Re: [Os-sim-support] OSSIM-server not listening on port 40001

[Ritter, N. <Nic...@am...>]

I'm sorry...got busy with some tasks at work.....

If you installed with the ISO, things should just work. So if there is an issue where the box is not listening on port 40001....I would first run ossim-setup, select modify profile, then select all-in-one setup. This will cause the ossim install to set itself up the way it should. The other thing to check either before or after this step is the hostname setting in ossim.conf file (make sure it is set to "localhost".)

You should not need the source because compiling it on the same system whose libraries the binaries you are currently using would yield the same binaries....unless you modified the some system libraries.

After the install from the OSSIM iso, did you do any of the following:

1) apt-get update
2) apt-get dist-upgrade
     a.) if you did this step, did you say "N" to the prompts for modifing config files?
3) install or otherwise compile and install and progams other than ossim?

I think you said this already, but you did a "netstat -an"? 

Nick


-----Original Message-----
From: David Wilson [mailto:dw...@ad...]
Sent: Tue 9/29/2009 6:08 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001
 
Any thoughts guys?  Do I need to use the source?

 

Thanks,

-Dave

 

 

________________________________

From: David Wilson [mailto:dw...@ad...] 
Sent: Thursday, September 24, 2009 4:47 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001

 

OK so I'm poking around a little bit more and I try this:

 

                                                                                                   

idsmanager:~# find /var/lib/mysql -type f -exec grep -l OLD_IP_REDACTED {} \;

/var/lib/mysql/ib_logfile0

/var/lib/mysql/ossim/event.MYD

/var/lib/mysql/ossim/log_action.MYI

/var/lib/mysql/ossim/log_action.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYI

/var/lib/mysql/ossim/event_tmp.MYD

/var/lib/mysql/ibdata1

 

So I check that table and I see:

 

mysql> select * from sensor_agent_info;

+-----------------+---------+

| ip              | version |

+-----------------+---------+

| OLD_IP_REDACTED | 2.1     |

| NEW_IP_REDACTED | 2.1     |

+-----------------+---------+

2 rows in set (0.01 sec)

 

The sensor should be listening on 127.0.0.1 no?

Why is my old IP still in there, and does it do anything?

 

Can I get the server to be more verbose?

 

-Dave