Menu
▾
▴
os-sim-support — Support requests
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
(2) |
Mar
(9) |
Apr
(54) |
May
(9) |
Jun
(17) |
Jul
(21) |
Aug
(12) |
Sep
(14) |
Oct
(11) |
Nov
(25) |
Dec
(2) |
| 2005 |
Jan
(1) |
Feb
(4) |
Mar
(1) |
Apr
(27) |
May
(15) |
Jun
(14) |
Jul
(5) |
Aug
(6) |
Sep
(8) |
Oct
(14) |
Nov
(11) |
Dec
(48) |
| 2006 |
Jan
(43) |
Feb
(5) |
Mar
(23) |
Apr
(6) |
May
(5) |
Jun
(39) |
Jul
(9) |
Aug
(5) |
Sep
(4) |
Oct
(4) |
Nov
(8) |
Dec
|
| 2007 |
Jan
(2) |
Feb
(34) |
Mar
(30) |
Apr
(8) |
May
(20) |
Jun
(63) |
Jul
(14) |
Aug
(69) |
Sep
(27) |
Oct
(33) |
Nov
(19) |
Dec
(16) |
| 2008 |
Jan
(45) |
Feb
(16) |
Mar
(26) |
Apr
(15) |
May
(23) |
Jun
(7) |
Jul
(3) |
Aug
(1) |
Sep
|
Oct
|
Nov
(3) |
Dec
|
| 2009 |
Jan
(9) |
Feb
|
Mar
(1) |
Apr
|
May
(3) |
Jun
(1) |
Jul
(2) |
Aug
(5) |
Sep
(29) |
Oct
(11) |
Nov
(4) |
Dec
|
| 2010 |
Jan
|
Feb
(1) |
Mar
(8) |
Apr
(14) |
May
|
Jun
(4) |
Jul
(4) |
Aug
(7) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2011 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(5) |
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Guillaume A. <gan...@cs...> - 2004-04-27 11:03:15
|
I understand the probleme ... when I look at ntop graph, when there is an alarm, the yellow line erase the green average line, so I was thinking that alarms were only when the network was really low ... You can see example of this small bug (not really important) at : www.if.insa-lyon.fr/eleves/gandreys/ossim Think for your help ... -------------------- Guillaume Andreys gui...@cs... Computer Science Department, Network Lab. Hostel 12 Room Number B-101 On Tue, 27 Apr 2004, DK wrote: > Yeah, I didn't understand you right the first time. > > Did you read > http://www.usenix.org/events/lisa2000/full_papers/brutlag/brutlag_html/ > index.html ? It describes aberrant behaviour detection. > > You'll have to tune some RRA's if you want more sensitivity. If there's > only a small peak and shortly after that the real value returns between > the predictions there'l be no alert. > > I hope I did understand you right this time, if not and you think it's > a bug please send me the misbehaving rrd in and I'll take a look at it. > > Greetings, > > Dominique > |
|
From: DK <dk...@os...> - 2004-04-27 09:04:44
|
Yeah, I didn't understand you right the first time. Did you read http://www.usenix.org/events/lisa2000/full_papers/brutlag/brutlag_html/ index.html ? It describes aberrant behaviour detection. You'll have to tune some RRA's if you want more sensitivity. If there's only a small peak and shortly after that the real value returns between the predictions there'l be no alert. I hope I did understand you right this time, if not and you think it's a bug please send me the misbehaving rrd in and I'll take a look at it. Greetings, Dominique Am 27.04.2004 um 10:46 schrieb Guillaume Andreys: > Maybe I don't explain correctly. Anomaly below prediction are detected > by > ntop with rrdpatch ... But not reported by rrd_plugin.pl, this is good. > > But anomaly by excess is not detected by ntop with rrdpatch ... this > is my > real problem. > > Thinks, > > -------------------- > Guillaume Andreys > gui...@cs... > > Computer Science Department, Network Lab. > > Hostel 12 Room Number B-101 > |
|
From: Guillaume A. <gan...@cs...> - 2004-04-27 08:46:38
|
Maybe I don't explain correctly. Anomaly below prediction are detected by ntop with rrdpatch ... But not reported by rrd_plugin.pl, this is good. But anomaly by excess is not detected by ntop with rrdpatch ... this is my real problem. Thinks, -------------------- Guillaume Andreys gui...@cs... Computer Science Department, Network Lab. Hostel 12 Room Number B-101 |
|
From: DK <dk...@os...> - 2004-04-27 08:41:48
|
Hi Guillaume,
the fact we only detect anomalies by excess is to avoid a high number
of false positives. Since using ntop we're measuring network data, any
network outage or failure would raise plenty of anomalies and mislead
the whole system.
