Automated Installation with NetMon USB or ISO
LogRhythm provides a USB or ISO disk image to simplify the installation of NetMon, which is the only supported method of installation. The .iso is a bootable image that installs Rocky Linux 9.4 Minimal along with the NetMon software and pre-requisites.
The .iso installation is supported on systems containing up to four virtual disks.
Prerequisites
If you have not already registered, you can sign up for an account on the LogRhythm Community. Click Not a Member, and then complete the New Member Registration. Your registration confirmation will be emailed to you. Check your spam folder in case the approval email is not recognized.
Although strongly recommended, this step is not required before installing NetMon.
If you have not yet obtained the NetMon installation .iso, download the .iso from the Community. After logging in, click NetMon Resources, click the version of NetMon Freemium you would like to run, and then click Network Monitor ISO (Checksum) under the Installation Files header.
For a virtual installation, create a new VM that meets the following requirements:
OS Type is Linux
OS Version is Linux 64-bit or Other 64-bit
Hard drive, RAM, and processor meet the requirements stated in NetMon Reference Architecture.
Primary network adapter in “bridged” mode, and promiscuous mode is set to allow all traffic
VMware Workstation is powered on as “Startup Guest”; VirtualBox VM is powered on as “Normal Start”
Hyper-V deployments should use Gen2 VMs with Secure Boot configured for “Microsoft UEFI Certificate Authority”
If configuring a passthrough NIC for traffic inspection, you need to adjust the port security settings on the VM Switch Extension:
CODE$portFeature=Get-VMSystemSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings" $portFeature.SettingData.MonitorMode = 2 Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName SNIFF -VMSwitchExtensionFeature $portFeature
When configuring your Network Adapter on the Virtual Machine, set the Port Mirroring Mirroring Mode setting to “Destination” under “Advanced Features”:
NetMon includes a utility to assist with VM installation and configuration. For more information, see Configure Network Interfaces.
For a list of software packages installed with NetMon, see Open Source License Acknowledgements.
Installation Steps
To install NetMon using the LogRhythm .iso:
If you are installing on a physical computer, burn the .iso image to a writeable CD or DVD, or build a NetMon USB.
For a virtual install, you can mount the .iso for the installation.Boot the computer from the CD, DVD, or USB, or start the VM with the mounted .iso.
When the welcome screen loads, select Install LogRhythm Network Monitor.
The installer completes the installation and the system reboots.
Log In
When the system reboots, log in to the console using logrhythm as the login and changeme as the password.
To change the password for the logrhythm user, type the command passwd, type the default password (changeme), and then type and verify your new password.
After installing and logging in to your NetMon software, do not update the Rocky operating system using yum or any other method. An update could leave your NetMon system in an unusable state.
The default time zone for NetMon is Americas/Denver. To change this setting, open a command line and enter sudo timedatectl set-timezone <time zone>. To find the string that corresponds to your time zone, use the command sudo tzselect. For more information on this step, refer to Configure Time Sync and Time Zone.