os-sim-support — Support requests

[Os-sim-support] Is it possible to disable nagios3 in Ossim 2.1, with out having to remove the nagios3 packages?

[FREDERIC A. <fre...@ms...>]

Is it possible to disable nagios3 in Ossim 2.1, with out having to remove the nagios3 packages?
 
thx
 

[Os-sim-support] Timestamp and hash functions for OSSIM

[a bv <vba...@gm...>]

Hi list,

For the community version of OSSIM, how can i add the timestamp and
hash functions? Which open source /linux tools exist for this
functions?

Regards

[Os-sim-support] Host report export to excell

[a bv <vba...@gm...>]

Hi,

I want to do something while using OSSIM.  After querying logs for an
IP (host) from web interface i can see the logs for it nice. But what
ill need is to take this logs for a specific host/IP and have it on on
an excell (may be pdf) on a periodicall basis (maybe weekly maybe
montly etc). So how can i do this?

Regards

Re: [Os-sim-support] New OSSIM installation - configuration questions

[Dominique K. <dk...@os...>]

Hello Kurt,

we've dropped the sf.net mailing lists some time ago in favour of our  
own forums at https://www.ossim.net/forums/. There you'll be able to  
find tons of information on your issue.

If you don't mind, repost it there somewhere (installation questions  
or networking) and you'll get a prompt answer.

Also, the version you're using is somewhat outdated. We're approaching  
the end of the 1.2 beta testing process (at beta6 right now) and it's  
strongly suggested that you use that one. Only problem is that it  
requires 64bit architecture right now, but the 32bit installer is  
almost finished too.

Good luck,

Dominique

Am 06.05.2009 um 03:14 schrieb Kurt Buff:

> All,
>
> I've got a new installation in testing (Version: 1.0.0rc1  
> (2008/08/19) - I grabbed the 1.0.6 installer ISO) and need a bit of  
> help configuring it - what I have doesn't seem to be covered in the  
> docs, though I could just be blind...
>
> I've got a box with two NICs, on which I was running just ntop under  
> FreeBSD, but am wanting to use it for OSSIM.
>
> I've got a Realtek NIC (eth0 in SW2) that sits on my subnet, and is  
> numbered, and an Intel NIC (eth1 on SW1) that's plugged into a  
> mirror port on a switch and is currently unnumbered. The switch with  
> the monitor port sits between my firewall and my backbone switch. I  
> had ntop listening on eth1 and displaying output on eth0.
>
> Here's a simple ASCII diagram:
>
>       _____       _____       _____
>      |     |     |     |     |     |
> FW---| SW1 |-----| BB  |-----| SW2 |
>      |_____|     |_____|     |_____|
>         |                       |
>         |___eth1__OSSIM__eth0___|
>
> I'm not finding in the docs several things I need to make this go -  
> I think this is partly because I'm so used to FreeBSD that this  
> setup seems pretty alien to me.
>
> It looks as if the OSSIM install sets up a password for ntop, and  
> I'm not seeing what that is. I've examined the config files that I  
> can find, but don't see where it did that, nor what the password is.  
> I tried setting the password with 'ntop -A', but that didn't seem to  
> work.
>
> Along with that, I'd like to ntop use the NIC on the mirror port for  
> SW1 to monitor traffic - ditto for the other apps that listen to the  
> wire.
>
> BTW - the OSSIM box has a 1.7GHz Celeron with 2gbytes of RAM and a  
> 180Gbyte HD, if that makes any difference.
>
> Thanks for any help or suggestions,
>
> Kurt
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances!  
> Your
> production scanning environment may not be a perfect world - but  
> thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW  
> KODAK i700
> Series Scanner you'll get full speed at 300 dpi even with all image
> processing features enabled. http://p.sf.net/sfu/kodak-com_______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support

[Os-sim-support] New OSSIM installation - configuration questions

[Kurt B. <kur...@gm...>]

All,

I've got a new installation in testing (Version: 1.0.0rc1 (2008/08/19) - I
grabbed the 1.0.6 installer ISO) and need a bit of help configuring it -
what I have doesn't seem to be covered in the docs, though I could just be
blind...

I've got a box with two NICs, on which I was running just ntop under
FreeBSD, but am wanting to use it for OSSIM.

I've got a Realtek NIC (eth0 in SW2) that sits on my subnet, and is
numbered, and an Intel NIC (eth1 on SW1) that's plugged into a mirror port
on a switch and is currently unnumbered. The switch with the monitor port
sits between my firewall and my backbone switch. I had ntop listening on
eth1 and displaying output on eth0.

Here's a simple ASCII diagram:

      _____       _____       _____
     |     |     |     |     |     |
FW---| SW1 |-----| BB  |-----| SW2 |
     |_____|     |_____|     |_____|
        |                       |
        |___eth1__OSSIM__eth0___|

I'm not finding in the docs several things I need to make this go - I think
this is partly because I'm so used to FreeBSD that this setup seems pretty
alien to me.

