11.5 Adding Sensors to the Console

This section explains how to add new sensors to SnortCenter and how to properly configure them using the provided menus.

11.5.1 Configuring Sensors Within the SnortCenter Console

Adding new sensors to the list of available sensors on the SnortCenter console is a simple task. Click on the Sensor Console drop-down menu and select the Add Sensor option. Customize the sensor name to be descriptive of that device. Fill in the correct IP address of the sensor and add port number 2525. (If the sensor is on the other side of a firewall, you may need to add a rule to allow it to pass port 2525 traffic.) Define a username and password. Identify the default sniffing interface on the sensor and the Snort command-line options.

Once a new sensor has been added, confirm that you can connect to it via the SnortCenter display. Make certain this sensor has the management console IP address listed as an allowable address—this should have been done using the setup.sh file under the snortcenter-agent/ directory. If a connection cannot be established, revisit the configuration.

After confirming connectivity, open the Sensor Config Output Plugin Selection menu on the SnortCenter page. The Sensor Scope field at the top of this page provides a selection of the available configured sensors. Select the new, added sensor and activate the output database. Return to the View Sensors page and push the custom rules from the management console to the sensor. Activate the Snort program on the remote sensor. All sensors should now be visible along with their status via the View Sensors page.