Menu
▾
▴
[Os-sim-support] Configuring
|
From: Jordi F. <jfi...@se...> - 2004-03-17 09:16:08
|
Hi all!
I'm very interested on ossim, it seems a very good tool and a very good
idea, I've a big and complex network and I need help to manage it.
I'm trying to run ossim on Fedora Core 1, I have:
.- A SENSOR, with snort+spade, p0f, arpwatch and ntop. All seems running
fine alone. And os-sim-agent-0.9.
.- A SERVER (& framework), with sensor configuration (snort+spade, p0f,
arpwatch and ntop) and mysql, apache+php, mrtg, acid, etc. And
os-sim-server-0.9 + os-sim-framework-0.9.
All seems work fine alone, but I don't understand configuration, so I've
a lot of questions:
On SENSOR:
1.- Do I need only to run /usr/share/ossim/agent/agent (as os-sim
component) ?
2.- Before to run agent, do I need to have running snort, p0f, arpwatch
and ntop?
3.- Have I configurated snort correctly ? :
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=3Droot password=3DMY_PASSWORD =
dbname=3Dsnort
host=3DIP_OF_SERVER
output alert_fast: fast.log
4.- Do I need to connect to mysql (on SERVER) ntop, arpwatch and p0f?
5.- Do I need to put on /etc files as snort.conf, ntop.conf, etc or
something else?
6.- Editing /etc/ossim/agent/config.xml
Plugging snort and ntop:
<path></path> To where?
<sensor></sensor> What name? What word?
Thanks a lot for any help or link to any documentation about this
points.
Best regards.
|