It looks as if the OSSIM install sets up a password for ntop, and I'm not
seeing what that is. I've examined the config files that I can find, but
don't see where it did that, nor what the password is. I tried setting the
password with 'ntop -A', but that didn't seem to work.

Along with that, I'd like to ntop use the NIC on the mirror port for SW1 to
monitor traffic - ditto for the other apps that listen to the wire.

BTW - the OSSIM box has a 1.7GHz Celeron with 2gbytes of RAM and a 180Gbyte
HD, if that makes any difference.

Thanks for any help or suggestions,

Kurt

[Os-sim-support] OSSIM & Gsoc 2009

[Juan M. L. <ju...@os...>]

Hi all!

OSSIM has applied once again to become one of the organizations taking part
in Gsoc 2009.

Google Summer of Code (GSoC) is a program that offers student developers
stipends to write code for various open source projects. Last year, we had
the opportunity to work in 6 different projects in OSSIM, with 6 different
students from different parts of the world. Google is basically helping
proyects, giving money to those students who want to contribute to Open
Source projects during their holidays.

To become a student you must be enrolled in a university or institute. We’ve
got a list containing all the ideas that we will be accepting as projects
during this year's Gsoc:
http://www.ossim.net/dokuwiki/doku.php?id=ideas&s=ideas .

You can even suggest your own ideas, or improve the given ideas. If so, you
can write a post on the forums (Gsoc category) explaining which idea you
would like to work on during the summer. (
https://www.ossim.net/forum/index.php?t=i&cat=8&S=9f595bd87ad84c41cec1dc4433957bde)

If you are not a student but you would like to contribute, you can also send
your ideas.

If you want to apply please write an e-mail to gs...@os... with the
following format:

    *      Name
    *      E-mail address
    *      Project Title
    *      Possible Mentor (optional)
    *      Benefits to the OSSIM community - a good project will not just be
fun to work on, but also generally useful to others.
    *      Deliverables - It is very important to list quantifiable results
here i.e.
                   -  “Improve X modules in ways Y and Z.”
                   -  “Write 3 new man pages for the new interfaces.”
                   -  “Improve test coverage by writing X more
unit/regression tests.”
                   -  “Improve performance in FOO by X%.”
    *      Project Schedule - How long will the project take? When can you
begin work?
    *      Availability - How many hours per week can you spend working on
this? What other obligations do you have this summer?
    *      Bio - Who are you? What makes you the best person to work on this
project?
    *      Experience / collaborations with Open Source projects?


Note that this is a very serious task which requires quite a lot of time.
Those who have been collaborating and interacting with the community of
OSSIM or have knowledge on OSSIM (not a must) have a plus.

Juanma

Re: [Os-sim-support] Inventory dashboard charts not displaying

[John A. S. I. <jsu...@op...>]

On Wed, 2009-01-14 at 08:09 -0500, John A. Sullivan III wrote:
> On Wed, 2009-01-14 at 19:55 +0800, Umarzuki Mochlis wrote:
> > Might want to check whether ntop is running (policy > sensor) and the
> > server IP set up correctly in int agent config file.
> > 
> > 2009/1/14 John A. Sullivan III <jsu...@op...>:
> > > Hello, all.  I've worked my way through the very helpful OCS tutorial
> > > and all seems to be working well except, when I go to the dashboard and
> > > click on Inventory, I get two placeholders which say "Generating
> > > chart... please, wait.. ".  There's plenty of data in the systems and
> > > the OCS inventory reports look fine.
> > >
> > > It's probably something simple and I've just been staring at OSSIM too
> > > long.  Any ideas what I may have missed? This is a fresh installation
> > > using the 1.0.6 installer on a KVM guest running CentOS 5.2.  I've poked
> > > around the apache2 logs and the various ossim logs but do not see any
> > > pertinent error messages or access problems.  Thanks - John
> > ><snip>
> Thank you.  ntop is running and I assume the server address is correct
> because the agents have reported their inventory.  The OCS inventory
> report is properly populated but the dashboard just sits at Generating
> Chart...please, wait....  Any other places to look? Things I've done
> wrong? Thanks - John
Found it.  When looking at the configs on the dashboard, all the
displays having trouble were swf graphs.  I checked, and sure enough,
the flash plugin was not installed on the test system browser.  Now all
displays fine.  Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsu...@op...

