Install or Upgrade Security Monitoring
Follow the steps in this guide to install or upgrade or upgrade the NGINX Management Suite Security Monitoring module.
Before You Begin
Security Considerations
To ensure that your NGINX Management Suite deployment remains secure, follow the recommendations in this section:
- Install NGINX Management Suite and its modules on a dedicated machine (bare metal, container, cloud, or VM).
- Make sure that no other services are running on the same machine.
- Make sure that the machine is not accessible from the Internet.
- Make sure that the machine is behind a firewall.
Installation Prerequisites
Important:
Before you can install this module, you need to have NGINX and ClickHouse installed on your system. Additionally, you will need to add the NGINX Management Suite repository. The Prerequisites topic has detailed instructions on how to fulfill these requirements.
Dependencies with Instance Manager
The Security Monitoring module requires the following versions of Instance Manager to be installed on the management plane:
| Security Monitoring | Instance Manager |
|---|---|
| 1.4.0 | 2.10.0–2.10.1 |
| 1.3.0 | 2.9.0 |
| 1.2.0 | 2.8.0 |
| 1.1.0 | 2.7.0 |
| 1.0.0 | 2.6.0 |
Important:
The Security Monitoring module installation does not automatically install or upgrade Instance Manager. You’ll need to manually install Instance Manager, or upgrade it to a version supported for use with Security Monitoring.
Install Security Monitoring
-
To install the latest version of the Security Monitoring module, run the following command:
sudo yum -y install nms-sm -
Restart the NGINX Management Suite services:
sudo systemctl restart nmsNGINX Management Suite components started this way run by default as the non-root
nmsuser inside thenmsgroup, both of which are created during installation. -
Restart the NGINX web server:
sudo systemctl restart nginx
-
To install the latest version of the Security Monitoring module, run the following commands:
sudo apt-get update sudo apt-get install -y nms-sm -
Restart the NGINX Management Suite services:
sudo systemctl restart nmsNGINX Management Suite components started this way run by default as the non-root
nmsuser inside thenmsgroup, both of which are created during installation. -
Restart the NGINX web server:
sudo systemctl restart nginx
Accessing the Web Interface
To access the NGINX Management Suite web interface, go to https://<NMS_FQDN> for your NGINX Management Suite host and log in.
The default administrator username is admin, and the generated password was displayed in the terminal during installation.
Add License
A valid license is required in order to use the Security Monitoring module.
Download License
To download a license for NGINX Management Suite:
- Go to the MyF5 Customer Portal and sign in.
- On the top menu, select My Products & Plans > Trials.
- In the My Trials list, select your your NGINX Management Suite trial.
- Select the Licenses and Certificates link.
- On the Getting started panel, select Download License. The license
.licfile is saved to your system.
Apply License
To upload and apply a license for NGINX Management Suite:
- Go to the FQDN for your NGINX Management Suite host in a web browser and log in.
- Select the Settings gear icon.
- On the Settings menu, select Licenses.
- Select Upload License.
- Locate the
.licfile that you downloaded to your system, then select Upload.
Upgrade Security Monitoring
Note:
When upgrading Security Monitoring, you may need a newer version of NGINX Management Suite. The installation process will notify you of any version requirements before upgrading Security Monitoring and any dependent packages, including NGINX Management Suite. You may cancel the installation process if you want to back up NGINX Management Suite before upgrading.
-
To upgrade to the latest version of Security Monitoring, run the following command:
sudo yum update -y nms-sm
-
To upgrade to the latest version of the Security Monitoring, run the following command:
sudo apt-get update sudo apt-get upgrade -y nms-sm
-
Restart the NGINX Management Suite platform services:
sudo systemctl restart nmsNGINX Management Suite components started this way run by default as the non-root
nmsuser inside thenmsgroup, both of which are created during installation. -
Restart the NGINX web server:
sudo systemctl restart nginx -
(Optional) If you use SELinux, follow the steps in the Configure SELinux guide to restore the default SELinux labels (
restorecon) for the files and directories related to NGINX Management suite.
What’s Next
Set Up Data Plane
To set up your NGINX App Protect WAF data plane instances for use with Security Monitoring, refer to the following instructions: