Menu
▾
▴
os-sim-support — Support requests
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
(2) |
Mar
(9) |
Apr
(54) |
May
(9) |
Jun
(17) |
Jul
(21) |
Aug
(12) |
Sep
(14) |
Oct
(11) |
Nov
(25) |
Dec
(2) |
| 2005 |
Jan
(1) |
Feb
(4) |
Mar
(1) |
Apr
(27) |
May
(15) |
Jun
(14) |
Jul
(5) |
Aug
(6) |
Sep
(8) |
Oct
(14) |
Nov
(11) |
Dec
(48) |
| 2006 |
Jan
(43) |
Feb
(5) |
Mar
(23) |
Apr
(6) |
May
(5) |
Jun
(39) |
Jul
(9) |
Aug
(5) |
Sep
(4) |
Oct
(4) |
Nov
(8) |
Dec
|
| 2007 |
Jan
(2) |
Feb
(34) |
Mar
(30) |
Apr
(8) |
May
(20) |
Jun
(63) |
Jul
(14) |
Aug
(69) |
Sep
(27) |
Oct
(33) |
Nov
(19) |
Dec
(16) |
| 2008 |
Jan
(45) |
Feb
(16) |
Mar
(26) |
Apr
(15) |
May
(23) |
Jun
(7) |
Jul
(3) |
Aug
(1) |
Sep
|
Oct
|
Nov
(3) |
Dec
|
| 2009 |
Jan
(9) |
Feb
|
Mar
(1) |
Apr
|
May
(3) |
Jun
(1) |
Jul
(2) |
Aug
(5) |
Sep
(29) |
Oct
(11) |
Nov
(4) |
Dec
|
| 2010 |
Jan
|
Feb
(1) |
Mar
(8) |
Apr
(14) |
May
|
Jun
(4) |
Jul
(4) |
Aug
(7) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2011 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(5) |
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Aro R. <ra...@ho...> - 2010-06-22 20:50:06
|
Hello everybody, I am a beginner in SIM. I am installing OSSIM on my VMWare. At some point, the system ask me an "opensourcesim login :" and "password". what must I enter as opensourcesim login and password ? thanks for your help _________________________________________________________________ La boîte mail NOW Génération vous permet de réunir toutes vos boîtes mail dans Hotmail ! http://www.windowslive.fr/hotmail/nowgeneration/ |
|
From: Houcem H. <hou...@gm...> - 2010-06-16 15:32:18
|
Anyone knows how to get QualisGuard's logs into OSSIM? |
|
From: Kaushal S. <kau...@gm...> - 2010-04-26 20:38:47
|
Hi, Can some one point me to the exact URL in forums to understand about policies in ossim ? Thanks and Regards, Kaushal |
|
From: Kaushal S. <kau...@gm...> - 2010-04-22 07:16:51
|
Hi Is there a step by step guide to configure openvas on ossim ? Thanks and Regards, Kaushal |
|
From: Kaushal S. <kau...@gm...> - 2010-04-21 22:00:35
|
On Mon, Apr 19, 2010 at 1:40 AM, Kaushal Shriyan <kau...@gm...> wrote: > On Mon, Apr 5, 2010 at 11:04 PM, Kaushal Shriyan > <kau...@gm...> wrote: >> Hi, >> >> I have configured nessus on the backend. >> http://www.ossim.net/dokuwiki/doku.php?id=nessus >> >> is there a step by step guide to configure it in the web admin interface. >> >> Please suggest/guide. >> >> Thanks, >> >> Kaushal >> > > Hi, > > I did not get an answer for my query. Any updates ? > > Thanks, > > Kaushal > Hi, I have not got any reply uptill now. Please suggest/guide. Thanks, Kaushal |
|
From: Kaushal S. <kau...@gm...> - 2010-04-19 09:03:36
|
On Mon, Apr 5, 2010 at 11:04 PM, Kaushal Shriyan <kau...@gm...> wrote: > Hi, > > I have configured nessus on the backend. > http://www.ossim.net/dokuwiki/doku.php?id=nessus > > is there a step by step guide to configure it in the web admin interface. > > Please suggest/guide. > > Thanks, > > Kaushal > Hi, I did not get an answer for my query. Any updates ? Thanks, Kaushal |
|
From: Marlon C. <mar...@ya...> - 2010-04-08 03:35:17
|
Was this ever solved??? |
|
From: Kaushal S. <kau...@gm...> - 2010-04-06 09:57:50
|
I mean when i click on Monitor -> Availability, I get Error: The sensor 10.0.0.141 does not exists. On Tue, Apr 6, 2010 at 3:26 PM, Kaushal Shriyan <kau...@gm...> wrote: > Hi, > > I did apt-get update, apt-get dist-upgrade and ossim-update. > when i click on Error: The sensor 10.0.0.141 does not exists. > > Please suggest/guide. > > Thanks and Regards, > > Kaushal > |
|
From: Kaushal S. <kau...@gm...> - 2010-04-06 09:56:44
|
Hi, I did apt-get update, apt-get dist-upgrade and ossim-update. when i click on Error: The sensor 10.0.0.141 does not exists. Please suggest/guide. Thanks and Regards, Kaushal |
|
From: Kaushal S. <kau...@gm...> - 2010-04-06 06:04:59
|
Hi, I have configured nessus on the backend. http://www.ossim.net/dokuwiki/doku.php?id=nessus is there a step by step guide to configure it in the web admin interface. Please suggest/guide. Thanks, Kaushal |
