Cisco Stealthwatch Hardware Deployment And Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Storage
  5. Stealthwatch
  6. Hardware deployment and configuration manual
Cisco Stealthwatch Hardware Deployment And Configuration Manual

Cisco Stealthwatch Hardware Deployment And Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Cisco Stealthwatch
Data Store Hardware Deployment and Configuration Guide 7.3.2

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Stealthwatch and is the answer not in the manual?

Questions and answers

Related Manuals for Cisco Stealthwatch

Summary of Contents for Cisco Stealthwatch

  • Page 1 Cisco Stealthwatch Data Store Hardware Deployment and Configuration Guide 7.3.2...

  • Page 2: Table Of Contents

    Data Store Initialization and Configuration UDP Director (Optional) Deployment Flow Sensor (Optional) Deployment Failover Stealthwatch Management Console (Optional) Deployment Flow Interface Statistics Retention Configuration Data Store Installation Next Steps Data Store Maintenance © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 2 -...
  • Page 3 Power Supply Considerations Rack Configuration Considerations Appendix B. Stealthwatch Hardware Installation Mounting Your Appliance Hardware Included with the Appliance Additional Required Hardware Connecting Your Appliance to the Network © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 3 -...
  • Page 4 Best Practices Configuration Order 1. Log In 2. Configure the Appliance 3. Register the Stealthwatch Management Console 4. Add Appliances to Central Management 5. Confirm Appliance Status © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 4 -...

  • Page 5: Data Store Installation And Configuration Introduction

    Introduction Overview This guide explains how to install the Stealthwatch Data Store as part of a Stealthwatch System deployment. It describes the Stealthwatch System components and how they are placed in the system, especially in relation to the Data Store.
  • Page 6 IP address and other related management information. Appendix C. Configuring Your Provides an overview for using Appliance Setup Appliances Tool to configure your Stealthwatch appliances. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 6 -...

  • Page 7: Data Store Concepts And Architecture

    Data Store Concepts and Architecture Data Store Concepts and Architecture The Stealthwatch Data Store provides a central repository to store your network's telemetry, collected by your Stealthwatch Flow Collectors. The Data Store is comprised of a cluster of Data Nodes, each containing a portion of your data, and a backup of a separate Data Node's data.
  • Page 8 Data Node, and creates a backup of data on that Data Node. See the following diagram for an example of how Data Nodes store telemetry: © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 8 -...
  • Page 9 Data Store Concepts and Architecture Stealthwatch Data Store Deployment Architecture In a Stealthwatch deployment without a Data Store, one or more Flow Collectors ingests and deduplicates data, performs analysis, and reports data and results directly to the SMC. To resolve user-submitted queries, including graphs and charts, the SMC queries all of the managed Flow Collectors.
  • Page 10 Data Store Concepts and Architecture In a Stealthwatch deployment with a Data Store, the Data Store cluster sits between your SMC and Flow Collectors. One or more Flow Collectors ingests and deduplicates flows, performs analysis, and reports data and results directly to the Data Store, distributing it roughly equally to all of the Data Nodes.
  • Page 11 SMC. Use the Stealthwatch Web App to monitor and configure your Stealthwatch installation if you deploy a Data Store. The Stealthwatch Desktop Client is incompatible with a Data Store. If you configure your SMC for use with a Data Store, you cannot use the ETA Cryptographic Audit or Host Classifier apps.
  • Page 12 Data Node Data Store Deployment Requirements and Considerations for more detailed information on deployment and deployment prerequisites. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 12 -...

  • Page 13: Data Store Deployment Prerequisites And Recommendations

    Minimum of 1 Stealthwatch Management Console Management Console Flow Collector Minimum of 1 Flow Collector Note that you must obtain a Flow Rate (FPS) Smart License for your overall Stealthwatch deployment. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 13 -...
  • Page 14 100Mbps/1Gbps/10 Gbps copper interface as eth0 You can also deploy Flow Sensors and UDP Directors for your Stealthwatch deployment. Because these appliances do not communicate directly with the Data Store, you do not need to configure them for use with a Data Store.

