MetaPackages

Please note! This wiki is no longer maintained. Our documentation has moved to https://securityonion.net/docs/. Please update your bookmarks. You can find the latest version of this page at: https://securityonion.net/docs/MetaPackages.

Security Onion consists of over 50 packages in a Launchpad PPA. You can install these packages individually or you can install one or more metapackages (groups of packages) depending on what functionality you need.

Metapackages

securityonion-client (about 525MB)
Sguil client, Wireshark, NetworkMiner, etc.
sudo apt install securityonion-client
securityonion-sensor (about 135MB)
Snort, Suricata, Bro, netsniff-ng, Sguil agents, etc.
sudo apt install securityonion-sensor
securityonion-server (about 265MB)
Sguil server, Squert, CapMe, etc.
sudo apt install securityonion-server
securityonion-elastic (about 5MB)
Scripts and configuration files for the Elastic Stack (Elasticsearch, Logstash, and Kibana) and its associated log pipeline including syslog-ng. This package includes so-elastic-download which downloads the Docker images for the Elastic stack. You'll probably want to install syslog-ng-core explicitly to replace rsyslog.
sudo apt install securityonion-elastic syslog-ng-core
securityonion-all (about 930MB)
all of the above plus syslog-ng
sudo apt install securityonion-all
securityonion-iso
all of the above plus bridge-utils, byobu, foremost, pinguybuilder, securityonion-desktop-gnome, securityonion-onionsalt, securityonion-samples-bro, securityonion-samples-markofu, securityonion-samples-mta, securityonion-samples-shellshock, xfsprogs
sudo apt install securityonion-iso

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MetaPackages

Metapackages

Getting Started

Update/Upgrade

Analyst Tools

Network Visibility

Host Visibility

Elastic Stack

Customizing for your network

Tuning

Tricks and Tips

Help

Issues

Other

Scripts

Clone this wiki locally