https://sourceforge.net/p/logseca/wiki/Home/Recent changes to HomeenTue, 29 Oct 2013 14:52:44 -0000https://sourceforge.net/p/logseca/wiki/Home/<div class="markdown_content"><pre>--- v7 +++ v8 @@ -65,6 +65,24 @@ 3. To start the agent-server daemon execute the following commands : sudo service mongod start and sudo service activemq start (of course you start before database and after agent server) 4. To uninstall : rpm –e eng-server. +#### Testing #### + +Open web browser in the first machine at the following url : http://localhost:8161/admin/send.jsp?JMSDestination=vision.xdas&amp;JMSDestinationType=topic + +In the field body of form, copy this string: + +HDR:00dd::1315495492::::CET:1000022:0:ORG:myvisionhost/MangerContainer/createContainerReplica:http%://myvisionhost.eu:http:vision:::INT::::TGT:container1:213.92.16.171:rest::::SRC::EVT:destinationAddress=66.135.200.23:END + +End click submit button of form. + +In the second machine, open the web browser at the following url: +http://localhost:8161/siem + +Insert the credential: +User= admin +Password = admin + +If there is a record in tab audits it means that all work well. ### License ### </pre> </div>Lucia BonelliTue, 29 Oct 2013 14:52:44 -0000https://sourceforge.net32edaa0c868e9c652c740fcbe963dff6a6ad0b5chttps://sourceforge.net/p/logseca/wiki/Home/<div class="markdown_content"><pre>--- v6 +++ v7 @@ -9,7 +9,7 @@ - control on the status of the corrective actions - reporting at different levels (for basic audit inspection, statistical) and for different purposes (for final users, for internal purposes, for auditing). -The design and development of this prototype have been partially founded by the VISION Cloud EU FP7 project. +The design and development of this prototype have been partially founded by the [VISION Cloud EU FP7](http://visioncloud.eu/) project. Currently supported audit event/log formats are: • XDAS @@ -35,43 +35,47 @@ 3. execute target "eng.agent.32.rpm" and "eng.server.32.rpm" in build.xml of bus project last step produces rpms of Agent Node and Agent Server to Linux 32bit S.O. -If you want 64bit version of above rpms, you have to execeute target eng.agent.64.rpm and eng.server.64.rpm in build.xml of bus project. +To get 64bit version of above rpms, you have to execeute target "eng.agent.64.rpm" and "eng.server.64.rpm" in build.xml of bus project. ### Setup ### -Requirements: +#### Requirements ##### +The compliance module has two modules: Agent Server and Agent Node, for this reason requires at least two machines with following features: - Linux like S.O. 32bit or 64bit - 2GB of RAM - 10GB of HD free space +##### Package Installation ##### -Get the code: -- git clone ……(commando per prendere il codice da sourceforge) -Get dependencies: -Example: -- pip install -r requirements.txt -- install CouchDB (at least version 1) +On the first machine follow these steps: -Get dependencies: -... +1. copy eng-agent-1.4-1.noarch.rpm in first machine +2. execute sudo rpm –ivh eng-agent-1.4-1.noarch.rpm. +3. edit file in /opt/vision/agent/conf/activemq.xml and replacing IP 10.0.3.112 at row n.62 </pre></div>Lucia BonelliTue, 29 Oct 2013 14:30:09 -0000https://sourceforge.neta905362c4aed48452d14662f2992c8cbb418ce4ehttps://sourceforge.net/p/logseca/wiki/Home/<div class="markdown_content"><pre>--- v5 +++ v6 @@ -30,12 +30,12 @@ each project contains an Apache Ant file to compile source code. You have to compile in this order: -1. execute target "jar" of build.xml of agent project -2. execute target "war" of build.xml of ComplianceWebConsole project -3. execute target "eng.agent.32.rpm" and "eng.server.32.rpm" of bus project +1. execute target "jar" in build.xml of agent project +2. execute target "war" in build.xml of ComplianceWebConsole project +3. execute target "eng.agent.32.rpm" and "eng.server.32.rpm" in build.xml of bus project -last step produces rpms of Agent Node and Agent Server to Linux S.O 32bit. -If you want 64bit version of above rpms, you have to execeute target eng.agent.64.rpm and eng.server.64.rpm of bus project. +last step produces rpms of Agent Node and Agent Server to Linux 32bit S.O. +If you want 64bit version of above rpms, you have to execeute target eng.agent.64.rpm and eng.server.64.rpm in build.xml of bus project. ### Setup ### </pre> </div>Lucia BonelliTue, 29 Oct 2013 11:39:54 -0000https://sourceforge.net02498067d2ff31faa026fc1361dc2f81a966f6bahttps://sourceforge.net/p/logseca/wiki/Home/<div class="markdown_content"><pre>--- v4 +++ v5 @@ -29,17 +29,21 @@ 3. bus each project contains an Apache Ant file to compile source code. +You have to compile in this order: +1. execute target "jar" of build.xml of agent project +2. execute target "war" of build.xml of ComplianceWebConsole project +3. execute target "eng.agent.32.rpm" and "eng.server.32.rpm" of bus project +last step produces rpms of Agent Node and Agent Server to Linux S.O 32bit. +If you want 64bit version of above rpms, you have to execeute target eng.agent.64.rpm and eng.server.64.rpm of bus project. ### Setup ### Requirements: -- MongoDB version… -- ActiveMq version -- Spring version… -- ESPER