  • Page 15: Stealthwatch Management Console Ve

    200 microseconds between and among Data Nodes Inter-Data Node Keep clock skew at 1 second or lower between and among Communications your Data Nodes. Establish a recommended throughput of 6.4 Gbps or greater © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 15 -...
  • Page 16 Data Nodes must be able to reach SMC, all Flow Collectors, and each Data Node Note that you must obtain a Flow Rate (FPS) Smart License for your overall Stealthwatch deployment. Currently, the Data Store does not support deploying spare Data Nodes as automatic replacements if a primary Data Node goes down.
  • Page 17 Data Nodes, and quicker Data Node addition or replacement to the Data Store, as each new Data Node receives traffic from adjacent Data Nodes to populate its data. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 17 -...
  • Page 18 LAN or VLAN for inter-Data Node communications. You can share these switches with other appliances, but create separate LANs or VLANs for the additional appliance traffic. See the following diagram for an example: © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 18 -...
  • Page 19 Data Store Deployment Prerequisites and Recommendations © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 19 -...

  • Page 20: Data Store Deployment Requirements And Considerations

    NOC. If the Data Store goes down due to loss of power or hardware failure, you run an increased risk of data corruption and data loss. Cisco recommends installing your Data Nodes with constant uptime in mind.

  • Page 21: Data Store Communications Ports

    CIMC. Data Store Communications Ports The following diagram shows an example Stealthwatch architecture, with the communication ports that should be opened. See the table for the ports associated with each callout.
  • Page 22 The following lists the communication ports to open on your firewall to deploy the Data Stealthwatch x2xx Series (with Data Store) Appliance Installation Store. See the Guide  for additional communication ports to open for your overall Stealthwatch deployment. From (Client) To (Server)
  • Page 23 Node messaging Data Nodes 4803/UDP Nodes service all other Data inter-Data Node messaging Data Nodes 4804/UDP Nodes service SMC, Flow Data Nodes 5433/TCP Vertica client connections © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 23 -...
  • Page 24 Vertica messaging service Data Node 5433/UDP Node monitoring sFlow Flow Collectors 6343/UDP sFlow ingestion Exporters - sFlow all other Data inter-Data Node messaging Data Nodes 6543/UDP Nodes service © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 24 -...

  • Page 25: Stealthwatch With A Data Store Deployment Overview

    Stealthwatch with a Data Store Deployment Overview Stealthwatch with a Data Store Deployment Overview The following describes the high-level steps for deploying Stealthwatch with a Data Store: SMC Configuration for Use with a Data Store - Deploy and configure your SMC, then install the latest version and rollup patch before you proceed.

  • Page 26: Data Store Installation

    Data Store Installation Data Store Installation If you plan on purchasing a Stealthwatch Data Store, contact Cisco Professional Services for assistance with placement, deployment, and configuration within and as part of your overall Stealthwatch deployment. Contact Cisco Support for more information.

  • Page 27: Data Store Initial Deployment And Configuration

    After you deploy your SMC, deploy and configure your Data Node appliances. When Data Store deploying your Data Nodes and connecting them to your network, review Deployment Requirements and Considerations For each Data Node, perform the following: © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 27 -...
  • Page 28 After you have deployed and configured all of your Data Nodes, configure your Flow Collector Configuration for Use with a Flow Collectors, as described in Data Store © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 28 -...

  • Page 29: Flow Collector Configuration For Use With A Data Store

    Use Central Management to perform Flow Collector configuration and other related tasks. If you want to monitor storage statistics, download the Report Builder App to your SMC. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 29 -...

  • Page 30: Data Store Initialization And Configuration

    Procedure In the Appliance Inventory, compare your list of Data Nodes and Flow Collectors, and secondary SMC if you deployed one, to the list in the © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 30 -...
  • Page 31 Collector, and 3 Data Nodes as a prerequisite Prompts you for passwords related to the Data Store Distributes passwords and certificates across all appliances and the Data Nodes within the Data Store © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 31 -...
  • Page 32 After the wizard finalizes Data Store setup, check the Central Management inventory to verify that all appliances are Up. Your Stealthwatch deployment with a Data Store is complete. Assign the...

  • Page 33: Udp Director (Optional) Deployment

    After you finish configuring the secondary SMC, and the primary SMC is managing it through Central Management, configure your flow interface statistics data retention, as Flow Interface Statistics Retention Configuration described in © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 33 -...

