220. MANUAL
33------------------------------------------------------------------------------
44
5- NSMnow Version 1.6.1
5+ NSMnow Version 1.6.2
66
77This MANUAL contains the command usage and details of the appropriate options
88of the NSM Adminstration scripts.
99
1010If you have any questions or comments about the NSMnow scripts then please
1111direct them to the SecurixLive Team <
[email protected] >.
1212
13+ Contents:
14+ 1. Copyright
15+ 2. Description
16+ 3. Command Usage
17+ 4. Installation
18+ 5. Troubleshooting
1319
1420------------------------------------------------------------------------------
15211. COPYRIGHT
@@ -38,14 +44,14 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
3844------------------------------------------------------------------------------
3945
4046NSMnow is an open source tool to automate the installation and configuration
41- of a Network Security Monitoring framework (NSM) built on sguil . Its primary
47+ of a Network Security Montoring framework (NSM) built on Sguil . Its primary
4248use is to allow the user to deploy and build an NSM framework without the
43- hassle of compiling, installing, and configuring all the tools separately .
49+ hassle of compiling, installing, and configuring all the tools seperately .
4450
4551NSMnow essentially has 2 modes of operation:
4652 1. an interactive install, and
4753 2. a non-interactive install.
48-
54+
4955In interactive mode you will be asked a series of questions throughout the
5056installation process giving you the option to skip or install that component.
5157
@@ -67,7 +73,7 @@ Command line:
6773Usage: NSMnow [options]
6874
6975Options:
70- -c <file>
76+ -c <file>
7177 Defines an alternative configuration <file>. The default configuration
7278 file that is used is NSMnow.conf which is located in the base
7379 directory along with the NSMnow executable.
@@ -92,6 +98,8 @@ Options:
9298 will also attempt to download system specific packages and libraries
9399 using the native package management systems.
94100
101+ -V Show version information
102+
95103 -? Show this help
96104
97105
@@ -104,6 +112,9 @@ Long Options:
104112 Explicitly define the packages that you want to perform the actions
105113 on. Multiple directives are not currently supported.
106114
115+ --version
116+ Same as -V
117+
107118 --help
108119 Same as -?
109120
@@ -116,11 +127,11 @@ Available packages:
116127 server - All server specific components
117128 client - All client specific components
118129
119- snort - Snort v2.8.4.1
130+ snort - Snort v2.8.5
120131 sguilclient - Sguil v0.7.0 (client components only)
121132 sguilsensor - Sguil v0.7.0 (sensor components only)
122133 sguilserver - Sguil v0.7.0 (server components only)
123- barnyard2 - Barnyard v2.1.6
134+ barnyard2 - Barnyard v2-1.7
124135 sancp - Sancp v1.6.1-stable
125136 sguiltools - Sguil tools: wireshark, p0f, tcpdump and tcpflow
126137
@@ -130,21 +141,21 @@ Available packages:
130141------------------------------------------------------------------------------
131142
132143To install a complete NSM all-in-one (i.e. sensor, server and client) solution
133- then with root privileges , from the NSMnow directory, run:
144+ then with root priveleges , from the NSMnow directory, run:
134145
135146# ./NSMnow -i
136147
137- Alternatively you can choose to install the components separately using the
148+ Alternatively you can choose to install the components seperately using the
138149the package keyword to explicitly define your packages. Multiple package
139150definitions are not currently supported.
140151
141- For example the following will install an NSM client:
152+ For example the following will install an NSM client, with default options :
142153
143- # ./NSMnow -i --package=client
154+ # ./NSMnow -i --package=client -y
144155
145- And for an NSM sensor only:
156+ And for an NSM sensor only, with default options (ie no prompts) :
146157
147- # ./NSMnow -i --package=sensor
158+ # ./NSMnow -i --package=sensor -y
148159
149160
150161When installing the packages NSMnow will determine if the source tarballs and
@@ -189,7 +200,7 @@ The sensor and server components can be stopped just as quickly with:
189200Read the provided MANUAL for options or run ./NSMnow -help
190201
191202For detailed tips and guides on what NSMnow installs how the system is
192- configured see the project page at http://www.securixlive.com/nsmnow/
203+ configured see the project page at http://www.securixlive.com/nsmnow/
193204
194205
195206------------------------------------------------------------------------------
@@ -219,7 +230,7 @@ to the log file. This ensures that everything is captured when troubleshooting.
219230This also may appear that nothing is happening. However, you are able to get a
220231full picture of what is going on by tailing the log file. We do this
221232extensively during testing to get the full picture of what is happening.
222-
233+
223234# tail -f ./NSMnow.log
224235
225236
@@ -267,3 +278,4 @@ update the rules. I will first update the rules on the sensor under that will
267278exist at "/etc/nsm/thor/rules" and ensure the corresponding *.map files are also
268279updated at "/etc/nsm/thor". Secondly I'll ensure the same rules are updated on
269280the server under the "/nsm/server_data/athena/rules/thor".
281+
0 commit comments