LogRhythm provides an .iso disk image to simplify the installation of NetMon. The .iso is a bootable image that installs CentOS 7.9 Minimal and NetMon.

When installing CentOS, all of the required disk partitions will be created and sized according to LogRhythm’s recommendations.

The .iso can be used to install CentOS and NetMon on a physical or virtual system that has a primary disk as small as 60 GB.

The .iso installation is supported on systems containing up to four physical disks.

Prerequisites

  • If you have not already registered, you can sign up for an account on the LogRhythm Community. Click Not a Member, and then complete the New Member Registration. Your registration confirmation will be emailed to you. Check your spam folder in case the approval email is not recognized.

    Although strongly recommended, this step is not required before installing NetMon.
  • If you have not yet obtained the NetMon installation .iso, download the .iso from the Community. After logging in, click NetMon Resources, click the version of NetMon Freemium you would like to run, and then click Network Monitor ISO (Checksum) under the Installation Files header.
  • For a virtual installation, create a new VM that meets the following requirements:
    • OS Type is Linux
    • OS Version is Linux 64-bit or Other 64-bit
    • Hard drive, RAM, and processor meet the requirements stated in Select the Installation Platform
    • Primary network adapter in “bridged” mode, and promiscuous mode is set to allow all traffic

    • VMware Workstation is powered on as “Startup Guest”; VirtualBox VM is powered on as “Normal Start”

      NetMon includes a utility to assist with VM installation and configuration. For more information, see Configure NetMon on a VMware vSphere Virtual Machine.
  • For a list of software packages installed with NetMon, see Third-Party License Acknowledgments.

Installation Steps

To install CentOS 7.9 Minimal and NetMon using the LogRhythm .iso:

  1. If you are installing on a physical computer, burn the .iso image to a writeable CD or DVD, or build a NetMon USB. For a virtual install, you can mount the .iso for the installation.
  2. Boot the computer from the CD, DVD, or USB, or start the VM with the mounted .iso.
  3. When the welcome screen loads, select Install LogRhythm Network Monitor.
    The installer completes the installation and the system reboots.

Log In

  1. When the system reboots, log in to the console using logrhythm as the login and changeme as the password.

  2. To change the password for the logrhythm user, type the command passwd, type the default password (changeme), and then type and verify your new password.

    You will need to change the input interface for analyzing network traffic in the NetMon Web Management interface. By default, this field is set to bond0. For more information, see Change Engine Parameters.
After installing and logging in to your NetMon software, do not update the CentOS operating system using yum or any other method. An update could leave your NetMon system in an unusable state.
The default time zone for NetMon is Americas/Denver. To change this setting, open a command line and enter sudo timedatectl set-timezone <time zone>. To find the string that corresponds to your time zone, use the command sudo tzselect.