Applies to Product:

USM Appliance™

AlienVault OSSIM®

This process has three tasks you perform in the following order:

• Configuring the Secondary Standard Sensor for HA
• Configuring the Primary Standard Sensor for HA
• Configuring Communication Between the Standard Sensors and the Standard Servers

Configuring the Secondary Standard Sensor for HA

To configure a secondary sensor in HA

1. Log into the secondary Standard Sensor.
2. From the AlienVault Setup Main menu, select Jailbreak System and press Enter (<OK>).
3. Press Enter (<Yes>) to continue.

   The command line prompt appears.

4. Configure the secondary (slave) sensor:

   1. Edit the file /etc/ossim/ossim_setup.conf as indicated by the angle-bracketed variables:

      ha_heartbeat_start=yes

      ha_local_node_ip=<slave_appliance_IP>

      ha_other_node_ip=<master_appliance_IP>

      ha_other_node_name=<master_appliance_name>

      ha_password=<password>

      **Password must be same for both slave and master**

      ha_role=slave

      ha_virtual_ip=<virtual_appliance_IP>

      Important: The ha_role value must always equal "slave" for the secondary node.

   2. Save the changes.

5. Enable HA in the secondary node:

   screen alienvault-ha-assistant -e

   Note: Use screen to keep the process running in the background even when the session disconnects.

6. Check that the secondary node is up and running

   alienvault-ha-assistant -s

7. When prompted, enter the password for the primary (master) root user.

   You must wait about five minutes until you see output, as shown in Step 8 of Configuring the Secondary Standard Server for HA.

Configuring the Primary Standard Sensor for HA

To configure the primary sensor for HA

1. From the primary Standard Sensor, access the file /etc/ossim/ossim_setup.conf, as described in Configuring the Secondary Standard Sensor for HA.
2. Change its fields as indicated below:

ha_heartbeat_start=yes

ha_local_node_ip=<primary_appliance_IP>

ha_other_node_ip=<secondary_appliance_IP>

ha_other_node_name=<secondary_appliance_name>

ha_password=<password>

**Password must be same for both secondary and primary (master)**

ha_role=master

ha_virtual_ip=<virtual_appliance_IP>

3. Save the changes.

4. Enable HA in the primary (master) node by typing the following command:

   screen alienvault-ha-assistant -e

   Note: Use screen to keep the process running in the background even when the session disconnects.

5. Swap the token with the secondary node, effectively making the primary node active:

   alienvault-ha-assistant –w

6. Check that the primary node is up and running:

   alienvault-ha-assistant –s

7. When prompted, enter the remote (slave) root user password.

   After about five minutes, you see output, as shown in Step 8 of Configuring the Secondary Standard Server for HA

Configuring Communication Between the Standard Sensors and the Standard Servers

You configure communication between servers and sensors in the following order:

1. First: Primary sensor to primary server
2. Second: Secondary sensor to primary server
3. Third: Primary sensor and secondary server
4. Fourth: Secondary sensor and secondary server

Configuring Communication Between the Primary Sensor and the Primary Server

To configure communication between the primary sensor and the primary server

1. Log into the primary Standard Sensor.

Note: If you are still logged into the appliance from the previous task and in command line mode, return to the Setup Main menu by entering alienvault-setup.

2. From the AlienVault Setup Main menu, select Configure Sensor > Configure AlienVault Server IP.
3. Enter the virtual IP address of the USM Appliance Standard Server pair and press Enter (<OK>).
4. Select Configure AlienVault Framework IP, then enter the same IP address; press Enter (<OK>).
5. Launch the AlienVault USM Appliance web interface and go to Configuration > Deployment > Components > Sensors.
6. Insert the primary USM Appliance Standard Sensor.

Configuring Communication Between the Secondary Sensor and the Primary Server

This task uses the AlienVault console exclusively.

To add the secondary sensor to the primary server

1. Log into the primary Standard Server and select Jailbreak System, press Enter (<OK>), and again Enter (<Yes>).

2. At the command prompt, enter the following:

alienvault-api add_system –-system-ip=<secondary_Std_Sensor_ip> --password=<password> --ha

Configuring Communication Between the Primary Sensor and the Secondary Server

To add the primary sensor to the secondary server

1. Log into the secondary Standard Server, repeat step 1. (jailbreak the system) of the previous task.

2. At the command prompt, enter the following:

alienvault-api add_system –-system-ip=<primary_Std_Sensor_ip> --password=<password> --ha

Configuring Communication Between the Secondary Sensor and the Secondary Standard Server

To add the secondary sensor to the secondary server

1. On the secondary Standard Server, repeat step 1. (jailbreak the system) of the previous task.

2. At the command prompt, enter the following:

alienvault-api add_system –-system-ip=<secondary_Std_Sensor_ip> --password=<password> --ha

Next...

You must add server-specific firewall rules to any new sensors; see Duplicating Firewall Rules in USM Appliance Standard Sensors