The Sensor Management Tools (SMTs) enable the management of local or remote IDS engine services and signatures from within Aanval. They can start and stop IDS engines, auto-update and manage IDS signatures, and with Aanval 8 and later also allow the console to directly import Unified2 files and network events.
Additionally, they assist the console in collecting useful resource information like memory, disk space, and more from sensor installations.
The SMTs are required for use with all Unified2 sources (Snort and Suricata).
Aanval 9 SMTs
Specifically, the SMTs are a PHP script that requires PHP7 or later to be installed, and must be started and running on sensor installations to push events to the console and receive messages from the console.
They are located in the var/smt/ directory of your Aanval 9 installation, and should be copied to a clean location for use.
An example installation, would be to create /smt in the root of your disk, and copy the SMTs there. Edit the smtConfig.php file to point to the URL of your Aanval console, and ensure the SMTID matches the SMTID of the sensor in your console.
Testing the SMTs is simple:
php smt aanval:SMT:run
Look for errors, correct as needed.
Starting the SMTs
php smt aanval:SMT:start
This will launch the SMTs into the background, and status can be monitored my tailing the smt.log file created.
Stopping the SMTs
php smt aanval:SMT:stop
This will launch stop the SMTs completely.
Check if SMTs are running
ps aux | grep SMT