Before doing anything else, set up NTP for the CMC and all sensors. This is critical to ensure that your sensors . Then make sure the date and time are the same for all boxes involved.
- Select Settings > Date/Time.
- Under Appliance Time, manually set the date and time to within 100 seconds of NTP time.
- Under Network Time Protocol, select Use Network Time Protocol (NTP).
- Set the Primary and at least the Secondary NTP servers for your site.
- If you want to verify ntp is working properly, login as root and run ntpq -p. The offset should be less than 5.0. Preferably less than 1.0.
When Adding a second CMC
NOTE: If this is the second CMC to be configured for your sensors, you MUST configure a different subnet for its VPN. Follow these steps to configure the new VPN subnet.
WARNING - If you do not perform these steps, the sensors may see Error Code 26 when attempting to connect to the second CMC.
- On the second CMC, click CMC, clear all sensors, and click Dashboard.
- Select Central Management > Settings.
- Select Reset Settings. WARNING - This will remove all sensors that are now connected and any favorites (indicators) or actions (rules) that were configured through the CMC.
- Enter a subnet that is not currently in use. NOTE: The address space should be large enough to provide two IP addresses for each sensor that the CMC controls.
- Click Save.
Add the Sensor to the CMC
- Obtain the eth0 IP addresses of all sensors and the CMC.
- On the CMC, select Settings > Users and Groups > Remote Groups.
- Edit the admin remote group. Add admin as a user.
- Select Settings > Central Management > Sensors.
- Select Tools > New.
- Provide a descriptive name for the sensor. The hostname is a good choice. (Only the first 15-20 characters of the sensor name are visible, so put the more distinguishing part of the name first.)
- Type "ad" for Authorizations and when it appears, select admin. Typing in admin does not work without selecting admin when presented.
- Optional - Add admin to the Remote Groups field in the same way.
- Click Save.
- At the top left click Download Key. This saves the authorization key file _auth_key.tar.gz to your workstation.
Connect the Sensor to the CMC
- On the sensor, select Settings > Central Management. If there are other CMCs present that are no longer in operation-or whose VPNs you reset-you must manually delete the CMC's entry.
- Click the green New button on the far right.
- For Authorization Key File, click Browse and then select the _auth_key.tar.gz file saved earlier.
- Enter the IP of the CMC.
- Click Save. The CMC entry should show up in five minutes or less.
- On the CMC, click the product logo to go to the Dashboard.
- You should see a graphical box under Your Sensors with the display name you entered earlier, the connection status, the capture status, and the software version number of the sensor.
- Click Manage Sensors for more details. You should see a name, VPN IP address, Authorized Users (showing admin) and Authorized Remote Groups of (showing admin) along with the hardware model number and software version number.
- Add all the other sensors by following the same procedure.
Test the Connection
- Click CMC on the menu bar and select two or more sensors.
- Click Update with Selected.
- The new Alerts Management Dashboard is displayed in 7.2.1, with aggregated data from the selected sensors.