Project

General

Profile

Bug #1082

Problem to register my IDS (Suricata) on Prelude OSS

Added by Marc-Antoine delannoy 6 months ago. Updated 6 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
04/12/2019
Due date:
% Done:

0%

Resolution:

Description

Hi,
I have a problem to register my IDS (Suricata) on Prelude OSS. My IDS is on the same network but in a different CentOs VM. The prelude address is 192.168.0.2 and the IDS address is 192.168.0.3
I already installed from source : prelude-manager, prelude lml (not used), prelude-admin and libpreludedb. I configured the /usr/local/etc/prelude/default/client.conf
to change the server-addr=127.0.0.1 to server-addr=192.168.0.2
Same for prelude-manager.conf with listen = 192.168.0.2:5553
I verify the connection between my IDS and my Prelude with a ping.
Then I enter the command line on the prelude machine :
prelude-admin registration-server prelude-manager
and on the IDS :

prelude-admin register suricata "idmef:w admin:r" 192.168.0.2 –uid 1000 –gid 1500

I copy the one shot password but get this error message on my IDS :
Connecting to registration server (192.168.0.2 :5553)
Could not connect to 192.168.0.2 port 5553 : No route to host
So I scan my port and the number 5553 remains closed throughout all the process.
I may have missed a command line or configuration, so i reread the whole doc but I didn’t found anything about it.

Do you have any suggestions?

Thanks.

History

#1 Updated by Antoine LUONG 6 months ago

  • Status changed from New to Assigned
  • Assignee set to Antoine LUONG

Hello,

Did you check your firewall rules?

Regards

#2 Updated by Marc-Antoine delannoy 6 months ago

Thanks for your answer.
It's exactly the problem. I just have to use firewall-cmd command to solve it.
Sorry I thought prelude was in charge of opening the port. which is obviously not possible for security reasons.

Thank you.
Regards,

Marc-Antoine Delannoy

Also available in: Atom PDF