Realeyes Downloads

 Real eyes
HOME || NEWS || TECHNOLOGY
DOCUMENTATION || DOWNLOAD || SUPPORT || LICENSE
DEVELOPERS || CONTACT

Overview

There are four components to the Realeyes IDS system which may be installed on the same host, individual hosts or any reasonable combination:

  1. Sensor IDS application
  2. Database daemon
  3. Database (scripts for building schema)
  4. Graphical user interface

System Requirements

The system requirements depend on the networks being monitored. An estimate of the requirements for each component are:

  • Realeyes IDS: This application is the most resource intensive one in the system. The best metric for estimating resource requirements is based on the number of concurrent sessions being monitored. In the pilot project, the network has 30Mbps of bandwidth and during working hours is monitoring 20,000 to 25,000 concurrent sessions. Based on this, the system configuration recommendations are:
    • CPU: 733MHz for each concurrent 25,000 TCP sessions
      NOTE: If multiple processors are being used and the processor affinity is to be set, the busiest processess in order of most to least are:
      • Action analyzer: rids_acta
      • Data Stream analyzer: rids_stra_data
      • Stream Handler: rids_strh
      • Manager: realeyesIDS
      • All others
    • Memory: 25KBytes per TCP session
    • Disk drive: 40 GByte - 120 GByte depending on the reliability of the connection between the IDS sensor and the database daemon
    • Network interfaces:
      • One for monitoring (in promiscuous mode)
      • A second if the Realeyes IDS application is installed on a stand-alone host

    • The list of interfaces that are supported for data collection by the Reaeleyes IDS include all interfaces supported by the pcap library.

  • Realeyes DBD: This Java application is not resource intensive, and the following configuration should be adequate for most sites:
    • CPU: 733 MHz for up to at least 25 IDS sensors
    • Memory: 512 MBytes - 1 GBytes
    • Disk drive: 32 GBytes
    • Network Interface: One

  • PostgreSQL database: The database load consists of reports inserted from the Realeyes IDS sensors, queries from the Realeyes GUI applications, and management requests. Assuming monthly clean-up processing, the following configuration should be adequate for most sites:
    • CPU: 733 MHz for up to at least 25 IDS sensors
    • Memory: 512 MBytes - 1 GBytes
    • Disk drive: At least 80 GBytes per IDS sensor, installed on a fast interface such as SCSI, and preferably 15,000 RPM for the best seek time
    • Network Interface: One

  • Realeyes GUI: This Java application is mainly dependent on the database connection for performance. The following configuration should be adequate:
    • CPU: 733 MHz
    • Memory: 512 MBytes
    • Video and display:
      • Minimum: 16 bit 1024x768 with 15" monitor
      • Preferred: 24 bit 1280x1024 with 19" monitor
    • Disk drive: 32 GBytes
    • Network Interface: One

Installation Methods

There are two methods of installing the system. Both include scripts for initializing the configuration. The two methods are:

  1. Debian packages: This requires for a Debian Etch Linux system to be installed. The packages manager then installs the required dependencies. See the Debian Installation instructions for a complete description of the process.

  2. Source code packages: This method requires that the dependencies be installed prior to the Realeyes packages. See the Source Code Installation instructions for a complete description of the process.

Release Descriptions

SourceForge.net Logo