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

Re: [Os-sim-support] Inventory dashboard charts not displaying

[John A. S. I. <jsu...@op...>]

On Wed, 2009-01-14 at 19:55 +0800, Umarzuki Mochlis wrote:
> Might want to check whether ntop is running (policy > sensor) and the
> server IP set up correctly in int agent config file.
> 
> 2009/1/14 John A. Sullivan III <jsu...@op...>:
> > Hello, all.  I've worked my way through the very helpful OCS tutorial
> > and all seems to be working well except, when I go to the dashboard and
> > click on Inventory, I get two placeholders which say "Generating
> > chart... please, wait.. ".  There's plenty of data in the systems and
> > the OCS inventory reports look fine.
> >
> > It's probably something simple and I've just been staring at OSSIM too
> > long.  Any ideas what I may have missed? This is a fresh installation
> > using the 1.0.6 installer on a KVM guest running CentOS 5.2.  I've poked
> > around the apache2 logs and the various ossim logs but do not see any
> > pertinent error messages or access problems.  Thanks - John
> ><snip>
Thank you.  ntop is running and I assume the server address is correct
because the agents have reported their inventory.  The OCS inventory
report is properly populated but the dashboard just sits at Generating
Chart...please, wait....  Any other places to look? Things I've done
wrong? Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsu...@op...

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

Re: [Os-sim-support] Inventory dashboard charts not displaying

[Umarzuki M. <uma...@gm...>]

Might want to check whether ntop is running (policy > sensor) and the
server IP set up correctly in int agent config file.

2009/1/14 John A. Sullivan III <jsu...@op...>:
> Hello, all.  I've worked my way through the very helpful OCS tutorial
> and all seems to be working well except, when I go to the dashboard and
> click on Inventory, I get two placeholders which say "Generating
> chart... please, wait.. ".  There's plenty of data in the systems and
> the OCS inventory reports look fine.
>
> It's probably something simple and I've just been staring at OSSIM too
> long.  Any ideas what I may have missed? This is a fresh installation
> using the 1.0.6 installer on a KVM guest running CentOS 5.2.  I've poked
> around the apache2 logs and the various ossim logs but do not see any
> pertinent error messages or access problems.  Thanks - John
> --
> John A. Sullivan III
> Open Source Development Corporation
> +1 207-985-7880
> jsu...@op...
>
> http://www.spiritualoutreach.com
> Making Christianity intelligible to secular society
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
>



-- 
Regards,

Umarzuki Mochlis
http://gameornot.net

Re: [Os-sim-support] OSSIM OCS problem with VServer

[John A. S. I. <jsu...@op...>]

On Tue, 2009-01-13 at 18:23 -0500, John A. Sullivan III wrote:
> We are brand new to OSSIM and happily working through our first test
> installation.  We encountered a problem early on with OCS running on
> VServer guests.  Normally one wouldn't run OCS on a VServer guest as it
> would simply inventory the same hardware as the VServer host.  However,
> in the case of OSSIM, it appears to make sense as we can use the
> software inventory to correlate against attacks and vulnerability scans.
> 
> The problem is the inventory routine checks for read access to /dev/mem
> and, if it cannot read /dev/mem, it fails.  A VServer mail list thread
> suggested the check is simply to ensure the user has root privileges and
> the solution was to comment out the check.  Perhaps I am ignorant but I
> think I would rather still check for proper privileges rather than have
> the routine inexplicably fail.
> 
> What I did instead was to edit ocsinventory-client.pl by changing
> unless(-r "/dev/mem"){
> die localtime()." => You don't have enough rights to
> run this program\n";
> }
> to
> unless(-w "/root"){
> die localtime()." => You don't have enough rights to
> run this program\n";
> }
> 
> I would certainly prefer that someone who knows more about OCS take a
> look at this to know if this is a wise approach.
> 
> Now I need to figure out how to embed this change in OSSIM.  I'm
> guessing I need to make a copy of the Linux client source, edit it, tar
> it and add it to the downloads web page within OSSIM.  It looks like the
> source is in /home/ossim/dist/OCSNG_LINUX_AGENT_1.01/Ocsinventory but
> the ocsinventory-client.pl script appears three times in that
> subdirectory - directly in it, in blib/scripts, and in
> blib/lib/Ocsinventory and the are not links.  Do I change it in all
> three?
> 
> Once I have the tar file, what is the best way to embed it in the
> download web page so it is not overwritten by the next OSSIM
> update/upgrade?
> 
> Thanks - John

This is what I have done so far but I am concerned it will be
overwritten the next time I update/upgrade OSSIM.  From our internal
documentation:

On the OSSIM host:

cd /home/ossim/dist

cp -r OCSNG_LINUX_AGENT_1.01{,.VServer}

cd OCSNG_LINUX_AGENT_1.01.VServer/Ocsinventory

There are three copies of the ocsinventory-client.pl script, one in this
directory,one in blib/scripts, and one in blib/lib/Ocsinventory. Edit
each one the same way, i.e., replace:

unless(-r "/dev/mem"){

with:

unless(-w "/root"){

Now we need to clean up, tar the directory, move the tar to the
appropriate location for OSSIM, and make it appear on the OSSIM Tools
Downloads page:

cd /home/ossim/dist/OCSNG_LINUX_AGENT_1.01.VServer/Ocsinventory

find ./ -name *~ -delete

cd ../..

