Menu
▾
▴
[Os-sim-support] OSSEC integration into OSSIM
|
From: Brian L. <br...@br...> - 2008-05-09 17:46:14
|
I got the snare logging working from windows, but before plugging it on a production system, I thought I would try out ossec. I am having a couple problems. One, I am not sure of the integration of ossec into the agent? I see on Dominique's page that OSSEC can be used in place of snare, but I don't see an agent plugin. But, I do see it running on the installer, and I also see that OSSEC performs correlation too. I am wondering how it is integrated into OSSIM. On the other side, I am forging ahead and putting an OSSEC agent on a Windows server and pointing it to the OSSIM server (the machine that was installed all in one (agent, server, frameworkd with the AV installer) I generated a key using manage-agents, and I tried copying this into the OSSEC agent on the Windows 2003 server. Funny thing is, the agent won't start. I just started digging into this. Anyone have any pointers with OSSEC? brian -- Brian Lavender http://www.brie.com/brian/ |