  • Page 34: Flow Interface Statistics Retention Configuration

    (such as flow statistics), so we limit the flow interface statistics retention period to seven (7) days maximum by default. You can use the Stealthwatch REST API to change the flow interface statistics retention period: to a different number of days, up to 3000, or store the data as long as possible, until the Data Store reaches maximum capacity.
  • Page 35 Response in subsequent REST API calls for this session. Your session is valid for Body 20 minutes. Retrieve the current Data Store data retention settings Request resource information © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 35 -...
  • Page 36 Update the Data Store flow interface statistics data retention settings Request resource information Resource Description https://[smc-eth0-ip]/smc- configuration/rest/v1/cds/retentionsettings Update the current Data Store flow interface statistics data retention Description © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 36 -...
  • Page 37 It stores this value internally as as a default value, regardless of what you pass in this interfaceRetentionAmount situation. Success response code and information © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 37 -...
  • Page 38 Replace with the SMC's IP address. [smc-eth0-ip] eth0 Copy the updated command, paste it into the command line, and press Enter to retrieve the current retention settings. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 38 -...
  • Page 39 After you update the retention settings, you do not need to restart any Stealthwatch appliance or the Data Store. The settings take effect after a few minutes. However, when you change the flow interface statistics retention to a longer period, you must wait for the difference of time to expire before the data being stored corresponds exactly to the retention settings.

  • Page 40: Data Store Installation Next Steps

    Data Store Installation Next Steps Data Store Installation Next Steps After you deploy and configure your Stealthwatch deployment for use with a Data Store: Report Builder App: Install the Stealthwatch Report Builder app on your SMC to run reports on your Stealthwatch deployment, and to view Data Store storage release notes statistics.

  • Page 41: Data Store Maintenance

    Copy the updated command, paste it into the command prompt, and press Enter to stop the Data Node. Copy the following command and paste it in a plaintext editor: © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 41 -...

  • Page 42: Restart The Data Store

    -d sw -F Flow Collectors or SMC connections. From the command prompt, enter /opt/vertica/bin/admintools -t and press Enter to restart the Data Store. start_db -d sw © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 42 -...

  • Page 43: Creating A Data Store Backup

    /opt/vertica/bin/vsql -U dbadmin -c "SELECT SUM(used_ bytes) FROM storage_containers;" Multiply the sum by 2 to estimate how much storage space your backup host needs. Prepare a backup host: Before You Begin © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 43 -...
  • Page 44 Enter to assign a password to passwd dbadmin dbadmin New password Enter a and press Enter to set the password. Confirm dbadmin the password when prompted. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 44 -...
  • Page 45 Note the Data Node you use to initialize the backup directory. You also perform the backup from this Data Node, as described in Backup the Data Store Procedure © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 45 -...
  • Page 46 Copy the following lines and paste them into a plaintext editor: [Mapping] v_sw_node0001 = backup-host-ip:/home/dbadmin/backups v_sw_node0002 = backup-host-ip:/home/dbadmin/backups v_sw_node0003 = backup-host-ip:/home/dbadmin/backups © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 46 -...
  • Page 47 -t backup -c config.ini --debug 3 --dry-run Enter to perform a test of the backup without creating the backup. You have the following options: © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 47 -...

  • Page 48: Restoring A Data Store Backup

    If the backup test fails to resolve, review the debug log files in the directory, resolve the root cause, then test the backup again. /tmp/vbr Contact Cisco support for assistance if you cannot resolve the issue. Enter and press Enter to backup the Data vbr -t backup -c config.ini...
  • Page 49 After you restart the Data Store, remove the snapshot named . This snapshot catalog is not required after the restore resolves, and prevents Vertica from running retention management. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 49 -...

  • Page 50: Adding Three Data Nodes To The Data Store

    Ensure that your SMC is not connected to the Data Store and querying or otherwise updating the Data Store. Delete old, unused data partitions. Contact Cisco Professional Services for assistance with identifying these partitions. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 50 -...

  • Page 51: Adding Data Nodes To The Data Store

    After you add the Data Nodes to your database, rebalance data across the Data Nodes to create balanced data storage on each Data Node. Rebalance data in the Data Store: Before You Begin Log into a Data Node as root Procedure © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 51 -...

  • Page 52: Removing A Data Node From The Data Store

    Enter to run the following commands as the su - dbadmin user. dbadmin Copy the following command and paste it into a plaintext editor: /opt/vertica/bin/admintools -t db_remove_node -d sw -s [data-node-hostname] © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 52 -...

  • Page 53: Replace A Data Node With A Spare Data Node With A Different Ip Address

    Enter to run the following commands as the su - dbadmin user. dbadmin Copy the following command and paste it in a plaintext editor: /opt/vertica/bin/admintools -t stop_host -s [node-ip- addresses] © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 53 -...
  • Page 54 Data Node from the Data Store. Copy the following command and paste it in a plaintext editor: /opt/vertica/bin/admintools -t restart_node -s [new-data- node-hostname] © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 54 -...