tar
-czf /usr/share/ossim/www/downloads/OCSNG_LINUX_AGENT_1.01_with_require.vserver.tar.gz OCSNG_LINUX_AGENT_1.01.VServer

edit /usr/share/ossim/include/classes/Downloads.inc by adding the
following array after the OCS for Linux array:

array(

"Name" => "OCS for Linux VServer Guest",

"Version" => "1.0.1",

"URL" => "OCSNG_LINUX_AGENT_1.01_with_require.vserver.tar.gz",

"Homepage" => "http://www.ocsinventory-ng.org/",

"Description" => "Open Computer and Software Inventory Next Generation
is an application designed to help a network or system administrator
keep to help a network or system administrator keep track of the
computers configuration and software that are installed on the network."

),

Looking for suggestions to do this in a better way as I really don't
know what I'm doing. Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsu...@op...

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

[Os-sim-support] Error in OCS README

[John A. S. I. <jsu...@op...>]

Unless I am reading it incorrectly, there appears to be an error in the
README file in the OCSNG_LINUX_AGENT_1.01.  It states there are five
command line parameters, the fourth is a boolean to indicate autoupdate
and the fifth is the TAG.  My installations kept setting the TAG as "1"
until I realized it was using the fourth parameter as the TAG.  Once I
passed only four arguments on the command line, all went well - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsu...@op...

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

[Os-sim-support] Inventory dashboard charts not displaying

[John A. S. I. <jsu...@op...>]

Hello, all.  I've worked my way through the very helpful OCS tutorial
and all seems to be working well except, when I go to the dashboard and
click on Inventory, I get two placeholders which say "Generating
chart... please, wait.. ".  There's plenty of data in the systems and
the OCS inventory reports look fine.

It's probably something simple and I've just been staring at OSSIM too
long.  Any ideas what I may have missed? This is a fresh installation
using the 1.0.6 installer on a KVM guest running CentOS 5.2.  I've poked
around the apache2 logs and the various ossim logs but do not see any
pertinent error messages or access problems.  Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsu...@op...

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

[Os-sim-support] OSSIM OCS problem with VServer

[John A. S. I. <jsu...@op...>]

We are brand new to OSSIM and happily working through our first test
installation.  We encountered a problem early on with OCS running on
VServer guests.  Normally one wouldn't run OCS on a VServer guest as it
would simply inventory the same hardware as the VServer host.  However,
in the case of OSSIM, it appears to make sense as we can use the
software inventory to correlate against attacks and vulnerability scans.

The problem is the inventory routine checks for read access to /dev/mem
and, if it cannot read /dev/mem, it fails.  A VServer mail list thread
suggested the check is simply to ensure the user has root privileges and
the solution was to comment out the check.  Perhaps I am ignorant but I
think I would rather still check for proper privileges rather than have
the routine inexplicably fail.

What I did instead was to edit ocsinventory-client.pl by changing
unless(-r "/dev/mem"){
die localtime()." => You don't have enough rights to
run this program\n";
}
to
unless(-w "/root"){
die localtime()." => You don't have enough rights to
run this program\n";
}

I would certainly prefer that someone who knows more about OCS take a
look at this to know if this is a wise approach.

Now I need to figure out how to embed this change in OSSIM.  I'm
guessing I need to make a copy of the Linux client source, edit it, tar
it and add it to the downloads web page within OSSIM.  It looks like the
source is in /home/ossim/dist/OCSNG_LINUX_AGENT_1.01/Ocsinventory but
the ocsinventory-client.pl script appears three times in that
subdirectory - directly in it, in blib/scripts, and in
blib/lib/Ocsinventory and the are not links.  Do I change it in all
three?

Once I have the tar file, what is the best way to embed it in the
download web page so it is not overwritten by the next OSSIM
update/upgrade?

Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsu...@op...

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

Re: [Os-sim-support] setting up 2 ossim machine

[Umarzuki M. <uma...@gm...>]

yeah, i did. Just edit  the agent file on sensor as sensor and specify
the server's IP (not 127.0.0.1 or own IP) in it.

