[Os-sim-support] New OSSIM installation - configuration questions

[Kurt B. <kur...@gm...>]

All,

I've got a new installation in testing (Version: 1.0.0rc1 (2008/08/19) - I
grabbed the 1.0.6 installer ISO) and need a bit of help configuring it -
what I have doesn't seem to be covered in the docs, though I could just be
blind...

I've got a box with two NICs, on which I was running just ntop under
FreeBSD, but am wanting to use it for OSSIM.

I've got a Realtek NIC (eth0 in SW2) that sits on my subnet, and is
numbered, and an Intel NIC (eth1 on SW1) that's plugged into a mirror port
on a switch and is currently unnumbered. The switch with the monitor port
sits between my firewall and my backbone switch. I had ntop listening on
eth1 and displaying output on eth0.

Here's a simple ASCII diagram:

      _____       _____       _____
     |     |     |     |     |     |
FW---| SW1 |-----| BB  |-----| SW2 |
     |_____|     |_____|     |_____|
        |                       |
        |___eth1__OSSIM__eth0___|

I'm not finding in the docs several things I need to make this go - I think
this is partly because I'm so used to FreeBSD that this setup seems pretty
alien to me.

It looks as if the OSSIM install sets up a password for ntop, and I'm not
seeing what that is. I've examined the config files that I can find, but
don't see where it did that, nor what the password is. I tried setting the
password with 'ntop -A', but that didn't seem to work.

Along with that, I'd like to ntop use the NIC on the mirror port for SW1 to
monitor traffic - ditto for the other apps that listen to the wire.

BTW - the OSSIM box has a 1.7GHz Celeron with 2gbytes of RAM and a 180Gbyte
HD, if that makes any difference.

Thanks for any help or suggestions,

Kurt