Redis/Message Queing
96 views
Skip to first unread message
KennyWap
Mar 27, 2018, 5:28:41 PM3/27/18
to security-onion
After seeing changes to the wiki and the work on the Elastic Stack I saw recently that there is going to be implementation of message queing (Redis Server).
My question is why the choice over RabbitMQ or Apache's Kafka?
Since Redis is an in memory type of MQ/broker will there be an update to the recommended requirements to support Redis?
Again, Thanks to the Security Onion team for all the hours of work to putting an awesome product out!
Doug Burks
Mar 28, 2018, 12:49:35 PM3/28/18
to securit...@googlegroups.com
Hi KennyWap,
We chose Redis because it is simple, lightweight, and fast.
Currently, we only use Redis on distributed deployments where you've
chosen to extend your master server via additional storage nodes as
seen in the following architecture diagram:
https://user-images.githubusercontent.com/16829864/37864097-2b7afe3e-2f40-11e8-86f6-fd1e1dcc416d.png
Additionally, RC3 added controls to prevent Redis from using too much memory:
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release.html
Finally, we will be updating the Hardware Requirements page as we get
closer to final release:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Hardware
Hope that helps!
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
We chose Redis because it is simple, lightweight, and fast.
Currently, we only use Redis on distributed deployments where you've
chosen to extend your master server via additional storage nodes as
seen in the following architecture diagram:
https://user-images.githubusercontent.com/16829864/37864097-2b7afe3e-2f40-11e8-86f6-fd1e1dcc416d.png
Additionally, RC3 added controls to prevent Redis from using too much memory:
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release.html
Finally, we will be updating the Hardware Requirements page as we get
closer to final release:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Hardware
Hope that helps!
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
KennyWap
Mar 29, 2018, 5:14:25 PM3/29/18
to security-onion
Thanks for the reply! The architecture diagram was exactly what I was looking for. So will there be another option to create a storage node in the setup? and are the forward nodes the sensors?
Doug Burks
Mar 30, 2018, 10:37:37 AM3/30/18
to securit...@googlegroups.com
Replies inline.
On Thu, Mar 29, 2018 at 5:14 PM, KennyWap <kenneth...@gmail.com> wrote:
> Thanks for the reply! The architecture diagram was exactly what I was looking for. So will there be another option to create a storage node in the setup?
Yes, when you choose Production Mode and then select to join an existing deployment, you will get a screen like this:
> and are the forward nodes the sensors?
Yes, forward nodes run network sensor services like Bro, Snort/Suricata, and netsniff-ng. Full packet capture remains on forward nodes, but most other logs are forwarded to the master server (where they can be stored locally or distributed to storage nodes via redis).
For more information, please see the Elastic pages on our wiki, including:
Reply all
Reply to author
Forward
0 new messages