Sensor Management Tools (SMT) enable the management of local or remote sensors within Aanval.
SMTs are required with all Snort and Suricata sensors for both local and remote installations.
More specifically the SMTs are able to fully manage Snort and Suricata, signatures / rules, as well as gather disk space, memory and CPU utilization, where it can be monitored directly within Aanval. The SMTs make the centralized management and monitoring of local and remote sensors simple, and efficient.
- Start, Stop and Reload Snort and Suricata
- Manage Snort and Suricata Signatures
- Manage Snort and Suricata Configuration
- Retrieve system logs
- Retrieve disk space, memory and CPU utilization details
- Monitor uptime
PHP 7 - The SMTs is a PHP binary that is placed on all local or remote sensors
Linux / Unix / MacOS
Where are the SMTs located?
The SMTs can be found within the var/smt/ directory of any Aanval 9 installation.
- Create a directory to store a copy of the SMTs and copy the contents of the var/smt/ directory into this location. Usually /smt in the root of the disk.
- Edit and configure smtConfig.php according to its contents and comments (ensuring the SMT ID matches that of the appropriate sensor in the console).
To properly test the SMTs to make sure you have them configured properly, and to look for any errors in your engine configuration, you will want to run them in the foreground.
Running the following command will test the SMTs
php smt aanval:SMT:run
Running the following command will start the SMTs:
php smt aanval:SMT:start
Running the following command will stop the SMTs:
php smt aanval:SMT:stop