2009/1/14 Brian Lavender <br...@br...>:
> Did you get your two machines set up?
>
> brian
>
> On Mon, Nov 17, 2008 at 11:38:51PM +0800, Umarzuki Mochlis wrote:
>>    Is there already a tutorial on setting up 2 ossim machine; one as
>>    sensor, the other as console.
>>    --
>>    Regards,
>>    Umarzuki Mochlis
>>    [1]http://gameornot.net
>>
>> References
>>
>>    1. http://gameornot.net/
>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Os-sim-support mailing list
>> Os-...@li...
>> https://lists.sourceforge.net/lists/listinfo/os-sim-support
>
>
> --
> Brian Lavender
> http://www.brie.com/brian/
>



-- 
Regards,

Umarzuki Mochlis
http://gameornot.net

Re: [Os-sim-support] setting up 2 ossim machine

[Brian L. <br...@br...>]

Did you get your two machines set up?

brian

On Mon, Nov 17, 2008 at 11:38:51PM +0800, Umarzuki Mochlis wrote:
>    Is there already a tutorial on setting up 2 ossim machine; one as
>    sensor, the other as console.
>    --
>    Regards,
>    Umarzuki Mochlis
>    [1]http://gameornot.net
> 
> References
> 
>    1. http://gameornot.net/

> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support


-- 
Brian Lavender
http://www.brie.com/brian/

[Os-sim-support] setting up 2 ossim machine

[Umarzuki M. <uma...@gm...>]

Is there already a tutorial on setting up 2 ossim machine; one as sensor,
the other as console.

-- 
Regards,

Umarzuki Mochlis
http://gameornot.net

[Os-sim-support] edus using OSSIM in a production environment

[Youngquist, J. R. <jry...@cc...>]

Are there any educational institutions using OSSIM in a production
environment? If so, I'm wondering how well it is working for you. I've
been looking at different commercial log management products, but
SEIM/SIM technology is really what I'm after. 

We're looking for a good way to centralize all of our logs, and logging
software would do this, but I'm looking for something that will
normalize data, allow me to perform correlations across logs, and
generate actionable items from log data. 

I've been playing around with OSSIM a bit, but I'm not sure how well it
will scale in our environment, off the top of my head, I'd like to send
logs from 100 servers, 50 APs, 100 routers/switches, and several other
devices.

I've looked a few commercial SEIM/SIM devices, but they are all quite
pricey, so that's why I've been looking at OSSIM as an alternative.

Appreciate any information you can provide.




Jason Youngquist

Information Technology Security Engineer

Technology Services

Columbia College

1001 Rogers Street, Columbia, MO  65216

(573) 875-7334

jry...@cc...

http://www.ccis.edu

 

 

 

[Os-sim-support] upgrade?

[Don C. <don...@ci...>]

 

I am running an older version (0.9.9rc5) on Fedora (FC5) is there any
way to upgrade to the latest version? I have several other applications
running on this server.

 

Don

[Os-sim-support] aecioneto@gmail.com has sent you a message about IDrive.

[<aec...@gm...>]

