Distributed Install - Help

[raphaeleid]

Version

2.4.40

Installation Method

Security Onion ISO image

Description

installation

Installation Type

Distributed

Location

cloud

Hardware Specs

Exceeds minimum requirements

CPU

8

RAM

32

Storage for /

500

Storage for /nsm

500

Network Traffic Collection

tap

Network Traffic Speeds

Less than 1Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

I am currently deploying 3 servers for the distributed installation type:

• for the manager node, I selected managersearch because there is no searchnode option
• for the forward node I choose sensor
• for the storage node, what should I choose?

please correct me if i am wrong

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[petiepooo]

What you are calling Storage is called Search in the docs. You would want 1. Manager, 2. Search, and 3. Sensor. Sensor receives the TAP, generates the events and PCAPs, events get queued on Manager, and Search pulls them for indexing and storage.

Review the Distributed architecture docs for details.