OwlH Client intro

OwlH-net · Oct 23, 2020 · f01a6ee · f01a6ee
1 parent 80032ea
commit f01a6ee
Showing 1 changed file with 47 additions and 0 deletions.
diff --git a/source/main/OwlHClient.rst b/source/main/OwlHClient.rst
@@ -8,3 +8,50 @@ OwlH client is an small app that runs in end points platforms and it will be hel
 
 This OwlH client is useful when you are running OwlH in any Software TAP configuration. Mostly, it is used in Cloud environments when you want to forward traffic from your instance to an OwlH Node for analysis.
 
+Install 
+-------
+
+Currently OwlH Client is available for: 
+
+  CentOS -> repo.owlh.net/current-centos/owlhclient.sh
+  Debian/Ubuntu -> repo.owlh.net/current-debian/owlhclient.sh
+
+OwlH Client will be installed on 
+
+  /usr/local/owlh/bin/
+
+configuration is in the same folder as well as logs will be store in this folder too. 
+
+configuration file conf.json looks like this: 
+
+::
+    {
+        "collectorIP":"10.13.1.13",
+        "collectorPort":"50010",
+        "cert":"/usr/local/owlh/src/owlhnode/conf/certs/ca.pem",
+        "bpf":"not port 50010 and not port 22",
+        "includeInt":["en","eth"],
+        "excludeInt":["lo"],
+        "includeNet":["0.0.0.0/0"],
+        "excludeIP":["192.168.0.1"],
+        "waitTime":10
+    }
+
+Be sure to update the parameters properly. 
+
+Collector IP - is you OwlH Node or OwlH Master IP that is running the STAP socket-to-network service
+Collector Port - is the port on OwlH StAP service side 
+
+Cert - is deployed and build with the sh script when installing client. feel free to change as needed. 
+
+BPF - Please, take care here. as you are forwarding traffic from a host to a different one, you can create a loop or kill your network if forwarding is not right filtered. minimum filtering must include STAP service ports like in the picture
+
+Include Interfaces - This parameter allows you to define which interfaces client must listen to. current configuration will manage enX (en0, en1, en2 etc) as well as ethX (eth0, eth1, eth2 etc). A log file for each interface will be created. 
+
+Exclude Interfaces - lets suppose you don't want to listen to en1 as per our previous sample, then you can include here en1 as an interface to exclude. 
+
+Include Nets - You will also able to filter what interfaces to listen by identifying with ip and network has the interface defined. 0.0.0.0/0 means that any ip is allowed. 
+
+Exclude IPs - again you can stop collecting from interfaces that will include the excluded ip. 
+
+Wait Time - Time between checks in minutes. if you do a configuration change, Client will restart as needed with the new configuration. If client went down or connection is lost because OwlH Stap service is done for a while, Client will try to reconnect each 'wait time'