Installation instructions for CySight and supported Operating Systems

CySight OVA installation instructions


1. Register for a CySight license key

Generate keys to your email from or download from our portal

Please install using the latest OVA on your VMware, KVM or locally using VirtualBox

2. Access Command line login using root user

Centos Operating system access:
User: root Pass: ideadata

SECURITY ALERT: We recommend that you change your root password and create a non-root user to sudo to root

3. Change Server IP to match your environment

After logging in with "root" user, use command “nmtui” to setup your CySight ip address

4. If required, add Disk for large deployments and mount

For large deployments, after installation some consideration needs to be made to disk space required for an evaluation. Where high flow volume is expected and for high granularity deployments, we recommend creating a separate data volume that our team can assist you in configuring to use.

mount /dev/sdb /cysightdb

5. Login to CySight

Open https://CySightIP:/8443

The default setting uses a self-signed key and will show a warning screen when using https the first time it is accessed as per the example above. Click Advanced and “Accept Risk and Continue”

At the CySight Login prompt, login with User: admin Pass: admin

Its good practice to change your admin login password using the Default Options from the Top right menu after logging in

6. From the front-end load the license key you received and Click “Apply Now”

From the top of the screen please select Config > Administration > License

7. Start sending flows to the CySight IP address

CySight is configured to use Port 2055 or 9995 for Netflow and 6343 for sFlow. Additional Ports can be configured for multi-threaded collection or port mapping or hierarchical deployments as needed. New ports will also require changes to the iptables configuration accessible via the command prompt.

For packet brokers or flow exporters that make use of the Null Interface, please enable monitoring of the interface from The Configuration Screen. Simply enable and your collected data will show on the analytics screens.

8. Please configure the Default User email .

The current Default email is set to send to Please change to your own email address

SECURITY ALERT: To facilitate your evaluation, the Email server has been configured by default to a secure 3rd party emailing service the access to this service is changed quarterly and rate limited. You can change this to your own email servers under Server Configuration

For a complete experience, please ensure your server has access to on port 8080 and 8443 and “Access to Data Service” is enabled.

9. Configured Alerts:

HUI - “High Utilization Interface Monitoring”, and
IBT - “Interface Bidirectional Traffic – bps Utilization”

The HUI looks for bps utilization breaches and sends an SNMP trap to whatever SNMP servers have been configured.

The IBT sends an email with 2 PDF files. The first shows the “identified breach” and the second contains an “Applications and Hosts analysis” to provide easy identification of the cause.

Our default Machine learning Baseline alerts will also identify and alert on outliers as they occur and will continue learning all counters such as bps, bytes, packets, latency, drops, tcp flags, congestion flags or any other measurements that are compatible with the flow export.

All alerts will alert again after the renotify time interval has passed and can be customized for each alert

Should alerts become spammy they can easily be adjusted to reduce sensitivity or to increase renotify intervals or be simply suspended if needed.

UPCOMING NEW VERSION: CySight Predictive AI Baselining Engine provides a new level of learning and detection of changes. Due June/July 2022

10. Setting up default landing page

CySight defaults to all flow structures for analytics. This can easily be changed to your specific flow source at the top of the screen and pinned as the default landing page from the icon menu.

11. Testing

If you don’t have a flow generator you can test using an open source flow generator that can be found in /home/cysight

To run:

/home/cysight/nflow-generator-x86_64-linux -t -p 2055 &

Some additional options can be found using the help parameter to test spike examples. Although it sends out basic flows it is useful to confirm all is running well on your site:

As per the earlier instructions regarding packet brokers please ensure you enable the null interface to see the flow generators traffic.

Please reach out to if you require any additional information. We recommend a brief session to help you become familiar with the open interface and to speed up making configurations.

12. Troubleshooting

Please see CySight Installation TroubleShooting on this forum