<!-- saved from url=(0022)http://internet.e-mail --><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><!-- saved from url=(0014)about:internet --><html xmlns="http://www.w3.org/1999/xhtml"><head><title>IDrive Promo Mailer</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><!--Fireworks 8 Dreamweaver 8 target.  Created Fri Sep 14 15:36:59 GMT+0530 (India Standard Time) 2007--><script language="JavaScript1.2" type="text/javascript"><!--function MM_preloadImages() { //v3.0  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}}//--></script><link href="styles.css" rel="stylesheet" type="text/css" /><style type="text/css"><!--body {	background-color: #FFFFFF;	margin-left: 0px;	margin-top: 0px;	margin-right: 0px;	margin-bottom: 0px;}--></style></head><body><br /><table width="676" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">  <tr>    <td align="center"><a href="http://www.idrive.com/index.html"><img src="http://www.idrive.com/images/ide_mail_hder.gif" width="676" height="158" border="0" /></a></td>  </tr></table><table width="676" style="border-right-width: 1px;border-left-width: 1px;	border-top-style: none;	border-right-style: solid;	border-left-style: solid;	border-right-color: #E2E2E2;	border-left-color: #E2E2E2;"  border="0" align="center" cellpadding="0" cellspacing="0" >  <tr>    <td><table width="100%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">      <tr>        <td valign="middle"><br />        <table width="98%" border="0" align="center" cellpadding="4" cellspacing="0">          <tr>            <td colspan="2" valign="top" ><FONT face="Arial, Helvetica, sans-serif"             color=#000000 size=2>&nbsp;               </FONT>            <p align="justify" style="text-align:justify"><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">IDrive Online                 Backup is an intuitive backup application for your critical                 data. It offers 2 GB of free online backup space without any                 backup/restore limitations and  bandwidth or file type                 restrictions.                 <br />                <br />              </font></td>              </tr>          <tr>            <td width="11%" align="center"><img name="idriveemailericon1" src="http://www.idrive.com/images/ide_mail_cdp.gif" width="42" height="53" border="0" id="idriveemailericon1" alt="" /></td>                  <td width="89%" valign="top">                                        <div align="justify"><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:14px"               color=#000000 >Continuous  Data Protection</FONT><br />                <FONT face="Arial, Helvetica, sans-serif"             color=#000000 size=2>Absolutely simple  scheduling for hands-free remote backups at your convenience. Automatic backups  of modified files at almost real time - Every 10 minutes.</FONT></div></td>              </tr>          <tr>            <td colspan="2" height="15"><table width="650" height="2" border="0" align="center" cellpadding="0" cellspacing="0">              <tr>                <td height="2"><img src="http://www.idrive.com/promo-mailer/images/ide_promo_line1.jpg" width="650px"  height="1" alt="spacer" /></td>                    </tr>              </table></td>              </tr>          <tr>            <td align="center"><img name="idriveemailericon2" src="http://www.idrive.com/images/ide_mail_lsecrel.gif" width="42" height="53" border="0" id="idriveemailericon2" alt="" /></td>                  <td valign="top"><div align="justify"><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:14px"               color=#000000 >Secure and Reliable</FONT><br />                    <FONT face="Arial, Helvetica, sans-serif"             color=#000000 size=2>                      <span style="text-align:justify">World-class infrastructure for the data centers.  Enhanced data encryption for maximum security on transfer and storage. User  defined key available only to customer.</span></FONT></div></td>              </tr>          <tr>            <td colspan="2" height="15"><table width="650" height="2" border="0" align="center" cellpadding="0" cellspacing="0">                <tr>                  <td height="2"><img src="http://www.idrive.com/promo-mailer/images/ide_promo_line1.jpg" width="650px"  height="1" alt="spacer" /></td>                </tr>            </table></td>          </tr>          <tr>            <td align="center" valign="top"><img name="idriveemailericon3" src="http://www.idrive.com/images/ide_mail_mua.gif" width="48" height="53" border="0" id="idriveemailericon3" alt="" /></td>                  <td valign="top"><div align="justify"><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:14px"               color=#000000 >Multiple User  Accounts</FONT><br />                    <FONT face="Arial, Helvetica, sans-serif"             color=#000000 size=2>                      Create and manage multiple  user accounts from a single administrative login and a central console. Your  accounts are conveniently organized.</FONT></div></td>              </tr>          <tr>            <td colspan="2" height="15"><table width="650" height="2" border="0" align="center" cellpadding="0" cellspacing="0">                <tr>                  <td height="2"><img src="http://www.idrive.com/promo-mailer/images/ide_promo_line1.jpg" width="650px"  height="1" alt="spacer" /></td>                </tr>            </table></td>          </tr>          <tr>            <td align="center"><img name="idriveemailericon4" src="http://www.idrive.com/images/ide_mail_drdp.gif" width="48" height="53" border="0" id="idriveemailericon4" alt="" /></td>                  <td valign="top"><div align="justify"><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:14px"               color=#000000 >Just Drag-n-Drop </FONT><br />                    <FONT face="Arial, Helvetica, sans-serif"             color=#000000 size=2> Perform easy drag n drop restore operations                       using Windows Explorer like interface. Directly add your files/folders                       to your IDrive backup set from the Windows Explorer.</FONT></div>                  </td>              </tr>          <tr>            <td colspan="2" height="15"><table width="650" height="2" border="0" align="center" cellpadding="0" cellspacing="0">                <tr>                  <td height="2"><img src="http://www.idrive.com/promo-mailer/images/ide_promo_line1.jpg" width="650px"  height="1" alt="spacer" /></td>                </tr>            </table></td>          </tr>          <tr>            <td align="center"><img name="idriveemailericon4" src="http://www.idrive.com/images/ide_mail_wbopt.gif" width="48" height="53" border="0" id="idriveemailericon4" alt="" /></td>                  <td valign="top"><div align="justify"><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:14px"               color=#000000 >Web Based Options</FONT><br />                    <FONT face="Arial, Helvetica, sans-serif"             color=#000000 size=2>                      Web based view of  summary and detailed status of backup logs. View, search and restore data  backed up into your account. Access your files anywhere, anytime.