Replies: 2 comments
-
This is not something that we recommend or support, but you might be able to make this work by:
The recommended way to do this would be to use an actual tap or span port. There are some inexpensive options listed here: |
Beta Was this translation helpful? Give feedback.
0 replies
-
Thanks will take a look the issue I was running into is when adding the
interface to be monitored in security onion it no longer grabs an ip
address.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.10
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Meets minimum requirements
CPU
4
RAM
16gb
Storage for /
enough
Storage for /nsm
enough
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hey i have this setup and ive done something similar in past versions of security onion
I have a ASUS router that i want to enable port mirroring to a specific IP on the security onion. I have on the security onion one interface from my proxmox for administration and another physical interface with OVS bridge that i will use for the monitoring port. I enabled monitoring for that port using so monitor add and the ip assigned for that port went away which prevents me from doing port mirroring with my asus merlin using:
modprobe xt_TEE
iptables -t mangle -A PREROUTING -j TEE --gateway
iptables -t mangle -A POSTROUTING -j TEE --gateway
Am i going about this the wrong way?
Is there a way to have an ip address assigned to the monitoring interface on Security onion and what are the steps to do that. Ive found outdated guides saying configure /etc/network/interfaces which doesnt seem to be a thing on the newer version of security onion?
Any help would be appreciated im only doing this for home/hobby and trying to figure it out its possible security onion doesnt work with port mirroring anymore but i know in an earlier version i did this exact thing and was able to use it as a home IDS solution for some time.
Thanks for any help.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions