os-sim-support — Support requests

Re: [Os-sim-support] OSSIM-server not listening on port 40001

[David W. <dw...@ad...>]

1) I installed from your ISO.
2) I have run ossim-setup several times, and selected all-in-one.  I
tried different hostnames and ips.  No dice.
3) ossim.conf hostname like so?

idsmanager:~# find /etc -name ossim.conf
/etc/apache2/conf.d/ossim.conf
/etc/ossim/framework/ossim.conf
idsmanager:~# grep -i host /etc/ossim/framework/ossim.conf
ossim_host=127.0.0.1
phpgacl_host=127.0.0.1
email_alert=root@localhost
email_sender=ossim@localhost
# snort_host=
# opennms_host=
# backup_host=
# nessus_host=
# Whether to ignore nessus_host & distribute the scans between sensors
(1 = YES, 0 = NO)
# rrdpath_host=

4) I did run an apt update/upgrade and I tried it with and without
keeping the config files. Still no dice.
5) I have not put any packages on the machine.

When I said "should I use the source?" I meant "should I read and
comprehend the source code so that I could debug the problem?"

Regards,
-Dave


-----Original Message-----
From: Ritter, Nicholas [mailto:Nic...@am...] 
Sent: Tuesday, September 29, 2009 6:35 PM
To: David Wilson
Cc: os-...@li...
Subject: RE: [Os-sim-support] OSSIM-server not listening on port 40001

I'm sorry...got busy with some tasks at work.....

If you installed with the ISO, things should just work. So if there is
an issue where the box is not listening on port 40001....I would first
run ossim-setup, select modify profile, then select all-in-one setup.
This will cause the ossim install to set itself up the way it should.
The other thing to check either before or after this step is the
hostname setting in ossim.conf file (make sure it is set to
"localhost".)

You should not need the source because compiling it on the same system
whose libraries the binaries you are currently using would yield the
same binaries....unless you modified the some system libraries.

After the install from the OSSIM iso, did you do any of the following:

1) apt-get update
2) apt-get dist-upgrade
     a.) if you did this step, did you say "N" to the prompts for
modifing config files?
3) install or otherwise compile and install and progams other than
ossim?

I think you said this already, but you did a "netstat -an"? 

Nick


-----Original Message-----
From: David Wilson [mailto:dw...@ad...]
Sent: Tue 9/29/2009 6:08 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001
 
Any thoughts guys?  Do I need to use the source?

 

Thanks,

-Dave

 

 

________________________________

From: David Wilson [mailto:dw...@ad...] 
Sent: Thursday, September 24, 2009 4:47 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001

 

OK so I'm poking around a little bit more and I try this:

 

 


idsmanager:~# find /var/lib/mysql -type f -exec grep -l OLD_IP_REDACTED
{} \;

/var/lib/mysql/ib_logfile0

/var/lib/mysql/ossim/event.MYD

/var/lib/mysql/ossim/log_action.MYI

/var/lib/mysql/ossim/log_action.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYI

/var/lib/mysql/ossim/event_tmp.MYD

/var/lib/mysql/ibdata1

 

So I check that table and I see:

 

mysql> select * from sensor_agent_info;

+-----------------+---------+

| ip              | version |

+-----------------+---------+

| OLD_IP_REDACTED | 2.1     |

| NEW_IP_REDACTED | 2.1     |

+-----------------+---------+

2 rows in set (0.01 sec)

 

The sensor should be listening on 127.0.0.1 no?

Why is my old IP still in there, and does it do anything?

 

Can I get the server to be more verbose?

 

-Dave

 

 

 

Re: [Os-sim-support] OSSIM-server not listening on port 40001

[Ritter, N. <Nic...@am...>]

I'm sorry...got busy with some tasks at work.....

If you installed with the ISO, things should just work. So if there is an issue where the box is not listening on port 40001....I would first run ossim-setup, select modify profile, then select all-in-one setup. This will cause the ossim install to set itself up the way it should. The other thing to check either before or after this step is the hostname setting in ossim.conf file (make sure it is set to "localhost".)

You should not need the source because compiling it on the same system whose libraries the binaries you are currently using would yield the same binaries....unless you modified the some system libraries.

After the install from the OSSIM iso, did you do any of the following:

1) apt-get update
2) apt-get dist-upgrade
     a.) if you did this step, did you say "N" to the prompts for modifing config files?
3) install or otherwise compile and install and progams other than ossim?

I think you said this already, but you did a "netstat -an"? 

Nick


-----Original Message-----
From: David Wilson [mailto:dw...@ad...]
Sent: Tue 9/29/2009 6:08 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001
 
Any thoughts guys?  Do I need to use the source?

 

Thanks,

-Dave

 

 

________________________________

From: David Wilson [mailto:dw...@ad...] 
Sent: Thursday, September 24, 2009 4:47 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001

 

OK so I'm poking around a little bit more and I try this:

 

                                                                                                   

idsmanager:~# find /var/lib/mysql -type f -exec grep -l OLD_IP_REDACTED {} \;

/var/lib/mysql/ib_logfile0

/var/lib/mysql/ossim/event.MYD

/var/lib/mysql/ossim/log_action.MYI

/var/lib/mysql/ossim/log_action.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYI

/var/lib/mysql/ossim/event_tmp.MYD

/var/lib/mysql/ibdata1

 

So I check that table and I see:

 

mysql> select * from sensor_agent_info;

+-----------------+---------+

| ip              | version |

+-----------------+---------+

| OLD_IP_REDACTED | 2.1     |

| NEW_IP_REDACTED | 2.1     |

+-----------------+---------+

2 rows in set (0.01 sec)

 

The sensor should be listening on 127.0.0.1 no?

Why is my old IP still in there, and does it do anything?

 

Can I get the server to be more verbose?

 

-Dave

 

 

 

Re: [Os-sim-support] OSSIM-server not listening on port 40001

[David W. <dw...@ad...>]

Any thoughts guys?  Do I need to use the source?

 

Thanks,

-Dave

 

 

________________________________

From: David Wilson [mailto:dw...@ad...] 
Sent: Thursday, September 24, 2009 4:47 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001

 

OK so I'm poking around a little bit more and I try this:

 

 


idsmanager:~# find /var/lib/mysql -type f -exec grep -l OLD_IP_REDACTED
{} \;

/var/lib/mysql/ib_logfile0

/var/lib/mysql/ossim/event.MYD

/var/lib/mysql/ossim/log_action.MYI

/var/lib/mysql/ossim/log_action.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYI

/var/lib/mysql/ossim/event_tmp.MYD

/var/lib/mysql/ibdata1

 

So I check that table and I see:

 

mysql> select * from sensor_agent_info;

+-----------------+---------+

| ip              | version |

+-----------------+---------+

| OLD_IP_REDACTED | 2.1     |

| NEW_IP_REDACTED | 2.1     |

+-----------------+---------+

2 rows in set (0.01 sec)

 

The sensor should be listening on 127.0.0.1 no?

Why is my old IP still in there, and does it do anything?

 

Can I get the server to be more verbose?

 

-Dave

 

 

 

Re: [Os-sim-support] step by step guide

[Ritter, N. <Nic...@am...>]

You can't import the nagios configurations direct without a little bit
of modification. The import will technically work directly because
Nagios will run, but you will most likely have problems in OSSIM. When
OSSIM runs with Nagios, it (OSSIM) expects to see the hosts in it's
database show up a certain way in the Nagios config files.

Do you have the hosts in OSSIM policy database already?

Nick



-----Original Message-----
From: Kaushal Shriyan [mailto:kau...@gm...] 
Sent: Tuesday, September 29, 2009 5:55 AM
To: Umarzuki Mochlis
Cc: os-...@li...
Subject: Re: [Os-sim-support] step by step guide

On Tue, Sep 29, 2009 at 4:23 PM, Umarzuki Mochlis <uma...@gm...>
wrote:
>
>
> 2009/9/29 Kaushal Shriyan <kau...@gm...>
>>
>> On Tue, Sep 29, 2009 at 2:21 PM, Umarzuki Mochlis
<uma...@gm...>
>> wrote:
>> > depends on what you want to do with it. Browse the forum 1st and
the
>> > documentation section of the forum
>
> Yes, do read them all, even just by taking a glance though I recommend
to
> read them thoroughly.
> Also ossim's forum. Discussions in there might interest you since most
of
> them reflects what ossim is capable of and what's not at the time of
that
> post posted.
>
> You can but that depends on what version you're referring to. The last
time
> I was using ossim is version 1.0.6 so my knowledge might be outdated.
For
> that particular version, you can import nagios conf files and can be
viewed
> from ossim's interface.

How can i import existing Nagios Server configs using ossim ?

Please suggest/guide

Thanks,

Kaushal

------------------------------------------------------------------------
------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and
stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register
now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Os-sim-support mailing list
Os-...@li...
https://lists.sourceforge.net/lists/listinfo/os-sim-support

Re: [Os-sim-support] step by step guide

[Kaushal S. <kau...@gm...>]

On Tue, Sep 29, 2009 at 4:23 PM, Umarzuki Mochlis <uma...@gm...> wrote:
>
>
> 2009/9/29 Kaushal Shriyan <kau...@gm...>
>>
>> On Tue, Sep 29, 2009 at 2:21 PM, Umarzuki Mochlis <uma...@gm...>
>> wrote:
>> > depends on what you want to do with it. Browse the forum 1st and the
>> > documentation section of the forum
>
> Yes, do read them all, even just by taking a glance though I recommend to
> read them thoroughly.
> Also ossim's forum. Discussions in there might interest you since most of
> them reflects what ossim is capable of and what's not at the time of that
> post posted.
>
> You can but that depends on what version you're referring to. The last time
> I was using ossim is version 1.0.6 so my knowledge might be outdated. For
> that particular version, you can import nagios conf files and can be viewed
> from ossim's interface.

How can i import existing Nagios Server configs using ossim ?

Please suggest/guide

Thanks,

Kaushal

Re: [Os-sim-support] step by step guide

[Umarzuki M. <uma...@gm...>]

2009/9/29 Kaushal Shriyan <kau...@gm...>

> On Tue, Sep 29, 2009 at 2:21 PM, Umarzuki Mochlis <uma...@gm...>
> wrote:
> > depends on what you want to do with it. Browse the forum 1st and the
> > documentation section of the forum
>

Yes, do read them all, even just by taking a glance though I recommend to
read them thoroughly.
Also ossim's forum. Discussions in there might interest you since most of
them reflects what ossim is capable of and what's not at the time of that
post posted.

You can but that depends on what version you're referring to. The last time
I was using ossim is version 1.0.6 so my knowledge might be outdated. For
that particular version, you can import nagios conf files and can be viewed
from ossim's interface.

> >
> > 2009/9/29 Kaushal Shriyan <kau...@gm...>:
> >> On Wed, Sep 23, 2009 at 10:58 PM, Kaushal Shriyan
> >> <kau...@gm...> wrote:
> >>> Hi,
> >>>
> >>> Is there a step by step guide to configure OSSIM. I have successfully
> >>> installed it.
> >>>
> >>> Thanks,
> >>>
> >>> Kaushal
> >>>
> >>
> >> Hi
> >>
> >> Any updates to my last post to this Mailing List.
> >>
> >> Thanks,
> >>
> >> Kaushal
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
> >> is the only developer event you need to attend this year. Jumpstart your
> >> developing skills, take BlackBerry mobile applications to market and
> stay
> >> ahead of the curve. Join us from November 9&#45;12, 2009. Register
> >> now&#33;
> >> http://p.sf.net/sfu/devconf
> >> _______________________________________________
> >> Os-sim-support mailing list
> >> Os-...@li...
> >> https://lists.sourceforge.net/lists/listinfo/os-sim-support
> >>
> >
> >
> >
> > --
> > Regards,
> >
> > Umarzuki Mochlis
> > http://gameornot.net
> >
> >
>
> Hi Umarzuki Mochlis,
>
> Can i import existing running Nagios Server configs to OSSIM?
>
> I have gone through the OSSIM Forums for documentation. are you
> talking about https://www.alienvault.com/community.php?section=Docs ?
>
> Please suggest/guide
>
> Thanks and Regards,
>
> Kaushal
>



-- 
Regards,

Umarzuki Mochlis
http://gameornot.net

Re: [Os-sim-support] step by step guide

[Kaushal S. <kau...@gm...>]

On Tue, Sep 29, 2009 at 2:21 PM, Umarzuki Mochlis <uma...@gm...> wrote:
> depends on what you want to do with it. Browse the forum 1st and the
> documentation section of the forum
>
> 2009/9/29 Kaushal Shriyan <kau...@gm...>:
>> On Wed, Sep 23, 2009 at 10:58 PM, Kaushal Shriyan
>> <kau...@gm...> wrote:
>>> Hi,
>>>
>>> Is there a step by step guide to configure OSSIM. I have successfully
>>> installed it.
>>>
>>> Thanks,
>>>
>>> Kaushal
>>>
>>
>> Hi
>>
>> Any updates to my last post to this Mailing List.
>>
>> Thanks,
>>
>> Kaushal
>>
>>
>> ------------------------------------------------------------------------------
>> Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
>> is the only developer event you need to attend this year. Jumpstart your
>> developing skills, take BlackBerry mobile applications to market and stay
>> ahead of the curve. Join us from November 9&#45;12, 2009. Register
>> now&#33;
>> http://p.sf.net/sfu/devconf
>> _______________________________________________
>> Os-sim-support mailing list
>> Os-...@li...
>> https://lists.sourceforge.net/lists/listinfo/os-sim-support
>>
>
>
>
> --
> Regards,
>
> Umarzuki Mochlis
> http://gameornot.net
>
>

Hi Umarzuki Mochlis,

Can i import existing running Nagios Server configs to OSSIM?

I have gone through the OSSIM Forums for documentation. are you
talking about https://www.alienvault.com/community.php?section=Docs ?

Please suggest/guide

Thanks and Regards,

Kaushal

Re: [Os-sim-support] step by step guide

[Umarzuki M. <uma...@gm...>]

depends on what you want to do with it. Browse the forum 1st and the
documentation section of the forum

2009/9/29 Kaushal Shriyan <kau...@gm...>:
> On Wed, Sep 23, 2009 at 10:58 PM, Kaushal Shriyan
> <kau...@gm...> wrote:
>> Hi,
>>
>> Is there a step by step guide to configure OSSIM. I have successfully
>> installed it.
>>
>> Thanks,
>>
>> Kaushal
>>
>
> Hi
>
> Any updates to my last post to this Mailing List.
>
> Thanks,
>
> Kaushal
>
>
------------------------------------------------------------------------------
> Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9&#45;12, 2009. Register
now&#33;
> http://p.sf.net/sfu/devconf
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
>



-- 
Regards,

Umarzuki Mochlis
http://gameornot.net

Re: [Os-sim-support] step by step guide

[Kaushal S. <kau...@gm...>]

On Wed, Sep 23, 2009 at 10:58 PM, Kaushal Shriyan
<kau...@gm...> wrote:
> Hi,
>
> Is there a step by step guide to configure OSSIM. I have successfully
> installed it.
>
> Thanks,
>
> Kaushal
>

Hi

Any updates to my last post to this Mailing List.

Thanks,

Kaushal

Re: [Os-sim-support] OSSIM-server not listening on port 40001

[David W. <dw...@ad...>]

I'm still playing with this thing.  I tries this config file:
interface=eth0
language=en
profile=all-in-one
version=2.1

[database]
acl_db=ossim_acl
db_ip=127.0.0.1
db_port=3306
event_db=snort
ocs_db=ocsweb
ossim_db=ossim
osvdb_db=osvdb
pass=PASSWORD_REDACTED
 type=mysql
user=root

[expert]
profile=server

[sensor]
detectors=apache,arpwatch,iptables,nagios,osiris,p0f,pads,pam_unix,rrd,snare,snortunified,ssh,sudo
interfaces=eth1
ip=127.0.0.1
monitors=nessus-monitor,nmap-monitor,ntop-monitor,opennms-monitor,ossim-monitor,ping-monitor,session-monitor,tcptrack-monitor
name=idsmanager
networks=10.0.0.0/8
priority=5

[server]
server_ip=127.0.0.1
server_plugins=osiris, pam_unix, ssh, snare, sudo
server_port=40001

I have tried putting in the external IP of the box, rebooting, running ossim-reconfig, and reinstalling several times.  I have tried adding the fully qualified domain name in /etc/hosts ( which gets erased by ossim ), modifying the name and ip in /etc/ossim/server/config.xml and a few other things. 

What causes ossim-server to listen ( or not listen ) on a port?

Thanks,
-Dave
  

________________________________________
From: David Wilson [mailto:dw...@ad...] 
Sent: Thursday, September 24, 2009 3:11 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001


I did use the OSSIM cd to install Debian and OSSIM.

this is what I see in the log:

2009-09-24 15:04:44 OSSIM-Message: Starting OSSIM Server engine. Version: 2.1.4-2
2009-09-24 15:04:44 OSSIM-Debug: Starting OSSIM server debug with process id: 32328
2009-09-24 15:04:44 OSSIM-Debug: sim_container_db_load_plugins_ul OOOO
2009-09-24 15:04:46 OSSIM-Message: Please be patient; This will take a while. Depending on your plugin_sid list and your system, may be some minutes...
2009-09-24 15:06:17 OSSIM-Message: Starting OSSIM Server engine. Version: 2.1.4-2
2009-09-24 15:06:18 OSSIM-Message: Please be patient; This will take a while. Depending on your plugin_sid list and your system, may be some minutes...
2009-09-24 15:06:41 OSSIM-Message: Starting OSSIM Server engine. Version: 2.1.4-2
2009-09-24 15:06:42 OSSIM-Message: Please be patient; This will take a while. Depending on your plugin_sid list and your system, may be some minutes...
2009-09-24 15:09:19 OSSIM-Message: Starting OSSIM Server engine. Version: 2.1.4-2
2009-09-24 15:09:20 OSSIM-Message: Please be patient; This will take a while. Depending on your plugin_sid list and your system, may be some minutes...The message repeats every 2 minutes.  


idsmanager:~# netstat -anp | grep 4000
tcp        0      0 127.0.0.1:40003         0.0.0.0:*               LISTEN      30568/python

I have run an strace on the server and it doesn't seem to be attempting to open the socket.

This doesn't work:
strace -s4096  -f -o ~/strace.out ossim-server -D6 -i 127.0.0.1 -p 40001 &


This doesn't work:
/etc/init.d/ossim-server stop
/etc/init.d/ossim-server start



Any hints would be appreciated.

-Dave





-----Original Message-----
From: Ritter, Nicholas [mailto:Nic...@am...] 
Sent: Tuesday, September 22, 2009 6:19 PM
To: David Wilson; os-...@li...
Subject: RE: [Os-sim-support] New reply to Re: OSSIM-server not listening onport 40001 by gsporter

Is something else running on that port?

Did you install OSSIM via the ISO?

Nick

OCSA, OCSE




-----Original Message-----
From: David Wilson [mailto:dw...@ad...]
Sent: Tue 9/22/2009 6:10 PM
To: os-...@li...
Subject: Re: [Os-sim-support] New reply to Re: OSSIM-server not listening onport 40001 by gsporter
 
Did that.  No love.

-dave

 

 

________________________________

From: fo...@al... [mailto:fo...@al...] 
Sent: Tuesday, September 22, 2009 3:48 PM
To: David Wilson
Subject: New reply to Re: OSSIM-server not listening on port 40001 by gsporter

 

Subject: Re: OSSIM-server not listening on port 40001

      Author: gsporter

      Date: Tue, 22 September 2009 17:47

      
I would start by running ossim-setup

ossim#ossim-setup

1st going thru the profile (option 2)
2nd run the update (option 4)
3rd run Apply and Save (option 5)

Check and see if the framework is listening

netstat -apn | grep LISTEN |grep 40001

Check and see if the framwork dameon is listening

netstat -apn | grep LISTEN |grep 40003


killall ossim-framework; ossim-framework -v

then 

killall ossim-framework; ossim-framework -d

and rerun the checks.


GP 

      
[ Reply <https://www.alienvault.com/forum/index.php?t=post&reply_to=4875>  ][ Quote <https://www.alienvault.com/forum/index.php?t=post&reply_to=4875&quote=true>  ][ View Topic/Message <https://www.alienvault.com/forum/index.php?t=rview&goto=4875#msg_4875>  ][ Unsubscribe from this topic <https://www.alienvault.com/forum/index.php?t=rview&th=1571>  ] 

      

 

Re: [Os-sim-support] OSSIM-server not listening on port 40001

[David W. <dw...@ad...>]

OK so I'm poking around a little bit more and I try this:

 

 


idsmanager:~# find /var/lib/mysql -type f -exec grep -l OLD_IP_REDACTED
{} \;

/var/lib/mysql/ib_logfile0

/var/lib/mysql/ossim/event.MYD

/var/lib/mysql/ossim/log_action.MYI

/var/lib/mysql/ossim/log_action.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYI

/var/lib/mysql/ossim/event_tmp.MYD

/var/lib/mysql/ibdata1

 

So I check that table and I see:

 

mysql> select * from sensor_agent_info;

+-----------------+---------+

| ip              | version |

+-----------------+---------+

| OLD_IP_REDACTED | 2.1     |

| NEW_IP_REDACTED | 2.1     |

+-----------------+---------+

2 rows in set (0.01 sec)

 

The sensor should be listening on 127.0.0.1 no?

Why is my old IP still in there, and does it do anything?

 

Can I get the server to be more verbose?

 

-Dave

 

 

________________________________

From: David Wilson [mailto:dw...@ad...] 
Sent: Thursday, September 24, 2009 3:11 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001

 

 

I did use the OSSIM cd to install Debian and OSSIM.

 

this is what I see in the log:

 

2009-09-24 15:04:44 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:04:44 OSSIM-Debug: Starting OSSIM server debug with
process id: 32328

2009-09-24 15:04:44 OSSIM-Debug: sim_container_db_load_plugins_ul OOOO

2009-09-24 15:04:46 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:06:17 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:06:18 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:06:41 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:06:42 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:09:19 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:09:20 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...The message repeats every 2 minutes.  

 

 

idsmanager:~# netstat -anp | grep 4000

tcp        0      0 127.0.0.1:40003         0.0.0.0:*
LISTEN      30568/python

 

I have run an strace on the server and it doesn't seem to be attempting
to open the socket.

 

This doesn't work:

strace -s4096  -f -o ~/strace.out ossim-server -D6 -i 127.0.0.1 -p 40001
&

 

 

This doesn't work:

/etc/init.d/ossim-server stop

/etc/init.d/ossim-server start

 

 

 

Any hints would be appreciated.

 

-Dave

 

 

 

 

 

-----Original Message-----
From: Ritter, Nicholas [mailto:Nic...@am...] 
Sent: Tuesday, September 22, 2009 6:19 PM
To: David Wilson; os-...@li...
Subject: RE: [Os-sim-support] New reply to Re: OSSIM-server not
listening onport 40001 by gsporter

 

Is something else running on that port?

 

Did you install OSSIM via the ISO?

 

Nick

 

OCSA, OCSE

 

 

 

 

-----Original Message-----

From: David Wilson [mailto:dw...@ad...]

Sent: Tue 9/22/2009 6:10 PM

To: os-...@li...

Subject: Re: [Os-sim-support] New reply to Re: OSSIM-server not
listening onport 40001 by gsporter

 

Did that.  No love.

 

-dave

 

 

 

 

 

________________________________

 

From: fo...@al... [mailto:fo...@al...] 

Sent: Tuesday, September 22, 2009 3:48 PM

To: David Wilson

Subject: New reply to Re: OSSIM-server not listening on port 40001 by
gsporter

 

 

 

Subject: Re: OSSIM-server not listening on port 40001

 

      Author: gsporter

 

      Date: Tue, 22 September 2009 17:47

 

      

I would start by running ossim-setup

 

ossim#ossim-setup

 

1st going thru the profile (option 2)

2nd run the update (option 4)

3rd run Apply and Save (option 5)

 

Check and see if the framework is listening

 

netstat -apn | grep LISTEN |grep 40001

 

Check and see if the framwork dameon is listening

 

netstat -apn | grep LISTEN |grep 40003

 

 

killall ossim-framework; ossim-framework -v

 

then 

 

killall ossim-framework; ossim-framework -d

 

and rerun the checks.

 

 

GP 

 

      

[ Reply
<https://www.alienvault.com/forum/index.php?t=post&reply_to=4875>  ][
Quote
<https://www.alienvault.com/forum/index.php?t=post&reply_to=4875&quote=t
rue>  ][ View Topic/Message
<https://www.alienvault.com/forum/index.php?t=rview&goto=4875#msg_4875>
][ Unsubscribe from this topic
<https://www.alienvault.com/forum/index.php?t=rview&th=1571>  ] 

 

      

 

 

 

 

Re: [Os-sim-support] OSSIM-server not listening on port 40001

[David W. <dw...@ad...>]

 

I did use the OSSIM cd to install Debian and OSSIM.

 

this is what I see in the log:

 

2009-09-24 15:04:44 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:04:44 OSSIM-Debug: Starting OSSIM server debug with
process id: 32328

2009-09-24 15:04:44 OSSIM-Debug: sim_container_db_load_plugins_ul OOOO

2009-09-24 15:04:46 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:06:17 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:06:18 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:06:41 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:06:42 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:09:19 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:09:20 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...The message repeats every 2 minutes.  

 

 

idsmanager:~# netstat -anp | grep 4000

tcp        0      0 127.0.0.1:40003         0.0.0.0:*
LISTEN      30568/python

 

I have run an strace on the server and it doesn't seem to be attempting
to open the socket.

 

This doesn't work:

strace -s4096  -f -o ~/strace.out ossim-server -D6 -i 127.0.0.1 -p 40001
&

 

 

This doesn't work:

/etc/init.d/ossim-server stop

/etc/init.d/ossim-server start

 

 

 

Any hints would be appreciated.

 

-Dave

 

 

 

 

 

-----Original Message-----
From: Ritter, Nicholas [mailto:Nic...@am...] 
Sent: Tuesday, September 22, 2009 6:19 PM
To: David Wilson; os-...@li...
Subject: RE: [Os-sim-support] New reply to Re: OSSIM-server not
listening onport 40001 by gsporter

 

Is something else running on that port?

 

Did you install OSSIM via the ISO?

 

Nick

 

OCSA, OCSE

 

 

 

 

-----Original Message-----

From: David Wilson [mailto:dw...@ad...]

Sent: Tue 9/22/2009 6:10 PM

To: os-...@li...

Subject: Re: [Os-sim-support] New reply to Re: OSSIM-server not
listening onport 40001 by gsporter

 

Did that.  No love.

 

-dave

 

 

 

 

 

________________________________

 

From: fo...@al... [mailto:fo...@al...] 

Sent: Tuesday, September 22, 2009 3:48 PM

To: David Wilson

Subject: New reply to Re: OSSIM-server not listening on port 40001 by
gsporter

 

 

 

Subject: Re: OSSIM-server not listening on port 40001

 

      Author: gsporter

 

      Date: Tue, 22 September 2009 17:47

 

      

I would start by running ossim-setup

 

ossim#ossim-setup

 

1st going thru the profile (option 2)

2nd run the update (option 4)

3rd run Apply and Save (option 5)

 

Check and see if the framework is listening

 

netstat -apn | grep LISTEN |grep 40001

 

Check and see if the framwork dameon is listening

 

netstat -apn | grep LISTEN |grep 40003

 

 

killall ossim-framework; ossim-framework -v

 

then 

 

killall ossim-framework; ossim-framework -d

 

and rerun the checks.

 

 

GP 

 

      

[ Reply
<https://www.alienvault.com/forum/index.php?t=post&reply_to=4875>  ][
Quote
<https://www.alienvault.com/forum/index.php?t=post&reply_to=4875&quote=t
rue>  ][ View Topic/Message
<https://www.alienvault.com/forum/index.php?t=rview&goto=4875#msg_4875>
][ Unsubscribe from this topic
<https://www.alienvault.com/forum/index.php?t=rview&th=1571>  ] 

 

      

 

 

 

 

[Os-sim-support] step by step guide

[Kaushal S. <kau...@gm...>]

Hi,

Is there a step by step guide to configure OSSIM. I have successfully
installed it.

Thanks,

Kaushal

Re: [Os-sim-support] New reply to Re: OSSIM-server not listening onport 40001 by gsporter

[Ritter, N. <Nic...@am...>]

Is something else running on that port?

Did you install OSSIM via the ISO?

Nick

OCSA, OCSE




-----Original Message-----
From: David Wilson [mailto:dw...@ad...]
Sent: Tue 9/22/2009 6:10 PM
To: os-...@li...
Subject: Re: [Os-sim-support] New reply to Re: OSSIM-server not listening onport 40001 by gsporter
 
Did that.  No love.

-dave

 

 

________________________________

From: fo...@al... [mailto:fo...@al...] 
Sent: Tuesday, September 22, 2009 3:48 PM
To: David Wilson
Subject: New reply to Re: OSSIM-server not listening on port 40001 by gsporter

 

Subject: Re: OSSIM-server not listening on port 40001

	Author: gsporter

	Date: Tue, 22 September 2009 17:47

	
I would start by running ossim-setup

ossim#ossim-setup

1st going thru the profile (option 2)
2nd run the update (option 4)
3rd run Apply and Save (option 5)

Check and see if the framework is listening

netstat -apn | grep LISTEN |grep 40001

Check and see if the framwork dameon is listening

netstat -apn | grep LISTEN |grep 40003


killall ossim-framework; ossim-framework -v

then 

killall ossim-framework; ossim-framework -d

and rerun the checks.


GP 

	
[ Reply <https://www.alienvault.com/forum/index.php?t=post&reply_to=4875>  ][ Quote <https://www.alienvault.com/forum/index.php?t=post&reply_to=4875&quote=true>  ][ View Topic/Message <https://www.alienvault.com/forum/index.php?t=rview&goto=4875#msg_4875>  ][ Unsubscribe from this topic <https://www.alienvault.com/forum/index.php?t=rview&th=1571>  ] 

	

 

Re: [Os-sim-support] New reply to Re: OSSIM-server not listening on port 40001 by gsporter

[David W. <dw...@ad...>]

Did that.  No love.

-dave

 

 

________________________________

From: fo...@al... [mailto:fo...@al...] 
Sent: Tuesday, September 22, 2009 3:48 PM
To: David Wilson
Subject: New reply to Re: OSSIM-server not listening on port 40001 by
gsporter

 

Subject: Re: OSSIM-server not listening on port 40001

Author: gsporter

Date: Tue, 22 September 2009 17:47

I would start by running ossim-setup

ossim#ossim-setup

1st going thru the profile (option 2)
2nd run the update (option 4)
3rd run Apply and Save (option 5)

Check and see if the framework is listening

netstat -apn | grep LISTEN |grep 40001

Check and see if the framwork dameon is listening

netstat -apn | grep LISTEN |grep 40003


killall ossim-framework; ossim-framework -v

then 

killall ossim-framework; ossim-framework -d

and rerun the checks.


GP 

[ Reply
<https://www.alienvault.com/forum/index.php?t=post&reply_to=4875>  ][
Quote
<https://www.alienvault.com/forum/index.php?t=post&reply_to=4875&quote=t
rue>  ][ View Topic/Message
<https://www.alienvault.com/forum/index.php?t=rview&goto=4875#msg_4875>
][ Unsubscribe from this topic
<https://www.alienvault.com/forum/index.php?t=rview&th=1571>  ] 

 

[Os-sim-support] OSSIM-server not listening on port 40001

[David W. <dw...@ad...>]

Hi guys,

I am trying to setup OSSIM on a new box. I have the thing up and
running. I have setup networks under policy and everything seemed to be
going well, but if i hit reload I see this:

Warning: socket_connect() [function.socket-connect]: unable to connect
[111]: Connection refused in /usr/share/ossim/www/conf/reload.php on
line 61

Warning: socket_write() [function.socket-write]: unable to write to
socket [32]: Broken pipe in /usr/share/ossim/www/conf/reload.php on line
67

Warning: socket_read() [function.socket-read]: unable to read from
socket [107]: Transport endpoint is not connected in
/usr/share/ossim/www/conf/reload.php on line 68
Error connecting to server ...

The server process is running, but it doesn't listen on the server port.
I have the All-In-One Ossim config.

After configuring the machine, installing OSSIM and updating it, I
changed the machine's IP reconfigured and rebooted it.

How do I go about troubleshooting this issue?

Thanks In advance.
-Dave

Re: [Os-sim-support] Some questions about OSSIM (Newbie)

[Umarzuki M. <uma...@gm...>]

Next you would figure what kind of topology you will have and what
kind of monitoring you'd like the ossim server to do.

Reading all the documentations if beneficial before setting up
http://www.ossim.net/docs.php

hth

2009/9/5 Reynier Pérez Mira <rp...@uc...>:
> Hi every:
> Recently I installed OSSIM AlienVault v2.1 using ISO. I want to
> monitoring this servers:
>  * 3 RedHat AS 4.6
>  * 2 Ubuntu Server 9.04
>  * 3 Windows 2003 (SP1 & SP2 R2)
>  * 1 Gentoo
> After get installed OSSIM, what's next? Any doc? Any tutorial for newbie?
> Cheers and thanks in advance
> --
> Ing. Reynier Pérez Mira
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
>



-- 
Regards,

Umarzuki Mochlis
http://gameornot.net

[Os-sim-support] Some questions about OSSIM (Newbie)

[Reynier P. M. <rp...@uc...>]

Hi every:
Recently I installed OSSIM AlienVault v2.1 using ISO. I want to 
monitoring this servers:
  * 3 RedHat AS 4.6
  * 2 Ubuntu Server 9.04
  * 3 Windows 2003 (SP1 & SP2 R2)
  * 1 Gentoo
After get installed OSSIM, what's next? Any doc? Any tutorial for newbie?
Cheers and thanks in advance
-- 
Ing. Reynier Pérez Mira

[Os-sim-support] Collecting and processing logs for Oracle, Windows DHCP server, qmail, Lotus Notes

[pent 5. <pen...@gm...>]

Hi,

I have an OSSIM box installed and need to get logs from Oracle Windows 2003
DHCP server, qmail, Lotus Notes and HPunix. Which agents , configurations i
can use for each component for collecting logs and writing plugins for all
of this than can be seen and correlated at the OSSIM interface.

Regards

Re: [Os-sim-support] Adding timestamp/hash function

[Jason A M. <jm...@lo...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Do you want to add information to the syslog file? Or do you want
OSSIM to recognize those events that are already at the end of that
file? Could you provide more specifics?

The ossim-agent has a plug-in to watch syslog entries and forward
them to the OSSIM Server.  That plug-in will most likely be
involved in whatever solution you need.  However, without details
on what you're trying to do it's hard to outline a definitive
recommendation.

In the future, you may want to consider using OSSIM's forums
instead of the mail list.  The forums may be found at OSSIM's
website http://www.ossim.net/.  The mail list is not as active as
it used to be and the forums are frequented by the developers more
than this list.

On Fri, 21 Aug 2009 11:34:34 +0300 pent 5971 <pen...@gm...>
wrote:
>Hi,
>Ive gotta question. What to do if we want to tale timestamp and
>hash
>functions to the logs collected by the OSSIM (and generally to
>linux
>syslog/syslog-ng)?
>
>-------------------------------------------------------------------

>-----------
>Let Crystal Reports handle the reporting - Free Crystal Reports
>2008 30-Day
>trial. Simplify your report design, integration and deployment -
>and focus on
>what you do best, core application coding. Discover what's new
>with
>Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>_______________________________________________
>Os-sim-support mailing list
>Os-...@li...
>https://lists.sourceforge.net/lists/listinfo/os-sim-support
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wkYEARECAAYFAkqOZA0ACgkQwR/jsMKbET+oAwCdHW1DQ2Y0PrWyDfKx7+RF19Kx/HUA
n06LsKjonk4LM7o6NRTyaloqLKmP
=5xpd
-----END PGP SIGNATURE-----

[Os-sim-support] Adding timestamp/hash function

[pent 5. <pen...@gm...>]

Hi,
Ive gotta question. What to do if we want to tale timestamp and hash
functions to the logs collected by the OSSIM (and generally to linux
syslog/syslog-ng)?

[Os-sim-support] OSSIM 1.2 6b-bit - ntop segfaults

[Ritter, N. <Nic...@am...>]

I am running OSSIM 1.2 64bit installed on a Dell PowerEdge 2950 via the
OSSIM 1.2 installer ISO. I have run apt-get update and apt-get
dist-upgrade, and overall things are working well.

 

I noticed in dmesg output that various libraries are segfaulting with
ntop (let me know if you want me to gather more information, or how I
can help the project on this issue). The dmesg output is listed below. 

 

Nick

 

 

ntop[9059]: segfault at 937000 ip 00007f26aaefd652 sp 000000004464bd38
error 4 in libgdbm.so.3.0.0[7f26aaefa000+5000]

ntop[9866]: segfault at 8d5000 ip 00007fb07e99c652 sp 0000000042e69d28
error 4 in libgdbm.so.3.0.0[7fb07e999000+5000]

ntop[11504]: segfault at 9bc000 ip 00007f062fffe652 sp 0000000044408d38
error 4 in libgdbm.so.3.0.0[7f062fffb000+5000]

ntop[11835]: segfault at 99b000 ip 00007f27a8f24652 sp 00000000454add38
error 4 in libgdbm.so.3.0.0[7f27a8f21000+5000]

ntop[12436]: segfault at 915000 ip 00007f457a5aa652 sp 0000000044f20d38
error 4 in libgdbm.so.3.0.0[7f457a5a7000+5000]

ntop[12711]: segfault at 789000 ip 00007f3844f89652 sp 0000000043676d28
error 4 in libgdbm.so.3.0.0[7f3844f86000+5000]

ntop[15533]: segfault at 870000 ip 00007fdb45a83652 sp 00000000418dcd38
error 4 in libgdbm.so.3.0.0[7fdb45a80000+5000]

ntop[16693]: segfault at 99e000 ip 00007fdeb17a5652 sp 0000000045649d38
error 4 in libgdbm.so.3.0.0[7fdeb17a2000+5000]

ntop[16879]: segfault at 12fe000 ip 00007f9d9775c652 sp 00000000457b4d38
error 4 in libgdbm.so.3.0.0[7f9d97759000+5000]

ntop[18746]: segfault at 7aa000 ip 00007f6190648652 sp 0000000044b21d38
error 4 in libgdbm.so.3.0.0[7f6190645000+5000]

ntop[19171]: segfault at 12a2000 ip 00007f63fb1e3652 sp 00000000448e4d38
error 4 in libgdbm.so.3.0.0[7f63fb1e0000+5000]

ntop[23459]: segfault at 99f000 ip 00007f9ecf5b7652 sp 0000000044ccdd38
error 4 in libgdbm.so.3.0.0[7f9ecf5b4000+5000]

ntop[24783]: segfault at e27000 ip 00007f754975e652 sp 0000000044682d38
error 4 in libgdbm.so.3.0.0[7f754975b000+5000]

ntop[28485]: segfault at 11f6000 ip 00007f37c92e0652 sp 0000000045529d38
error 4 in libgdbm.so.3.0.0[7f37c92dd000+5000]

ntop[32124]: segfault at 80d000 ip 00007fc55dd6e652 sp 0000000044e93d38
error 4 in libgdbm.so.3.0.0[7fc55dd6b000+5000]

ntop[32365]: segfault at 1919000 ip 00007f0a756f4652 sp 00000000453d0d38
error 4 in libgdbm.so.3.0.0[7f0a756f1000+5000]

ntop[3270]: segfault at 157c000 ip 00007f890fc91652 sp 0000000040831d38
error 4 in libgdbm.so.3.0.0[7f890fc8e000+5000]

ntop[6643]: segfault at 7f7e225bb8c8 ip 00007f728e7494aa sp
0000000045409170 error 4 in libpthread-2.7.so[7f728e741000+16000]

ntop[8705]: segfault at 133d000 ip 00007f8dd77a4652 sp 0000000045049d38
error 4 in libgdbm.so.3.0.0[7f8dd77a1000+5000]

ntop[11070]: segfault at 80d000 ip 00007fbd42386652 sp 0000000044110d38
error 4 in libgdbm.so.3.0.0[7fbd42383000+5000]

ntop[15625]: segfault at 7fd2ca160b50 ip 00007fc7203984aa sp
0000000044853170 error 4 in libpthread-2.7.so[7fc720390000+16000]

ntop[18692]: segfault at ef0000 ip 00007fe70922f652 sp 0000000044338d38
error 4 in libgdbm.so.3.0.0[7fe70922c000+5000]

ntop[21980]: segfault at a01000 ip 00007f0233e24652 sp 0000000044eeed38
error 4 in libgdbm.so.3.0.0[7f0233e21000+5000]

ntop[24486]: segfault at 8b3000 ip 00007f23fe4d0652 sp 00000000415efd38
error 4 in libgdbm.so.3.0.0[7f23fe4cd000+5000]

ntop[25082]: segfault at 999000 ip 00007fcada415652 sp 000000004427bd38
error 4 in libgdbm.so.3.0.0[7fcada412000+5000]

ntop[25521]: segfault at 84f000 ip 00007f8b80222652 sp 0000000044321d38
error 4 in libgdbm.so.3.0.0[7f8b8021f000+5000]

ntop[26134]: segfault at ac7000 ip 00007f72ca1cc652 sp 00000000453a5d38
error 4 in libgdbm.so.3.0.0[7f72ca1c9000+5000]

ntop[26542]: segfault at 80e000 ip 00007f943e852652 sp 0000000044b4bd38
error 4 in libgdbm.so.3.0.0[7f943e84f000+5000]

ntop[26770]: segfault at 938000 ip 00007fab5fcd1652 sp 0000000044de2d38
error 4 in libgdbm.so.3.0.0[7fab5fcce000+5000]

ntop[27012]: segfault at aa5000 ip 00007f9a1b899652 sp 0000000044608d38
error 4 in libgdbm.so.3.0.0[7f9a1b896000+5000]

ntop[27182]: segfault at c7b000 ip 00007fe30d2bd652 sp 0000000045111d38
error 4 in libgdbm.so.3.0.0[7fe30d2ba000+5000]

ntop[28186]: segfault at a02000 ip 00007f574d44c652 sp 00000000444f8d38
error 4 in libgdbm.so.3.0.0[7f574d449000+5000]

ntop[28855]: segfault at a1f000 ip 00007f95468a9652 sp 00000000441a8d38
error 4 in libgdbm.so.3.0.0[7f95468a6000+5000]

ntop[29353]: segfault at 7aa000 ip 00007f943ba1d652 sp 0000000044e12d38
error 4 in libgdbm.so.3.0.0[7f943ba1a000+5000]

ntop[29776]: segfault at 917000 ip 00007f09c2514652 sp 0000000044f0ad38
error 4 in libgdbm.so.3.0.0[7f09c2511000+5000]

ntop[30405]: segfault at 915000 ip 00007fe34cf32652 sp 0000000044631d38
error 4 in libgdbm.so.3.0.0[7fe34cf2f000+5000]

ntop[30754]: segfault at 917000 ip 00007f24de6d3652 sp 00000000444a9d38
error 4 in libgdbm.so.3.0.0[7f24de6d0000+5000]

ntop[30979]: segfault at 8f7000 ip 00007f4ac7e9e652 sp 00000000454cfd38
error 4 in libgdbm.so.3.0.0[7f4ac7e9b000+5000]

ntop[31182]: segfault at a42000 ip 00007f258f136652 sp 00000000448b0d38
error 4 in libgdbm.so.3.0.0[7f258f133000+5000]

ntop[31324]: segfault at 80d000 ip 00007f37076b5652 sp 0000000044e63d38
error 4 in libgdbm.so.3.0.0[7f37076b2000+5000]

