Setting up Security Onion master server on AWS to work with sensors set up on physical deices on site

Josh Galloway

unread,

Aug 28, 2017, 11:57:35 AM8/28/17

to security-onion

I've seen the CloudClient document about setting up Security Onion sensors in a cloud environment, but what I'm trying to do is have the Security Onion server as an AWS EC2 instance and the sensors on physical devices on site. Has anyone done something similar to this?

One difficulty I'm encountering is when the sensors try to ssh into the master server, but being an AWS instance, it doesn't allow this without the .pem file. How could I configure that part of the sosetup on the sensors to use my key file instead of trying to login with username and password?

Also, what protocols does security onion use to send data from sensors to the server? Is that mostly over SSH?

tony upward

unread,

Oct 28, 2017, 2:17:20 PM10/28/17

to security-onion

I have been playing around with the same and experiencing similar issues - actually not even managed to get SO in AWS as an instance yet but interested to hear of your experiences so far?

William Plessinger

unread,

Nov 11, 2017, 6:10:15 AM11/11/17

to security-onion

I am setting up a similar lab but using google cloud instead of AWS. I've been able to ssh sensor to server by creating a .ppk in putty then using puttygen to convert to .pem then renaming to /home/'user'/.ssh/id_rsa, restarting openssh then sensor can ssh to server. All that being said the server(squert) has not identified the sensor yet. I believe this is a iptables issue on KVM(sensor host) but hope to work through it this weekend.

I believe the reliability of a cloud SO server in a geo distributed setup is viable. But would love to here others opinions.

Arnold Chan

unread,

Nov 14, 2017, 7:34:05 PM11/14/17

to security-onion

Hi William,

Good to know that you're trying to deploy the SO serer in Google Cloud.
I'm on the same boat at the moment. Please let me know how you go if there's any update on this.

Thanks.

Cheers,
Arnold

dvo...@gmail.com

unread,

Nov 23, 2020, 4:47:47 PM11/23/20

to security-onion

Hello All,

Did anyone get this up and running? I too am attempting to run the manager on an EC2 instance with the sensors as physical nodes and I'm also struggling to get the sensors to be able to communicate with the manager. Any (step-by-step) guides would be greatly appreciated!

Arnold Chan

unread,

Nov 23, 2020, 6:28:40 PM11/23/20

to securit...@googlegroups.com

Hi

You're lucky if you're on AWS.

Please refer to this guides:

https://medium.com/@wan0net/deploying-security-onion-on-amazon-web-services-aws-using-virtual-private-cloud-vpc-mirroring-5f336dcd6312

https://docs.securityonion.net/en/latest/cloud-ami.html

Cheers,

Arnold

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/BCxZUeyPcxA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/1c0f622f-8d58-428b-bcfe-08cdb11e3170n%40googlegroups.com.

Reply all

Reply to author

Forward