So, you’ve got Security Onion (SO) running from the Security-Appliance-in-a-Box via Ansible. Now what? How do you begin to ingest logs from your other devices into the included Elastic instance? I’m glad you asked! There’s a couple steps you’ll need to follow. Allow Access First you’re going to need to open the firewall to allow …
Read more “Ingesting External Logs via Security Onion’s Elasticsearch”
On my first attempt to install Security Onion in my Security-Appliance-in-a-Box, I ran into a weird networking issue. The install script failed with the error “The IP being routed by Linux is not the IP address assigned to the management interface (ens1)“. Looking around online, I discovered that I’m not the first person to experience …
For my home network I’ve historically used an IPfire firewall, running on a Raspberry Pi. In general, it’s been a great little setup, however I’ve decided that I wanted to move to a beefier rig that contains both a pfSense Firewall, and a NIDS tap that feeds into a Security Onion Server, all on the …