If you want to use anomalies that are below the prediction just comment
line 175 at rrd_plugin.pl:
return 0 unless ($max > ($hwpredict + (2 * $devpredict)));
Greetings,
Dominique
Am 27.04.2004 um 07:33 schrieb Guillaume Andreys:
> Hi,
>
> I've got an urgent probleme with ntop RRD Anomaly. Ntop is patched with
> rrd_plugin to detect anomalies.
> If I go to the network monitor, I can have ntop informations. In the
> historical data, I can see rrd graph, with anomaly plugin, there is the
> upper and lower prediction.
> When for exemple there is a network probleme and one of the graph is
> at 0,
> we can see an alert on the graph (yellow line, alert data in RRD
> files).
> It is not detecte by rrd_plugin.pl has anomaly because it only detect
> anomalies highter than prediction.
>
> But if, for exemple, my bandwith is highter than the prediction ... No
> alert on RRD graph ...
>
> I don't understand, please, can you help me ?
>
> --------------------
> Guillaume Andreys
> gui...@cs...
>
> Indian Institute of Technologie
> Computer Science Department, Network Lab.
>
> Hostel 12 Room Number B-101
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
> For a limited time only, get FREE Ground shipping on all orders of $35
> or more. Hurry up and shop folks, this offer expires April 30th!
> http://www.thinkgeek.com/freeshipping/?cpg=12297
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
>
|
|
From: Guillaume A. <gan...@cs...> - 2004-04-27 05:33:16
|
Hi, I've got an urgent probleme with ntop RRD Anomaly. Ntop is patched with rrd_plugin to detect anomalies. If I go to the network monitor, I can have ntop informations. In the historical data, I can see rrd graph, with anomaly plugin, there is the upper and lower prediction. When for exemple there is a network probleme and one of the graph is at 0, we can see an alert on the graph (yellow line, alert data in RRD files). It is not detecte by rrd_plugin.pl has anomaly because it only detect anomalies highter than prediction. But if, for exemple, my bandwith is highter than the prediction ... No alert on RRD graph ... I don't understand, please, can you help me ? -------------------- Guillaume Andreys gui...@cs... Indian Institute of Technologie Computer Science Department, Network Lab. Hostel 12 Room Number B-101 |
|
From: Michael B. <mi...@ay...> - 2004-04-27 02:08:32
|
I am proud to announce the availability of SIM ISO 2004-04-26 snapshot. Please note that this is a beta release and as such does not have any official support, and it's main purpose is to facilitate testing of the software (installation CD as well as OS-SIM itself).=20 Please report any bugs found to the SIM Development forum.=20 -- Michael Boman=20 Full announcement at: http://www.boseco.com/index.php?name=3DPNphpBB2&file=3Dviewtopic&t=3D3 Extract: New features / bug fixes in this release:=20 - Bugfix: Default configuration for OS-SIM (/etc/ossim/*) is created at installation=20 - Bugfix: p0f / arpwatch now starts automatically with the correct parameters=20 - Update: OS-SIM is updated to latest CVS version (snapshot taken today, 2004-04-26)=20 - New: Auto-updating of Snort signatures / Nessus plugins every 6 hours=20 - New: Auto-generating random passwords for database access=20 Known bugs:=20 - If your graphics card can't be detected properly and you end up in console (text) mode, the default root password is "password".=20 - Snort fails to start if network (eth0) isn't configured (or fail to start for some reason). - "firstboot" resets the default firewall rules. - The URL to nTop is not correct --=20 Michael Boman |
