let me try to answer your questions below:
1. What Linux distro's are supported? Can I use Fedora or should I use RHE ? Anyone have any experience of using other distro’s?
If you install NSM on your own server, only RedHat or Solaris are the supported OS.
Watch out the VMware is not supported!
2. What size disk space should plan for? I know this is kind of impossible to answer but some experiences and "guesstimations" would be much appreciated. We would like to retain about 3 months worth of logging information (1 month minimum online).
You can find this in the Installation Guide:
Check Appendix B
3. Where to put the NSM. There is a small topology diagram that came packaged with the software that suggests it should be placed in a DMZ Zone. Can anyone shed some light on this?
It would be better to have NSMplaced on a management network with direct access to the management interface on the devices.
This way you have a separate network for the management where only the network/security admins have access.
You can call this DMZ, or just management network separated from the rest of the netrowks.... 🙂
Hope this helps!
Thanks for your input!
I received version 2007.3r1 on in my package. Does the software update itself after the install?
you have to manually upgrade it.
I recommend latest version, 2008.2r2 and be sure you apply the new certificate as explained in the download page 🙂
I am also considering installation of the NSM on VMware for my lab environment. I understand support is not provided for VM. I only need to develop a proof of concept by demonstrating the sensor's ability to proactively respond to a custom attack signature. In summary, I am trying to determine if a dedicated NSM server is absolutely required, or, if the NSM can indeed be installed in VM - with the understanding that it will not be supported.
Thanks in advance!