Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
151 lines (108 sloc) 4.21 KB

OwlH UI (user interface)



Use our OwlH installer to install your OwlH UI.


Right now, our target is "owlhui" and "owlhmaster", our action is "install"

"action": "install",      <===
"target": [
    "owlhmaster",         <===
    "owlhui"              <===


you can change your installation paths as needed. Changing default paths may need further paths change for some configurations like service init files. If you are not familiar with it, keep defaults until it is really needed or ask for help.

run OwlH Installer to install OwlH UI and OwlH Master

# cd /tmp/owlhinstaller
# ./owlhinstaller

OwlH Master service :centos: :debian:

OwlH UI virtualhost definition and configuration :centos: :debian:


Usually, OwlH UI is installed in the same machine than OwlH Master. You can choose to install OwlH Master and OwlH UI in different servers (advanced)

OwlH UI access means to point your web browser to your MASTER/UI ip using:

for the first time you will need to approve and accept our default self-signed certs. And you will do it for both https and API services. You will see option to 'check API connection' if you need to accept the API certs.

OwlH UI Main Menu

Current main menus:

  • nodes - OwlH nodes list, status and configuration
  • open rules - Ruleset management, create 3rd party and custom rulesets, schedule auto-update, etc.
  • master - OwlH master status and configuration
  • config - Define Master API IP

Coming soon:

  • adapt and response

First time you connect to your OwlH UI

verify your master ip is correctly set in your 'config' menu.

home -> config
  • Set the right master ip
  • Save
  • Reload page
  • Click on check master api
  • If answer is ack: true, then go back to Nodes menu.


your master ip must accesible from your browser using port 50001/tcp (you can modify it)

Your First Node

OwlH default configuration comes with a default sensor configured. You can ADD your new sensors or modify the current one by using 'Actions -> Modify node' option.

Please be sure you include:

  • node name
  • node ip
  • node port (50002 is default port)

Accept your modification

Now you should see your node status set to OFF-LINE (red) if we can't reach Node API using provided IP and port 50002 (or the one defined) or ON-LINE (green) if we can access Node API.

Suricata and Zeek controls

in 'network IDS' node menu you will find Suricata and Zeek details. If you didn't install suricata and/or Zeek in your node yet they will appear as N/A (black). if it is installed but not running will appear as OFF (red) and if they are running will appear as ON (green)

You can’t perform that action at this time.