  • Page 55: Adding Smcs And Flow Collectors After You Initialize The Data Store

    If you have existing SMCs or Flow Collectors that you configured for use without a Data Store, and you want to add them to a Stealthwatch deployment, you must RFD the appliances first, configure the appliances for use with a Data Store, and add them to your deployment.
  • Page 56 . Wait several minutes for the system to recognize and add your SMC or Flow Collector. Check Central Management to ensure that your newly added appliance is Up. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 56 -...

  • Page 57: Data Store Deployment Troubleshooting

    Before You Begin Log into the Data Node's CLI as root. Procedure Copy the following command and paste it into a text editor: tail /lancope/var/database/dbs/sw/v_sw_[node_name]_ catalog/ErrorReport.txt © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 57 -...
  • Page 58 Node to recover. What to Do Next Data Review Cisco's recommendations for supplying power to your Data Nodes in Store Deployment Requirements and Considerations Data Store Does Not Start After Power Failure: If multiple Data Nodes lose power unexpectedly, and the Data Store database goes down, it may not automatically restart after you restore power to the affected Data Nodes.
  • Page 59 If you attempt to restart the Data Store database, and the console notes Data Nodes that could not be reached by SSH, enable SSH for these Data Nodes, then try this procedure again. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 59 -...

  • Page 60: Appendix A. Installation Preparation

    Before working on a chassis or working near power supplies, unplug the power cord on AC units; disconnect the power at the circuit breaker on DC units. Statement 43—Jewelry Removal Warning © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 60 -...
  • Page 61 Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1040—Product Disposal Ultimate disposal of this product should be handled according to all national laws and regulations. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 61 -...

  • Page 62: Installation Guidelines

    Installation of the equipment must comply with local and national electrical codes. Statement 371—Power Cable and AC Adapter When installing the product, please use the provided or designated connection cables/power cables/AC adaptors/batteries. Using any other cables/adaptors © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 62 -...
  • Page 63 Avoid UPS types that use ferroresonant technology. These UPS types can become unstable with these systems, which can have substantial current draw fluctuations from fluctuating data traffic patterns. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 63 -...

  • Page 64: Safety Recommendations

    Determine whether the person needs rescue breathing or external cardiac compressions; then take appropriate action. Use the chassis within its marked electrical ratings and product usage instructions. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 64 -...

  • Page 65: Prevent Esd Damage

    If you are using dual redundant (1+1) power supplies, we recommend that you use independent electrical circuits for each power supply. Install an uninterruptible power source for your site, if possible. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 65 -...

  • Page 66: Rack Configuration Considerations

    The best placement of the baffles depends on the airflow patterns in the rack. Experiment with different arrangements to position the baffles effectively. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 66 -...

  • Page 67: Appendix B. Stealthwatch Hardware Installation

    Configuring Network Settings Using First Time Setup Mounting Your Appliance You can mount Stealthwatch appliances directly in a standard 19'' rack or cabinet, any other suitable cabinet, or on a flat surface. When mounting an appliance in a rack or cabinet, follow the instructions included in the rail mounting kits.

  • Page 68: Connecting Your Appliance To The Network

    For detailed specification information about each appliance, refer to Stealthwatch Specification Sheets The Cisco x2xx hardware all use the same UCS platform, UCSC-C220-M5SX, except for the Flow Collector 5210 DB, which uses UCSC-C240-M5SX. The variations in appliances are in NIC cards, processor, memory, storage and RAID.
  • Page 69 Connect the other end of the Ethernet cables to your network’s switch. Connect the power cords to the power supply. Some appliances have two power connections: Power Supply 1 and Power Supply 2. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 69 -...

  • Page 70: Connecting To Your Appliance

    If you have a USB keyboard, connect it to a USB connector. Connect the video cable to the video connector. The login prompt appears. Configuring Network Settings Using First Time Continue with the section, Setup © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 70 -...

  • Page 71: Connecting With A Laptop

    Stop bit: 1 Parity: None Flow Control: None The login screen and login prompt are displayed. Configuring Network Settings Using First Continue with the next section, Time Setup © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 71 -...

  • Page 72: Configuring Network Settings Using First Time Setup

    General Stealthwatch Appliance Configuration For all appliances except for Data Nodes, the SMC 2210, and FC 4210, First Time Setup displays the following configuration: Configure the appliance's IP address and management information © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 72 -...
  • Page 73 Data If you are configuring a Data Store-compatible SMC or Flow Collector, go to Store-Compatible Appliances (SMC 2210, FC 4210) If you are configuring any other Stealthwatch appliance, start with step 1. Procedure Log in to the System Configuration program: If you are configuring a Data Node or Data Store-compatible appliance, type...