|
From: Ritter, N. <Nic...@am...> - 2010-04-01 18:49:41
|
That depends on the maker of the switch, and not all switches are capable of doing this, in which case you would need to purchase network tap. This issue could very easily explain the lack of events in OSSIM. -----Original Message----- From: Kaushal Shriyan [mailto:kau...@gm...] Sent: Thursday, April 01, 2010 1:46 PM To: Ritter, Nicholas Cc: os-...@li... Subject: Re: [Os-sim-support] snort on ossim On Fri, Apr 2, 2010 at 12:11 AM, Ritter, Nicholas <Nic...@am...> wrote: > Are you sure the eth interface that snort is listening on is on a switch > port that should see the traffic you are interested in (ie.: that it is > a mirror port) also, is the eth interface in promiscuous mode (do an > "ifconfig" and look for the "PROMISC" keyword.) > > Nick Hi Nick, Thanks for the hint. How do i do a port mirror on the switch. Please suggest. Thanks and Regards, Kaushal |
|
From: Kaushal S. <kau...@gm...> - 2010-04-01 18:46:15
|
On Fri, Apr 2, 2010 at 12:11 AM, Ritter, Nicholas <Nic...@am...> wrote: > Are you sure the eth interface that snort is listening on is on a switch > port that should see the traffic you are interested in (ie.: that it is > a mirror port) also, is the eth interface in promiscuous mode (do an > "ifconfig" and look for the "PROMISC" keyword.) > > Nick Hi Nick, Thanks for the hint. How do i do a port mirror on the switch. Please suggest. Thanks and Regards, Kaushal |
|
From: Ritter, N. <Nic...@am...> - 2010-04-01 18:41:15
|
Are you sure the eth interface that snort is listening on is on a switch port that should see the traffic you are interested in (ie.: that it is a mirror port) also, is the eth interface in promiscuous mode (do an "ifconfig" and look for the "PROMISC" keyword.) Nick -----Original Message----- From: Kaushal Shriyan [mailto:kau...@gm...] Sent: Thursday, April 01, 2010 12:33 PM To: Ritter, Nicholas Cc: os-...@li... Subject: Re: [Os-sim-support] snort on ossim On Thu, Apr 1, 2010 at 10:29 PM, Ritter, Nicholas <Nic...@am...> wrote: > Did you look in the SIEM part of the OSSIM interface? OSSIM might not > alarm, but it should have recorded a snort event in the SIEM interface. > I am not positive the rule you created is ok, but it is redundant > because OSSIM's default snort rule set will see ICMP traffic. > > I don't know which ISO you used to do the OSSIM install, but I would > suggest that you make sure OSSIM is fully up to date with the following > commands: > > Apt-get update > Apt-get dist-upgrade > > Or > > Ossim-update Hi Ritter, I did followed your suggestion and did apt-get update, apt-get dist-upgrade, and ossim-update. and tried the same exercise. I could not see any events or alarms under Analysis -> SIEM --> Events Please further suggest. Thanks and Regards Kaushal |
|
From: Kaushal S. <kau...@gm...> - 2010-04-01 17:33:10
|
On Thu, Apr 1, 2010 at 10:29 PM, Ritter, Nicholas <Nic...@am...> wrote: > Did you look in the SIEM part of the OSSIM interface? OSSIM might not > alarm, but it should have recorded a snort event in the SIEM interface. > I am not positive the rule you created is ok, but it is redundant > because OSSIM's default snort rule set will see ICMP traffic. > > I don't know which ISO you used to do the OSSIM install, but I would > suggest that you make sure OSSIM is fully up to date with the following > commands: > > Apt-get update > Apt-get dist-upgrade > > Or > > Ossim-update Hi Ritter, I did followed your suggestion and did apt-get update, apt-get dist-upgrade, and ossim-update. and tried the same exercise. I could not see any events or alarms under Analysis -> SIEM --> Events Please further suggest. Thanks and Regards Kaushal |
|
From: Ritter, N. <Nic...@am...> - 2010-04-01 17:00:02
|