version… -- .... +- Linux like S.O. 32bit or 64bit +- 2GB of RAM +- 10GB of HD free space Get the code: </pre> </div>Lucia BonelliTue, 29 Oct 2013 11:36:41 -0000https://sourceforge.net70e02a850edc8c423d1882976844326832cb534fhttps://sourceforge.net/p/logseca/wiki/Home/<div class="markdown_content"><pre>--- v3 +++ v4 @@ -9,7 +9,7 @@ - control on the status of the corrective actions - reporting at different levels (for basic audit inspection, statistical) and for different purposes (for final users, for internal purposes, for auditing). -The design and development of this prototype have been partially founded by the VISION Cloud EU FP7 projectRead more (add link when wiki is ready) or proceed to the short setup guide below. +The design and development of this prototype have been partially founded by the VISION Cloud EU FP7 project. Currently supported audit event/log formats are: • XDAS @@ -18,9 +18,9 @@ Currently supported compliance reports are: • ISO27001 +Overview of this module is decribed in sez.3 of this [document](https://sourceforge.net/p/logseca/code-0/HEAD/tree/trunk/doc/D40.3.b.pdf?format=raw) . - -### Code Structure ### +### Projects Structure ### There are three eclipse projects : @@ -28,6 +28,7 @@ 2. ComplianceWebConsole 3. bus +each project contains an Apache Ant file to compile source code. ### Setup ### </pre> </div>Lucia BonelliTue, 29 Oct 2013 10:59:10 -0000https://sourceforge.netccebc9464e1316af2eb75ff7ad119c03c02aca8dhttps://sourceforge.net/p/logseca/wiki/Home/<div class="markdown_content"><pre>--- v2 +++ v3 @@ -12,20 +12,23 @@ The design and development of this prototype have been partially founded by the VISION Cloud EU FP7 projectRead more (add link when wiki is ready) or proceed to the short setup guide below. Currently supported audit event/log formats are: -• XDAS ….. +• XDAS • Syslog Currently supported compliance reports are: -• +• ISO27001 -Additional documentation is available here:….. ### Code Structure ### -.... +There are three eclipse projects : -..... +1. agent +2. ComplianceWebConsole +3. bus + + ### Setup ### </pre> </div>Lucia BonelliTue, 29 Oct 2013 09:22:07 -0000https://sourceforge.net116e9e0110cdb282bc06aec3ba9b754c4b33ac5dhttps://sourceforge.net/p/logseca/wiki/Home/<div class="markdown_content"><pre>--- v1 +++ v2 @@ -1,8 +1,72 @@ -Welcome to your wiki! +# LogSeCA - Readme # -This is the default page, edit it as you see fit. To add a new page simply reference it within brackets, e.g.: [SamplePage]. +**LogSeCA** is a tool that lies on the top of SIEM concept and on XDAS OpenGroup standard. It provides the following main capabilities: -The wiki uses [Markdown](/p/logseca/wiki/markdown_syntax/) syntax. + +- secure and reliable retention of audit records for reliability and accountability, even in case of the source of event/log fails or the logs on it are accidentally or intentionally cancelled +- correlation of audit records in order to identify violation of security policies in the different data centres of the cloud infrastructure, which it would be impossible to do if each data centre processed events separately +- alerting and notification to the interested parties (e.g. security manager of the storage infrastructure) +- control on the status of the corrective actions +- reporting at different levels (for basic audit inspection, statistical) and for different purposes (for final users, for internal purposes, for auditing). + +The design and development of this prototype have been partially founded by the VISION Cloud EU FP7 projectRead more (add link when wiki is ready) or proceed to the short setup guide below. + +Currently supported audit event/log formats are: +• XDAS ….. +• Syslog + +Currently supported compliance reports are: +• + +Additional documentation is available here:….. + + +### Code Structure ### + +.... + +..... + +### Setup ### + +Requirements: + +- MongoDB version… +- ActiveMq version +- Spring version… +- ESPER version… +- .... + + +Get the code: +- git clone ……(commando per prendere il codice da sourceforge) + +Get dependencies: +Example: +- pip install -r requirements.txt +- install CouchDB (at least version 1) + +Get dependencies: +... + +Configure: + +- configure DB +- configure ActiveMQ + +Run: + +- configure DB +- configure ActiveMQ + + + +### License ### + + + + + [[project_admins]] [[download_button]] </pre> </div>Lucia BonelliWed, 23 Oct 2013 11:53:19 -0000https://sourceforge.net358ab073e0d2afb11912064a565d15e75fd5066ahttps://sourceforge.net/p/logseca/wiki/Home/<div class="markdown_content"><p>Welcome to your wiki!</p> <p>This is the default page, edit it as you see fit. To add a new page simply reference it within brackets, e.g.: <span>[SamplePage]</span>.</p> <p>The wiki uses <a class="" href="/p/logseca/wiki/markdown_syntax/">Markdown</a> syntax.</p> <p><p><a href="/u/lucia972/">Lucia Bonelli</a><br /></p><br /> <p><span class="download-button-516807ed24b0d90209287f97" style="margin-bottom: 1em; display: block;"></span></p></p></div>Lucia BonelliFri, 12 Apr 2013 13:11:09 -0000https://sourceforge.netd0f0fe5cdc241003171e6230bbee33f083f818d0