[Os-sim-support] Re: Configuring

[Fabio O. T. <fo...@os...>]

Hello Jordi

1.- Do I need only to run /usr/share/ossim/agent/agent (as os-sim
 component) ?

A/ The agent is an independent module, only need know where is the 
plugins (snort, ntop, ...) and where is the server.


2.- Before to run agent, do I need to have running snort, p0f, arpwatch
 and ntop?

A/ You can configure the different plugins in the 
/etc/ossim/agent/config.xml the plugins must be running.

 
3.- Have I configurated snort correctly ? :
 
 output alert_syslog: LOG_AUTH LOG_ALERT
 output database: log, mysql, user=root password=MY_PASSWORD dbname=snort
 host=IP_OF_SERVER
 output alert_fast: fast.log

A/ Yes.

4.- Do I need to connect to mysql (on SERVER) ntop, arpwatch and p0f?

A/ No, current you only need mysql for server, framework, snort and 
rrd_plugin.

5.- Do I need to put on /etc files as snort.conf, ntop.conf, etc or
 something else?

A/ The Agent not need to know where is the config files of the plugins,
 only need to know where is the output.

6.- Editing /etc/ossim/agent/config.xml
 
     Plugging snort and ntop:
 
 	<path></path> To where?
       <sensor></sensor> What name? What word?

A/ The path element is reserved for future use. The sensor element is
the IP of the sensor and must be in the sensor table of the ossim db.

For more information please see INSTALL.fc1

Thanks

FOT.