Articles in this section

See more

Quick Start Guide: Linux KVM

Avatar
Support Team
Updated
Follow

Introduction
This guide describes how to download, deploy and register a Sinefa Probe on a Linux KVM hypervisor.

Overview
Prerequisites
Network Setup
Step 1: Download
Step 2: Deploy
Step 3: Registration
Step 4: Subscription
Step 5: Direct SPAN traffic (only for out-of-path deployment)

 

Prerequisites
This Quick Start Guide assumes the following:

  • You have a Sinefa Account (if not, go to https://www.sinefa.com/ and click on "Free Trial")
  • A Linux KVM hypervisor
  • At least 2GB of RAM resource
  • At least 1 vCPU resource
  • 8GB of HDD space
  • 1 NIC with Internet access and 1 dedicated NIC connected to your SPAN/Mirror Port (no other devices can be connected to this NIC as it's purely for traffic monitoring purposes)
  • The Virtual Machine will have Internet access
For general help and support with Linux KVM, visit http://www.linux-kvm.org.

 

Out-of-path (SPAN) deployment             In-Line deployment                       



eth0 will be management port and pick up an IP Address via DHCP (if no DHCP is available you can configure a static address).

Send SPAN traffic to eth1. eth1 will be used exclusively by the Sinefa VM and cant be used by any other VM on the server. See Setup instructions for SPAN port for more details.

  



Connect eth0 to the LAN side switch. Connect eth1 to the WAN side switch or the (firewall/router).

When connecting to a physical network:
If connecting to a physical network, then the physical port on the VM Host can only (exclusively) be used by the Sinefa virtual probe. 
Probe console menu - Networking setup
eth0
eth1 (mon)		   Probe console menu - Networking setup
br1 (eth0, eth1) (mon)

 

Step 1. Download
Locate the latest Linux KVM Sinefa Probe software from the "Settings - Probes - Add Probe" section of the Sinefa User Interface. The software is packaged as a ZIP file that contains a QCOW2 disk image. UNZIP this file and store it somewhere locally on your PC.

 

Step 2. Deploy
To deploy the Sinefa Probe, you will need to create a new virtual machine in KVM with the following properties:

Number of vCPUs: 2
Memory: 2GB
Disk Bus: IDE
Disk Format: qcow2
Number of NICs: 2
NIC Driver: virtio (if available) or e1000
Network Type: Bridged

Once configured, go ahead and start the virtual appliance.

The following example uses Virtual Machine Manager to show how to deploy a Sinefa Probe.

  1. Create a new VM in Virtual Machine Manager and select "Import existing disk image".
    kvm-03-step1.png
  2. Specify the location of the Sinefa Probe image you downloaded and unzipped earlier.
  3. Make sure the OS type is set to "Linux" and the Version is set to "Generic 2.6" (or similar).
    kvm-04-step2.png
  4. Give the VM 2GB of RAM and 1 CPU.
    kvm-06-step3.png
  5. Select "Customize configuration before install".
    kvm-07-step4.png
  6. Navigate to the Disk settings and ensure the Disk Bus is SATA or IDE.
  7. Make sure the Storage Format is set to "qcow2".
    kvm-08-customize.png
  8. Go ahead and Apply then start the VM.

Alternatively, you can use the following virt-install command to configure the virtual machine from the command line. This example assumes you have downloaded the KVM image, unziped the qcow2 file and copied it to /var/lib/libvirt/images/

sudo virt-install \
--name sinefa \
--virt-type kvm \
--os-type linux \
--os-variant virtio26 \
--ram 2048 \
--vcpus 2 \
--hvm \
--network network=default,model=virtio \
--graphics vnc \
--import \
--noreboot \
--disk path=/var/lib/libvirt/images/Sinefa_Probe.qcow2,format=qcow2,bus=virtio

 

Step 3. Register

  1. Login to the Sinefa Probe (via ssh or console) with the username "admin" (no password is required by default).
  2. You will need to register this Sinefa Probe with your Sinefa Account. You can do this by selecting "Registration" from the menu.
    NOTE: By default, the Sinefa Probe will obtain an IP Address from DHCP. If DHCP is not available, you will need to manually configure a static IP Address using the "Network" option in the menu. See the Configuring a Static IP Address on a Sinefa Probe article for more information.
    sinefa-2.PNG
  3. Enter your Registration Key (What is a Registration Key?) then select "OK". You can optionally set the hostname at this point, so the Probe is easily identifiable when it's shown in the User Interface.
    sinefa-3.PNG
  4. You will be returned to the menu where the Registration Status will be updated to "Registered" if registration was successful. Select the "Refresh" button at the bottom to update this status (registration may take a few seconds depending on network speed and latency).
    NOTE: If registration was not successful after a few seconds, try entering your Registration Key again, or verify your network settings. The Sinefa Probe requires access to the Internet.
    sinefa-4.PNG

Once the Sinefa Probe is registered, you can now manage it using the Sinefa UI by logging in at https://ui.sinefa.com.

 

Step 4. Subscribe
Subscribe the probe to the Sinefa service by logging into ui.sinefa.com.

NOTE: No charges will apply in Trial mode. If you are not the Administrator then please notify the Administrator to complete this step.

  • On the Account drop down box at the top right of the screen, make sure you are using the right Account. Under Account, select "<YOUR ACCOUNT>".
  • Assuming the Probe is turned on and can communicate via HTTPS to ui.sinefa.com, it will appear online (green) under Settings | Probes.
  • Click on 'Subscribe' button and follow the prompts to add a Subscription to the Probe. 

 

Step 5. Direct SPAN traffic (for out-of-path deployment)
Once you have set-up the above successfully, you will need to set-up the SPAN port on your switch/router and set-up SPAN port monitoring through the Sinefa UI

Now that the Sinefa Probe is registered, you can manage it using the Sinefa UI by logging in at ui.sinefa.com.

 

What Next?
How to Setup SPAN Port Monitoring
Probe Networking Setup
Sinefa Best Practice Guide

Related articles

Comments

0 comments

Article is closed for comments.