ntop[31850]: segfault at a84000 ip 00007f2770a2d652 sp 0000000044478d38
error 4 in libgdbm.so.3.0.0[7f2770a2a000+5000]

ntop[32433]: segfault at 9df000 ip 00007f8f34e74652 sp 0000000045575d38
error 4 in libgdbm.so.3.0.0[7f8f34e71000+5000]

ntop[622]: segfault at 7aa000 ip 00007f9e4d378652 sp 0000000044189d38
error 4 in libgdbm.so.3.0.0[7f9e4d375000+5000]

ntop[1085]: segfault at 850000 ip 00007ffa0c3ce652 sp 0000000044dbbd38
error 4 in libgdbm.so.3.0.0[7ffa0c3cb000+5000]

ntop[1489]: segfault at 82e000 ip 00007f4ee3418652 sp 0000000044591d38
error 4 in libgdbm.so.3.0.0[7f4ee3415000+5000]

ntop[2127]: segfault at 892000 ip 00007f70b09bb652 sp 00000000410f1d38
error 4 in libgdbm.so.3.0.0[7f70b09b8000+5000]

ntop[2441]: segfault at 9bc000 ip 00007f6c99e32652 sp 0000000045562d38
error 4 in libgdbm.so.3.0.0[7f6c99e2f000+5000]

ntop[2673]: segfault at 99c000 ip 00007f6290597652 sp 0000000041355d38
error 4 in libgdbm.so.3.0.0[7f6290594000+5000]

ntop[2861]: segfault at 915000 ip 00007f866b89a652 sp 0000000044ddfd38
error 4 in libgdbm.so.3.0.0[7f866b897000+5000]

ntop[2988]: segfault at 9e4000 ip 00007f61b332d652 sp 0000000044aeed38
error 4 in libgdbm.so.3.0.0[7f61b332a000+5000]

ntop[3591]: segfault at a1f000 ip 00007fcace9ec652 sp 000000004084bd38
error 4 in libgdbm.so.3.0.0[7fcace9e9000+5000]

ntop[9914]: segfault at c9a000 ip 00007fd01dd90652 sp 0000000045945d38
error 4 in libgdbm.so.3.0.0[7fd01dd8d000+5000]

ntop[10526]: segfault at 16c7000 ip 00007fc1a748d652 sp 00000000442ccd38
error 4 in libgdbm.so.3.0.0[7fc1a748a000+5000]

ntop[16479]: segfault at f33000 ip 00007fba6a487652 sp 0000000045164d38
error 4 in libgdbm.so.3.0.0[7fba6a484000+5000]

ntop[17944]: segfault at 1a5d8 ip 00007f372a345ef9 sp 000000004473d388
error 6 in libc-2.7.so[7f372a2c9000+14a000]

ntop[17942]: segfault at 0 ip 00007f372a343a92 sp 000000004373dca8 error
4 in libc-2.7.so[7f372a2c9000+14a000]

ntop[18210]: segfault at da3000 ip 00007f9d43c82652 sp 0000000045190d38
error 4 in libgdbm.so.3.0.0[7f9d43c7f000+5000]

ntop[18586]: segfault at eb6000 ip 00007f97edfff652 sp 00000000442e8d38
error 4 in libgdbm.so.3.0.0[7f97edffc000+5000]

ntop[21550]: segfault at fe4000 ip 00007f5802dd6652 sp 0000000044224d38
error 4 in libgdbm.so.3.0.0[7f5802dd3000+5000]

ntop[22326]: segfault at cfd000 ip 00007fa27f94f652 sp 00000000446f7d38
error 4 in libgdbm.so.3.0.0[7fa27f94c000+5000]

ntop[23882]: segfault at d1f000 ip 00007f24bbab8652 sp 0000000041244d38
error 4 in libgdbm.so.3.0.0[7f24bbab5000+5000]

ntop[25772]: segfault at 1e96000 ip 00007fc54f1fa652 sp 00000000450fbd38
error 4 in libgdbm.so.3.0.0[7fc54f1f7000+5000]

ntop[30384]: segfault at 80d000 ip 00007f50b9b74652 sp 0000000040ac0d38
error 4 in libgdbm.so.3.0.0[7f50b9b71000+5000]

ntop[477]: segfault at 8d3000 ip 00007f739e358652 sp 0000000041065d38
error 4 in libgdbm.so.3.0.0[7f739e355000+5000]

ntop[1670]: segfault at 918000 ip 00007f480def2652 sp 00000000444a0d28
error 4 in libgdbm.so.3.0.0[7f480deef000+5000]

ntop[6227]: segfault at 7f5662c6a8c8 ip 00007f4acedf84aa sp
0000000044f32170 error 4 in libpthread-2.7.so[7f4acedf0000+16000]

ntop[10428]: segfault at 8b2000 ip 00007fa0b510d652 sp 0000000044208d38
error 4 in libgdbm.so.3.0.0[7fa0b510a000+5000]

ntop[17060]: segfault at 13e9000 ip 00007f9986be4652 sp 000000004226ad28
error 4 in libgdbm.so.3.0.0[7f9986be1000+5000]

[Os-sim-support] Clear mysql database

[FREDERIC A. <fre...@ms...>]

hi,
 
i'm working on Ossim 2.1, and i want to know if it is possible to clear the database without affecting the correlation proces.
 
I know how to clear all events from forensic console, administration > clear all table, but my /var isn't clear at all. I suppose it was just a superficial cleaning of the events.
 
Is there a commande on ossim that do this job, or i need to drop all mysql table myself?
 
thx

[Os-sim-support] Where is reconfig.pl?

[FREDERIC A. <fre...@ms...>]

hi,
 
When i were working on ossim v1.x, there was a script, in /home/ossim/dist/reconfig.pl, able to reconfigure the ossim server. I was using this scrpit together with the command /etc/init.d/ossim-server restart,to apply the changes made to the config file, /etc/ossim/ossim_setup.conf. 
 
Now, on ossim 2.1, he is not there anymore. And i'm not able to run all the applications of the SENSOR section, on the specified interfaces.
 
If he does not exist anymore, what is the command that can reconfigure the systeme without having to reboot.
 
thx
 

[Os-sim-support] hi,

[FREDERIC A. <fre...@ms...>]

hi,
 
Is it possible to implement an apache authentication when accessing ntop by his own web interface on port 3000?
 
How can i do it?

thx 
 ( https://www.ossim.net/forum/index.php?t=report&msg_id=4405&S=602841b87691d48538c01036f1271db2 )