  • Page 74: Data Store-Compatible Appliances (Smc 2210, Fc 4210)

    Collector, see information on the supported SFP+ and BASE-T ports. If you are configuring a Data Node, go to Data Node Configuration If you are configuring any other Stealthwatch appliance besides Data Store- General Stealthwatch Appliance Configuration compatible appliances, see Procedure...
  • Page 75 Go to step 3. Procedure Log in to the System Configuration program: If you are configuring a Data Store-compatible appliance, type , and root Enter then press © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 75 -...
  • Page 76 Store if you deploy a Data Store. You cannot configure some of your Flow Collectors to connect to the Data Store and others to connect directly to the SMC. Before You Begin © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 76 -...
  • Page 77 Stealthwatch deployment to store Firepower event information. Your Flow Collector will ingest Firepower event information and send it to the Data Store for storage. You can then query this Firepower event information from your Stealthwatch Management Console or Firepower Management Center.

  • Page 78: Data Node Configuration

    You must RFD the appliance if you select the wrong choice. Enable this only if you plan to use Stealthwatch for Security Analytics and Logging On Prem to store your Firepower event information. Select to disable Security Analytics and Logging On Prem. You can ingest NetFlow on your Flow Collector.
  • Page 79 Appendix B. Stealthwatch Hardware Installation Data If you are configuring a Data Store-compatible SMC or Flow Collector, go to Store-Compatible Appliances (SMC 2210, FC 4210) If you are configuring any other Stealthwatch appliance besides Data Store- compatible appliances, see General Stealthwatch Appliance Configuration Procedure...
  • Page 80 Configure eth2 and eth3 for inter-Data Node com- munications: When configuring a Data Node appliance, configure the inter-Data Node communication port with a non-routable IP address. You can configure one of the following: © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 80 -...
  • Page 81 On completion, the Login page opens. What to Do Next Changing the Sysadmin User Password Change user passwords. See for more information. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 81 -...

  • Page 82: Changing The Sysadmin User Password

    On the System Configuration menu, select and press If you change the trusted hosts list from the defaults, make sure each Stealthwatch appliance is included in the trusted host list for every other Stealthwatch appliance in your deployment. Otherwise, the appliances will not be able to communicate with each other.
  • Page 83 You are now ready to configure your appliance. To configure your appliance, refer to the applicable Stealthwatch System Configuration Guide for your software version. The x2xx Series is compatible with Stealthwatch 7.x software versions. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 83 -...

  • Page 84: Appendix C. Configuring Your Appliances

    SMC Failover If you have more than one Stealthwatch Management Console (SMC), you can set up an SMC failover pair so that one of them serves as backup console to the other. Use the Appliance Setup Tool to configure each individual SMC.

  • Page 85: Configuration Order

    Up before Series Engine you start the engine configuration. All Other Flow Collectors (NetFlow and sFlow) Make sure your Flow Collector is shown Flow Sensors © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 85 -...

  • Page 86: Log In

    When you log in to the appliance for the first time, the Appliance Setup Tool guides you through each configuration step. 1. Change Default Password: Enter new passwords for admin, root, and sysadmin. Next Click to scroll to each user. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 86 -...
  • Page 87 Network Domain: A fully qualified domain name is required for each appliance. Stealthwatch Domain (SMC only): Enter a Stealthwatch domain for your Stealthwatch appliances. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 87 -...

  • Page 88: Register The Stealthwatch Management Console

    Follow the on-screen prompts while the appliance restarts. Wait a few minutes for your new system settings to take effect. You may need to refresh the page. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 88 -...

  • Page 89: Add Appliances To Central Management

    SMC. Enter the login credentials for your primary SMC. Select your Stealthwatch Domain. Flow Collectors: Enter the Flow Collection port number. © 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 89 -...

  • Page 90: Confirm Appliance Status

    , and complete the 5. Confirm Appliance Status procedures through If you don't have another appliance to set up, go to the Stealthwatch System Configuration Guide for more information on how to complete Appliance Stealthwatch Data Store Deployment Configurations. Alternatively, return to the Overview to review the deployment process.
  • Page 91 Copyright Information Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this https://www.cisco.com/go/trademarks URL:  . Third-party trademarks mentioned are the property of their respective owners.

Table of Contents