Installing and configuration of Stealthwatch 7.1.1 – SMC and Flow Collector.

The basic concept of how Stealthwatch works and their roles – This BLOG going to explain.

high-level architecture :

Management Console (SMC) – installation.

I am installing OVA on ESXi – Refer requirements of Compute on the cisco website.

I use 16GB ram / 2CPU / 50GB SSD to testing Lab environment and using VE edition to install.

Import OVA template using Esxi management console. – just boot it – after 30min or so you will see Login prompt on the ESXi console as below :

Login using the default username and password (sysadmin/lan1cope)

you will see the below menu to setup management IP

Make sure you have the IP Plan ready before installation. Once you set up the IP, it will regenerate the certificate and it will reboot to take effect.

Once it reboots the GUI is ready to configure the initial setup. (admin/lan1cope)

you will get step by step menu to configure (like changing the password).

Once that is completed you will get dashboard like below :

Since I do not have FC now, we will not see any data here.

Now we move to Install FLowCollector 7.1.1 and connect to Management Console

Installing FC 7.1.1 on Esxis – the Compute requirement refer to Cisco documentation

I am using 2 vCPU / 16GB / 150GB SSD for Lab testing.

Note – Some reason OVA having an issue (may be me, not seen any one reported this issue, it got stuck showing GRUB and not going further)

So I Moved to install using ISO image, which works as expected (make sure you use Ubunutu 64 bit as OS)

we do basic config like SMC we did before using console – setup Management IPso we can access GUI.

username/password (sysadmin/lan1cope)

Once it reboots the GUI is ready to configure the initial setup. (admin/lan411cope)

Once GUI Login success :

Before going further make sure you do not log on console -(if you logged in exit to go further step)

You need to change 3 passwords ( admin – root – sysadmin) default password for admin – is lan411cope

root and sysadmin lan1cope

it will take you to the IP address menu since we have already done this setup using the console – I do not need to change it again, if you intend to change it now to a different one you need to reload to take effect.

DNS config
NTP config
Final confirmation for the changes to take effect.
FC will reboot now for the changes to be effective. (it will take 10-15in to get GUI back- be patient)

Once reboot and come back – Once logged in to GUI with new password – the setup menu continue to progress to enter SMC IP address

trust the certificate

now you need to provide MC admin/password to join to MC

if that success you get the below screen for the domain and port for Netflow :

if all is good you have a success message and go to MC

Since it says License pending :

get a 90day trial from the cisco site :

You will get the below page (if you have an internet-connected this VM – just click activate trail License)

it processes automatically (by showing processing) – then you can observe 90 days License on MC.

This show is all good for now :

Configuring FC basic config – using SMC:

adding my Local Lab network and SSH enable :

apply changes to effect ( and FC reboot) – when it reboots you see the message Channel Down (don’t worry – be patient)

I will come with some basic config and hosts adding my LAN and Netflow config to the device.

Happy Labbbingggggggggggggggggggggggggggg