWatch za a sarrafa ta hanyar haɗin yanar gizo.
4. Saita FlowCollector
4.1. Haka yake da mai tarawa. Da farko, a cikin CLI mun ƙididdige adireshin IP, abin rufe fuska, yanki, sannan FC ya sake yin aiki. Sannan zaku iya haɗawa da mahaɗin yanar gizo a ƙayyadadden adireshin kuma aiwatar da saitin asali iri ɗaya. Saboda gaskiyar cewa saitunan sun yi kama da haka, an cire cikakkun hotunan kariyar kwamfuta. Takaddun shaida shiga duk daya.
4.2. A mataki na ƙarshe, kuna buƙatar saita adireshin IP na SMC, a cikin wannan yanayin wasan bidiyo zai ga na'urar, dole ne ku tabbatar da wannan saitin ta shigar da takaddun shaidarku.
4.3. Zaɓi yankin don StealthWatch, an saita shi a baya, da tashar jiragen ruwa 2055 - Netflow na yau da kullun, idan kuna aiki tare da sFlow, tashar jiragen ruwa 6343.
5. Netflow Exporter sanyi
5.1. Don saita mai fitar da Netflow, Ina ba da shawarar juyowa ga wannan , Anan akwai manyan jagororin don daidaita mai fitar da Netflow don na'urori da yawa: Cisco, Check Point, Fortinet.
5.2. A cikin yanayinmu, na sake maimaitawa, muna fitar da Netflow daga ƙofar Check Point. An saita mai fitarwa na Netflow a cikin shafin suna iri ɗaya a cikin mahaɗin yanar gizo (Gaia Portal). Don yin wannan, danna “Ƙara”, saka sigar Netflow da tashar da ake buƙata.
6. Binciken aikin StealthWatch
6.1. Je zuwa shafin yanar gizon SMC, a kan shafin farko na Dashboards> Tsaro na hanyar sadarwa za ku iya ganin cewa zirga-zirga ya fara!
6.2. Wasu saituna, misali, rarraba runduna zuwa ƙungiyoyi, sa ido kan musaya ɗaya, nauyinsu, sarrafa masu tattarawa, da ƙari, ana iya samun su a cikin aikace-aikacen StealthWatch Java kawai. Tabbas, Cisco sannu a hankali yana canza duk ayyukan zuwa sigar mai binciken kuma nan ba da jimawa ba za mu watsar da irin wannan abokin ciniki na tebur.
Don shigar da aikace-aikacen, dole ne ka fara shigarwa (Na shigar da sigar 8, kodayake an ce ana tallafawa har zuwa 10) daga gidan yanar gizon Oracle na hukuma.
A kusurwar dama ta sama na mahaɗin yanar gizo na kayan aikin gudanarwa, don saukewa, dole ne ku danna maɓallin "Client Client".
Kuna ajiyewa da shigar da abokin ciniki da karfi, java zai iya yin rantsuwa da shi, kuna iya buƙatar ƙara mai watsa shiri zuwa keɓancewar java.
A sakamakon haka, an bayyana abokin ciniki a bayyane, wanda yana da sauƙin ganin nauyin masu fitar da kayayyaki, musaya, hare-hare da kwararar su.
7. StealthWatch Central Management
7.1. Shafin Gudanarwa na Tsakiya ya ƙunshi duk na'urori waɗanda ke cikin ɓangaren StealthWatch da aka tura, kamar: FlowCollector, FlowSensor, UDP-Director da Endpoint Concetrator. A can za ku iya sarrafa saitunan cibiyar sadarwa da sabis na na'ura, lasisi, da kuma kashe na'urar da hannu.
Kuna iya zuwa gare ta ta danna kan "gear" a kusurwar dama ta sama kuma zaɓi Gudanarwa ta Tsakiya.
7.2. Ta hanyar zuwa Shirya Kanfigareshan Kayan Aiki a cikin FlowCollector, zaku ga SSH, NTP da sauran saitunan cibiyar sadarwa masu alaƙa da ƙa'idar kanta. Don zuwa, zaɓi Ayyuka → Shirya Kanfigareshan Kayan aiki don na'urar da ake buƙata.
7.3. Hakanan ana iya samun sarrafa lasisi a cikin Babban Gudanarwa> Sarrafa lasisi shafin. Ana ba da lasisin gwaji idan akwai buƙatar GVE 90 kwanakin.
Samfurin yana shirye don tafiya! A kashi na gaba, za mu duba yadda StealthWatch zai iya gane hare-hare da samar da rahotanni.
source: www.habr.com