7 comments on “Installing SiLK on Security Onion

  1. "sudo update-rc.d rwflowpack start 20 3 4 5 ."
    This didn't start the service on reboot for me, I think the trailing dot is invalid
    "sudo update-rc.d rwflowpack defaults" worked for me.

  2. Thanks for the post Chris. This was exactly what I was looking for to get YAF, etc, set up on SO.

    I noticed that the services described here are started by initscripts and then restarted by watchdog scripts if they exit. This type of start-then-monitor requirement is so essential to all the sensors I build that I wrote a little tool called pmtr to do that. It starts my services at boot, and restarts them if they exit. It has one config file listing the services that make up my sensor. I just mention it for others who may need or prefer this type of job manager.

    http://troydhanson.github.io/pmtr/

    • Very cool! Thanks Troy! Glad you enjoyed the post, and a sincere thanks for taking the time to share your tool.

  3. the brackets around SENSOR-INTERFACE were striped due to xss protections .. should read

    'export SILK_DATA_ROOTDIR=/etc/nsm/SENSOR-INTERFACE/silk/'

Leave a Reply