Did you look in the SIEM part of the OSSIM interface? OSSIM might not alarm, but it should have recorded a snort event in the SIEM interface. I am not positive the rule you created is ok, but it is redundant because OSSIM's default snort rule set will see ICMP traffic. I don't know which ISO you used to do the OSSIM install, but I would suggest that you make sure OSSIM is fully up to date with the following commands: Apt-get update Apt-get dist-upgrade Or Ossim-update Nick -----Original Message----- From: Kaushal Shriyan [mailto:kau...@gm...] Sent: Thursday, April 01, 2010 11:48 AM To: os-...@li... Subject: [Os-sim-support] snort on ossim Hi, I am testing snort on ossim. I have added a basic rule under /etc/snort/rules/local.rules and restarted the snort daemon server. alert icmp any any -> 192.168.1.1 any (sid:1000000; rev:1; msg: "Oh snap it's a ping";) >From the client host i did ping 192.168.1.1 but i could not see any events or alert under snort logs. Also on the OSSIM Admin web interface i could not see any events Under /var/log/snort/ I dont see anything -rw-r----- 1 snort adm 0 2010-03-17 19:38 snort_eth1.1268879936 -rw-r----- 1 snort adm 0 2010-03-18 00:33 snort_eth1.1268897623 -rw-r----- 1 snort adm 0 2010-03-18 00:35 snort_eth1.1268897717 -rw-r----- 1 snort adm 0 2010-03-23 00:46 snort_eth1.1269330408 -rw-r----- 1 snort adm 0 2010-03-23 04:32 snort_eth1.1269343945 -rw-r----- 1 snort adm 0 2010-03-23 04:38 snort_eth1.1269344305 -rw-r----- 1 snort adm 0 2010-03-23 04:42 snort_eth1.1269344567 -rw-r----- 1 snort adm 0 2010-03-24 00:42 snort_eth1.1269416522 -rw-r----- 1 snort adm 0 2010-04-01 08:47 snort_eth1.1270136823 Please suggest/guide. Thanks and Regards, Kaushal ------------------------------------------------------------------------ ------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Os-sim-support mailing list Os-...@li... https://lists.sourceforge.net/lists/listinfo/os-sim-support |
|
From: Kaushal S. <kau...@gm...> - 2010-04-01 16:55:07
|
Hi, I am testing snort on ossim. I have added a basic rule under /etc/snort/rules/local.rules and restarted the snort daemon server. alert icmp any any -> 192.168.1.1 any (sid:1000000; rev:1; msg: "Oh snap it's a ping";) >From the client host i did ping 192.168.1.1 but i could not see any events or alert under snort logs. Also on the OSSIM Admin web interface i could not see any events Under /var/log/snort/ I dont see anything -rw-r----- 1 snort adm 0 2010-03-17 19:38 snort_eth1.1268879936 -rw-r----- 1 snort adm 0 2010-03-18 00:33 snort_eth1.1268897623 -rw-r----- 1 snort adm 0 2010-03-18 00:35 snort_eth1.1268897717 -rw-r----- 1 snort adm 0 2010-03-23 00:46 snort_eth1.1269330408 -rw-r----- 1 snort adm 0 2010-03-23 04:32 snort_eth1.1269343945 -rw-r----- 1 snort adm 0 2010-03-23 04:38 snort_eth1.1269344305 -rw-r----- 1 snort adm 0 2010-03-23 04:42 snort_eth1.1269344567 -rw-r----- 1 snort adm 0 2010-03-24 00:42 snort_eth1.1269416522 -rw-r----- 1 snort adm 0 2010-04-01 08:47 snort_eth1.1270136823 Please suggest/guide. Thanks and Regards, Kaushal |
|
From: Kaushal S. <kau...@gm...> - 2010-03-23 11:51:35
|
Hi, snort on ossim. 1)I did port mirrroring 2)run ossim-setup and in sensor configuration select those interfaces in listening mode (With port mirroring configured) 3) After running ossim-setup, it ran ossim-reconfig and restarted all the services. I have configured the email address also. just wanted to understand about "where do i look for any intrusion which occurs and captured by snort/ossim" ? Please suggest/guide. Thanks and Regards, Kaushal |
|
From: Kaushal S. <kau...@gm...> - 2010-03-17 10:06:51
|
On Wed, Mar 17, 2010 at 10:29 AM, Umarzuki Mochlis <uma...@gm...> wrote: >> I am newbie to snort. On what parameters or basis do i need to >> configure ruleset in snort. I am using snort under OSSIM Application. >> >> Please suggest/guide. >> >> Thanks and Regards, >> >> Kaushal > > you can try reading the article > from http://packetstormsecurity.nl/papers/IDS/snort_rules.htm as i'm new to > snort as well > > > -- > Regards, > > Umarzuki Mochlis > http://debmal.my > Hi, I have installed OSSIM 2.2 on my server. basically i have configured snort at the backend using http://sites.google.com/site/ossimnewbie/Home/Configure-snort I am using oinkmaster to update snort rules. Basically is there a way to look at the web interface to view or configure or view snort alerts or logs which has been configured in the backend. Thanks and Regards, Kaushal |