</FONT></div></td>              </tr>          <tr>            <td colspan="2" height="15"><table width="650" height="2" border="0" align="center" cellpadding="0" cellspacing="0">                <tr>                  <td height="2"><img src="http://www.idrive.com/promo-mailer/images/ide_promo_line1.jpg" width="650px"  height="1" alt="spacer" /></td>                </tr>            </table></td>          </tr>          <tr>            <td align="center" valign="top"><img name="idriveemailericon3" src="http://www.idrive.com/images/ide_mail_supfea.gif" width="48" height="53" border="0" id="idriveemailericon3" alt="" /></td>                  <td valign="top"><div align="justify"><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:14px"               color=#000000 >Superior  Features </FONT><br />                    <FONT face="Arial, Helvetica, sans-serif"             color=#000000 size=2>Versioning,  Incremental backup, Continuous backup, Open/Locked file backup, Mapped Drive  backup, Sync etc.&nbsp;</FONT><a href="http://www.idrive.com/online-backup-features.htm" target="_blank" ><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:12px" color="#FF3300"                >Know more</FONT></a>&nbsp;<img src="http://www.idrive.com/promo-mailer/images/ide_promo_bluebullet.jpg" alt="orangebullet" width="7" height="13" /></div></td>              </tr>          <tr>            <td height="2" colspan="2" valign="top"><img src="http://www.idrive.com/promo-mailer/images/ide_promo_spacer.gif" alt="s" width="1" height="2" /></td>              </tr>          </table>            <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">              <tr>                <td colspan="3" align="center" valign="top"><table width="520" height="2" border="0" align="center" cellpadding="0" cellspacing="0">                  <tr>                    <td height="7"><img src="http://www.idrive.com/promo-mailer/images/ide_promo_line1.jpg" width="650px"  height="1" alt="spacer" /></td>                    </tr>                  </table></td>              </tr>              <tr>                <td width="328" align="center" valign="top"><br />                <table width="285" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">                  <tr>                    <td align="left" valign="top"><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:14px"               color=#000000 >IDrive for Windows</FONT> </td>                    </tr>                  <tr>                    <td width="260" align="center" valign="top"><table width="95%" border="0" cellspacing="0" cellpadding="3">                      <tr>                        <td  align="left" valign="top"><div align="justify"><br />                          <FONT face="Arial, Helvetica, sans-serif" style=" font-size:12px"               color=#000000 >It automatically backs up critical data. Customization options include the provision to modify the data set selected for backup, schedules, reporting options and more.  All data is encrypted on transmission and storage, ensuring its security.<br />                          <br />                          </FONT></div></td>                      </tr>                                            </table></td>                    </tr>                  <tr>                    <td align="center" valign="top"><span class="knownmorelink"><a href="http://www.idrive.com/online-backup-idrivee-classic-backup.htm" target="_blank"></a></span></td>                    </tr>                  <tr>                    <td height="30" align="right" valign="top" bgcolor="#FFFFFF"><a href="http://www.idrive.com/online-backup-features.htm" target="_blank"><font face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:12px" color="#FF3300"                >Know more</font></a></td>                    </tr>                </table></td><td width="10" align="center" valign="top"><img src="http://www.idrive.com/promo-mailer/images/ide_promo_line1.jpg" width="1"  height="200" alt="spacer" /></td>                  <td width="336" align="center" valign="top"><br />                  <table width="285" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">                    <tr>                      <td align="left" valign="top"><FONT face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:14px"               color=#000000 >IDrive for Mac </FONT></td>                    </tr>                    <tr>                      <td align="left" valign="top" bgcolor="#FFFFFF"><table width="95%" border="0" align="center" cellpadding="3" cellspacing="0">                        <tr>                          <td valign="top"><div align="justify"><font face="Arial, Helvetica, sans-serif"             color="#000000" size="2"><br />                            Protect data on your Mac desktop with reliable scheduled online backups.   Features include data compression and incremental backups for optimal bandwidth   usage, Snapshots for historical data view and log reporting options.</font><br />                            <br />                          </div>                            </td>                        </tr>                      </table></td>                    </tr>                    <tr>                      <td align="center" valign="top" bgcolor="#FFFFFF"><span class="knownmorelink"><a href="http://www.idrive.com/online-backup-explorer.htm" target="_blank"></a></span></td>                    </tr>                    <tr>                      <td height="30" align="right" valign="top" bgcolor="#FFFFFF"><a href="http://www.idrive.com/idrive-for-mac.htm" target="_blank"><font face="Arial, Helvetica, sans-serif" style="font-weight:bold ; font-size:12px" color="#FF3300"                >Know more</font></a></td>                    </tr>                </table></td></tr>            </table>                    </td></tr>    </table>    </td>  </tr></table><table width="676" border="0" align="center" cellpadding="0" cellspacing="0">  <tr>    <td><img src="http://www.idrive.com/images/ide_ftrmail.gif" alt="IDrive" width="676" height="15" /></td>  </tr>  <tr>    <td bgcolor="#E0E0E0"><table width="98%" border="0" align="center" cellpadding="2" cellspacing="0">      <tr>        <td align="left" bgcolor="#E0E0E0"><a href="http://www.idrive.com/terms.htm" target="_blank" ><font face="Arial, Helvetica, sans-serif" style="font-size:11px; text-decoration:underline" color="#333333"                >Terms of service</font></a></td>        <td align="right" bgcolor="#E0E0E0"><font face="Arial, Helvetica, sans-serif" style="font-size:11px"color="#333333"                >&copy;  2008 Pro Softnet Corporation.&nbsp;</font></td>      </tr>      <tr>        <td colspan="2" align="center" bgcolor="#E0E0E0"><font color="#333333" size="2" face="Arial, Helvetica, sans-serif">In case you do not wish to receive email updates on the IDrive Service, <a href="https://www.idrive.com/idrivee/jsp/IDE_unsubscribe.jsp?optOut=&amp;Name&amp;">click here</a></font></td>      </tr>    </table></td>  </tr></table></body></html>

