In this post I am going to be walking through the installation and setup of Cisco Stealthwatch. I will be doing this with virtual machines on VMWare.
I will be installing the StealthWatch Management Console (SMC) and one FlowCollector FC
Stealthwatch Management Console Installation & Sizing
I will be referring to the Stealthwatch Management Console VE and Flow Collector VE Installation and Configuration Guide version 6.10.1
All the installation guides can be found on the Cisco website – here
For all appliances they are deployed via an OVF so this process is very straightforward. There is a sizing guide which recommends different settings for the size of your deployment, number of exporters, flows per second and number of concurrent users etc.
For this deployment I will be putting it into production so will be giving it 32GB or RAM and 4 x CPUs
As the Stealthwatch Management Console is not doing the heavy lifting (that is the job of the Flow Collector) it’s disk space requirement is not as big. Minimum disk space is 100GB
I will be giving this one 200GB
Once you have booted the VM and open the console you will be presented with the login screen
The default username and password is sysadmin / lan1cope
Once logged in you will be presented with a configuration screen where you can change the management address
Step through the screens and the appliance will reboot, when it’s back you should be able to https to the management page
You will get a Stealthwatch is initializing screen and then finally be presented with this screen
The default username / password for the https screen is admin / lan411cope
There is one more configuration screen to go through where you can define DNS, NTP, domain name and change the password and hostname if you want.
Whilst the Management Console is rebooting you should repeat the above process for the Flow Collector as the next step in the Management Console setup is to add the flow collectors.
Stealthwatch Flow Collector Virtual Setup
Once you have built the flow collector you need to go back to the Managemnt Console setup and add the IP address of your Flow Collector
Setting up and using Stealthwatch