|
From: Umarzuki M. <uma...@gm...> - 2010-03-17 04:59:38
|
> > I am newbie to snort. On what parameters or basis do i need to > configure ruleset in snort. I am using snort under OSSIM Application. > > Please suggest/guide. > > Thanks and Regards, > > Kaushal > you can try reading the article from http://packetstormsecurity.nl/papers/IDS/snort_rules.htm as i'm new to snort as well -- Regards, Umarzuki Mochlis http://debmal.my |
|
From: Kaushal S. <kau...@gm...> - 2010-03-16 15:33:32
|
On Thu, Mar 11, 2010 at 8:20 PM, Umarzuki Mochlis <uma...@gm...> wrote: > you can configure snort by running > # dpkg-reconfigure snort > then specify all the interfaces you wish to listen to its traffic. At least > that is what i did for version 1.x last year ;) > there are more info at the forum > https://www.alienvault.com/forum/index.php?t=thread&frm_id=44&S=ef36d934597aec19c780ea0a56c68ab1 > > 2010/3/11 Kaushal Shriyan <kau...@gm...> >> >> Hi, >> >> any step by step guide to confgure snort in ossim ? >> >> Thanks and Regards, >> >> Kaushal >> >> >> ------------------------------------------------------------------------------ >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> Os-sim-support mailing list >> Os-...@li... >> https://lists.sourceforge.net/lists/listinfo/os-sim-support > > > > -- > Regards, > > Umarzuki Mochlis > http://debmal.my > Hi Umarzuki, I am newbie to snort. On what parameters or basis do i need to configure ruleset in snort. I am using snort under OSSIM Application. Please suggest/guide. Thanks and Regards, Kaushal |
|
From: Ritter, N. <Nic...@am...> - 2010-03-12 05:25:57
|
I should clarify that last sentence. My first v2.2 OSSIM install did have the plugin groups. I have no idea why they are missing this time around. On a side note: One other interesting thing changed with the fresh install. The browser hanging in the hostgroup form (which eventually would produce a javascript error) has gone away completely. ________________________________ From: Ritter, Nicholas [mailto:Nic...@am...] Sent: Thursday, March 11, 2010 10:33 PM To: os-...@li... Subject: [Os-sim-support] Missing plugin groups on fresh v2.2 install I just did a fresh reinstall of OSSIM v2.2 and noticed that my plugin group section in the policy form is empty. Any idea how to get it populated? The initial v2.2 install had the plugin groups. Nick |
|
From: Ritter, N. <Nic...@am...> - 2010-03-12 05:14:00
|
I just did a fresh reinstall of OSSIM v2.2 and noticed that my plugin group section in the policy form is empty. Any idea how to get it populated? The initial v2.2 install had the plugin groups. Nick |
|
From: Umarzuki M. <uma...@gm...> - 2010-03-11 14:50:25
|
you can configure snort by running # dpkg-reconfigure snort then specify all the interfaces you wish to listen to its traffic. At least that is what i did for version 1.x last year ;) there are more info at the forum https://www.alienvault.com/forum/index.php?t=thread&frm_id=44&S=ef36d934597aec19c780ea0a56c68ab1 2010/3/11 Kaushal Shriyan <kau...@gm...> > Hi, > > any step by step guide to confgure snort in ossim ? > > Thanks and Regards, > > Kaushal > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Os-sim-support mailing list > Os-...@li... > https://lists.sourceforge.net/lists/listinfo/os-sim-support > -- Regards, Umarzuki Mochlis http://debmal.my |
|
From: Kaushal S. <kau...@gm...> - 2010-03-11 14:06:49
|
Hi, any step by step guide to confgure snort in ossim ? Thanks and Regards, Kaushal |
|
From: Salhi O. <sal...@ya...> - 2010-02-09 16:20:15
|
Hello, I am a student and I am doing my final project study for obtaining my engineering degree.
My project is to study OSSIM, install it, improve it and adapt it to my own network.
For this I started the installation manually on a PC running debian OS.
Unfortunately, I had some problems in installing ossim-mysql using apt-get install ossim-mysql.
Could you help me and send me a precise manual for the installation of OSSIM.
Thank you for your help
|
9 messages has been excluded from this view by a project administrator.
