AlienVault Setup 1: VMWare Esxi 5.1

AV1

We decided to get an old server we had lying around the office and turn it into our AV (AlienVault) machine using a trial license (30-day full spec).

We faced several issues, which I will put it down in this article and a few others to guide others in installing AV product in their network.

1) Installing VMWare Vsphere 6.0

AlienVault is actually quite easy to install. Getting VMWare ESXi or VSphere running in an old machine was a different story. So before we even get AV up and running, we had to coax our machine to run VM. The first issue was that there was no CD drive. This wasn’t so difficult, you have basically two choices:

a) Boot with a CD, with a VMWare ISO image

b) Boot from USB, if your BIOS supports it.

As it turns out, our BIOS was able to support USB boot. So we used the extremely useful Rufus (https://rufus.akeo.ie/) tool to burn the ISO image we downloaded from at  VMWare https://my.vmware.com/web/vmware/evalcenter?p=free-esxi6.

We set up the BIOS to boot from USB and immediately got into the installation portion for VM. So far so good.

2) Unsupported network adapter

Immediately we got hit with an unsupported network adapter and basicall VMWare refused to go on. At this point we have 3 options:

a) Hack the image and inject the drivers of our network adapter in (I believe it was Realtek 8168 GB Ethernet)

b) Purchase and set up an adapter that is in the compatibility list at http://www.vmware.com/resources/compatibility/search.php

c) Downgrade VMWare 6 to 5.1 or below

Fortunately we had an older version of VMWare a few years back in our network drive and we chose to take the path of C), since Realtek was supported by VMWare then. Why they removed the support, I have no idea.

We re-did the image to 5.1 and rebooted to USB – this time, we got through without any issue, and VMWare ESXi was installed!

d) Deploying AlienVault 

Once you had your VM server up, you just download the client and deploy the AV OVF using File -> Deploy OVF Template. Of course, you obviously have to download the Trial AV first. Head over to www.alienvault.com/free-trial.

Just use default settings BUT choose ‘Thin Provisioning’ as disk format to avoid having to pre-allocate the full amount of disk space. This will allocate a minimal footprint for your image and grow as you store logs.

e) Power On — Not.

We still had some minor issues, such as the error stating that the virtual CPU configured were more than the physical – in this case, it was simply right clicking the VM – Edit Settings -> CPUs and lowering the number of CPUs from 8 to 4. You might not face this, but remember we are using a low spec system.

f) Power On — NOT again.

This time it powers up but when we try to get into AV console, we get blanked. Check the event logs. It stated:

“The CPU has been disabled by the guest operating system. You will need to power off or reset the virtual machine at this point.”

We were a little stumped at this point and googling didn’t really revealed much. More information over at

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2000542

But again, that was still not so helpful.

I chanced upon a similar issue where I recall in the earlier VM installation that VMware was complaining about this system not being able to support Hardware Virtualisation and that to ensure this was enabled in BIOS. Tinkering around the BIOS, found the setting for Intel Technology Virtualisation to be ‘disabled’.

Enabled it and it worked like a charm.

Alien Vault is finally up and ready to go! Next article, we will look into the basic functions of Alien Vault.

P/s – make sure you have a different IP setting on the AV VM image and the actual host itself. Since VMware also has a WebUI, you won’t be able to access AV if you put the same IP address.

Leave a Reply