[Os-sim-support] ossim support list

[qamar e. <qam...@gm...>]

good morning,
could you please post me the list.
Thanks you

[Os-sim-support] Newbie with OSSIM

[Reynier P. M. <rp...@uc...>]

Hi:
I'm newbie in OSSIM world but I insterested in have this working as soon
as possible. I have one server with Ubuntu Server 8.04.1 as OS. My first
question to this list is: it's possible to install OSSIM in Ubuntu? If
the answer is possitive then any can leave me a guide or tutorial to
follow?
Cheers and thanks
-  
Salu2
Ing. Reynier Pérez Mira
Grupo de Soporte al Desarrollo - Dirección Técnica IP

Re: [Os-sim-support] OSSIM ISO installer, no snort-mysql?

[Hilmar F. <fr...@dr...>]

Christopher <c.boggs <at> gmail.com> writes:

> 
> Hey list,I'm new to OSSIM and I just setup the ISO installer on my laptop.Took
awhile to get everything configured as I'm using a hub on the ethernet interface
to catch traffic outside my firewall, and a wireless interface for management,
etc...  but once I got everything working, I verified I'm seeing the traffic on
the ethernet interface (it's eth2) with wireshark, but I get nothing from
snort.. (looking at events through BASE within OSSIM)... so I started checking
things, I made sure Snort was configured to run on the correct interface, and I
noticed it's not logging to mysql, but to unified log format which it stores in
/var/log/snort.  So I changed the config to log to mysql but now when I run it
fails saying it's not compiled with mys
>  ql support...  Is this intentional?  Surely not?  Everything else seems to
work - and I've seen at least one other post on the 
> SF.net forums where someone is having the same issue, so I hope this isn't
just me...Thanks,Chris
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> 
> _______________________________________________
> Os-sim-support mailing list
> Os-sim-support <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
> 
Hi Christoper!
i know its pretty delayed and thus my post is just for the records probably:
You guess right that the ISO-installer follows a different concept of
SNORT-output-handlng: having SNORT logging to MySQL is way to slow, so unified
output is the usual approach; the contained SNORT_binary is not compiled with
the MySQL-option. OSSIM does not use barnyard for that (by default), but let the
OSSIM-agent to the same job. Thats what i learned so far. Why SNORT is not
creating any alarms while having some amount of events is exactly what i'm
chewing on currently. Any hint here would really be appreciated.

Regrettebly that SNORT-issue is not so well documented by the OSSIM maintainers
and as soon i got the scheme i would like to provide some little tutorial to
fill that gap.

best regards,
Hilmar

[Os-sim-support] Ssh plugin error

[Anondb <ano...@ya...>]

Hi all,

Using installer 1.0.4 and trying to provoke SSH events when I insert an 
incorrect password I get this error in /var/log/ossim/server.log...

2008-06-17 18:22:57 OSSIM-Message: Error: event incorrect. Please check 
the sensor issued from the agent: iso-1

Should it be a bug??

Re: [Os-sim-support] Ossim-agent watchdog error...

[Anondb <ano...@ya...>]

I got the error...

I cannot pass the BFP filter (aka 'src net 172.22.39.0/24') as a 
parameter. That works on a shell but not in the system call used by the 
agent... Any other way to pass that parameter?? Not expert in these 
issues... I need it because p0f gets very "noisy" if I don't filter its 
output.

Thanx,

Anondb escribió:
> Hi,
> 
> Ossim-agent can't start nor restart certain app... p0f. Issuing the 
> command on the shell as root works ok. Ossim-agent loads as root.. The 
> command is as follows:
> 
>  #/usr/bin/p0f -i eth1 -lUNtd -o /var/log/ossim/p0f.log 'src net 
> 172.22.39.0/24'
> 
> I can only find these type of messages in agent's log...
> 
> 2008-06-15 21:09:28,135 Watchdog [WARNING]: [sid=4] There was an error 
> starting process /usr/bin/p0f belonging to plugin 1511
> 
> Where can I dig deepier?
> 
> Thanx,
> 
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
> 

[Os-sim-support] Ossim-agent watchdog error...

[Anondb <ano...@ya...>]

Hi,

Ossim-agent can't start nor restart certain app... p0f. Issuing the 
command on the shell as root works ok. Ossim-agent loads as root.. The 
command is as follows:

 #/usr/bin/p0f -i eth1 -lUNtd -o /var/log/ossim/p0f.log 'src net 
172.22.39.0/24'

I can only find these type of messages in agent's log...

2008-06-15 21:09:28,135 Watchdog [WARNING]: [sid=4] There was an error 
starting process /usr/bin/p0f belonging to plugin 1511

Where can I dig deepier?

Thanx,