Network throughput : Security Onion Sensor & Server Communication ?
366 views
Skip to first unread message
SJee
Oct 7, 2014, 6:50:12 AM10/7/14
to securit...@googlegroups.com
Hi,
Please refer the attached snap-shots
Used monitoring tool is: PRTG Network Monitor
Network Usage per month (Minimum)
Security Onion Server
5GB – Upload
24GB- Download
Security Onion Sensor
23GB – Upload
5GB - Download
We just want to realize the network throughput of the sensor-server architecture over the internet.
Please do verify,can we optimize the network bandwidth utilization (Specially upload link) of the sensor as it's 23GB/month?
Appreciate for the support.
Please refer the attached snap-shots
Used monitoring tool is: PRTG Network Monitor
Network Usage per month (Minimum)
Security Onion Server
5GB – Upload
24GB- Download
Security Onion Sensor
23GB – Upload
5GB - Download
We just want to realize the network throughput of the sensor-server architecture over the internet.
Please do verify,can we optimize the network bandwidth utilization (Specially upload link) of the sensor as it's 23GB/month?
Appreciate for the support.
Doug Burks
Oct 7, 2014, 7:47:31 AM10/7/14
to securit...@googlegroups.com
Hi SJee,
Are you asking about the amount of data sent from the sensor to the
server? What services are you running?
Please run the following command on both the server and sensor:
sudo sostat-redacted
There will be a lot of output, so you may need to increase your
terminal's scroll buffer OR redirect the output of the command to a
file:
sudo sostat-redacted > sostat-redacted.txt 2>&1
sostat-redacted will automatically redact any IPv4/IPv6/MAC addresses,
but there may be additional sensitive info that you still need to
redact manually.
Attach the output to your email in plain text format (.txt) OR use a
service like http://pastebin.com.
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Are you asking about the amount of data sent from the sensor to the
server? What services are you running?
Please run the following command on both the server and sensor:
sudo sostat-redacted
There will be a lot of output, so you may need to increase your
terminal's scroll buffer OR redirect the output of the command to a
file:
sudo sostat-redacted > sostat-redacted.txt 2>&1
sostat-redacted will automatically redact any IPv4/IPv6/MAC addresses,
but there may be additional sensitive info that you still need to
redact manually.
Attach the output to your email in plain text format (.txt) OR use a
service like http://pastebin.com.
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Mikie Mike
Nov 18, 2014, 10:43:00 AM11/18/14
to securit...@googlegroups.com
On Tuesday, 7 October 2014 12:47:31 UTC+1, Doug Burks wrote:
> Are you asking about the amount of data sent from the sensor to the
> server? What services are you running?
I am actually curious what data is being sent from the sensor to the server as well.
I'm seeing traffic hovering around 16kB/s (128kbps) from the sensor to the server and securityonion_db mysql database is increasing in size at similar rate even though number of alerts I can see in sguil (together with its capture data) doesn't seem to match it.
Is there an easy way of displaying the content of that traffic?
Mike
Doug Burks
Nov 18, 2014, 10:50:34 AM11/18/14
to securit...@googlegroups.com
It depends on the services you have enabled. You can take a look at
the sguild log file (/var/log/nsm/securityonion/sguild.log) and/or you
can provide the following:
Please run the following command on both the server and sensor:
sudo sostat-redacted
There will be a lot of output, so you may need to increase your
terminal's scroll buffer OR redirect the output of the command to a
file:
sudo sostat-redacted > sostat-redacted.txt 2>&1
sostat-redacted will automatically redact any IPv4/IPv6/MAC addresses,
but there may be additional sensitive info that you still need to
redact manually.
Attach the output to your email in plain text format (.txt) OR use a
service like http://pastebin.com.
the sguild log file (/var/log/nsm/securityonion/sguild.log) and/or you
can provide the following:
Please run the following command on both the server and sensor:
sudo sostat-redacted
There will be a lot of output, so you may need to increase your
terminal's scroll buffer OR redirect the output of the command to a
file:
sudo sostat-redacted > sostat-redacted.txt 2>&1
sostat-redacted will automatically redact any IPv4/IPv6/MAC addresses,
but there may be additional sensitive info that you still need to
redact manually.
Attach the output to your email in plain text format (.txt) OR use a
service like http://pastebin.com.
Reply all
Reply to author
Forward
0 new messages