|
From: Haris K. <ha...@ep...> - 2004-04-26 08:07:45
|
you are right once more
thanks
David Gil wrote:
>It's better if you modify ossim config files:
>
>
> --[ /etc/ossim/framework/ossim.conf ]--
> rrdtool_path=3D/usr/bin/
> rrdtool_lib_path=3D/usr/lib/perl5/5.8.1/i386-linux-thread-multi/
> =20
> --[ /etc/ossim/framework/mrtg* ]--
> PathAdd: /usr/bin/
> LibAdd: /usr/lib/perl5/5.8.1/i386-linux-thread-multi/
>
>
>
>El s=E1b, 24-04-2004 a las 14:33, Haris Koutsouris escribi=F3:
> =20
>
>>Thanks that did the trick. At first i thought i could get away without=20
>>loading cgilib from fc-1 but the debian cgilib package doesnot have a=20
>>shared library version :-(
>>Also i hade to make the addition seen next to draw_graph_combined.pl=20
>>(the line with the plus sign is the one i added)
>>
>>use lib $ossim_conf::ossim_data->{"rrdtool_lib_path"};
>>+ use lib '/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi/';
>>use RRDs;
>>use CGI;
>>
>>David Gil wrote:
>>
>> =20
>>
>>>>From the INSTALL.Debian doc:
>>>
>>> The rrdtool libs used by OSSIM are still in a development
>>> status. This is one of the few things which are not in the
>>> distro yet, so you have to install them from the sources.
>>>
>>>Also, you can download 'cgilib' and 'rrdtool' packages from the rpm
>>>dependencies page (http://www.ossim.net/download/deps/fc1/rpms) and us=
e
>>>alien to convert it to .debs.
>>>
>>>Regards.
>>>David.
>>>
>>>
>>>El s=E1b, 24-04-2004 a las 05:33, Haris Koutsouris escribi=F3:
>>>=20
>>>
>>> =20
>>>
>>>>Hello,
>>>>
>>>>rrdtools fails but i have no idea what goes wrong. Since i am a=20
>>>>firsttimer with the rrdtool i don;t know what more data i can supply =
to=20
>>>>get an idea of whats going on. I am installing on debian/sarge and ha=
ve=20
>>>>loaded the rrdtools through apt-get.
>>>>Any ideas will be aprreciated
>>>>
>>>>thank you
>>>>
>>>>Haris
>>>>
>>>># dpkg -l *rrd*
>>>>ii librrd0 1.0.46-3 Time-series data storage and displa=
y=20
>>>>system
>>>>pn librrd0-dev <none> (no description available)
>>>>pn librrdp-perl <none> (no description available)
>>>>ii librrds-perl 1.0.46-3 Time-series data storage and displa=
y=20
>>>>system
>>>>ii rrdtool 1.0.46-3 Time-series data storage and displa=
y=20
>>>>system
>>>>pn rrdtool-tcl <none> (no description available)
>>>>
>>>>
>>>>#`$mrtg_path/mrtg --debug=3Ddir,log,base,tarp,snpo,fork=20
>>>>/etc/ossim/framework/mrtg-rrd.cfg`
>>>>--base: Creating Lockfiles=20
>>>>/var/lock/mrtg/_etc_ossim_framework_mrtg-rrd.cfg_l,/var/lock/mrtg/_et=
c_ossim_framework_mrtg-rrd.cfg_l_20744
>>>>--base: Reading Config File: /etc/ossim/framework/mrtg-rrd.cfg
>>>>--base: Reading Interface Config cache
>>>>--base: Checking Config File
>>>>--dir: ensure path IN: '/opt/ossim/mrtg'
>>>>--dir: ensure path OUT: '/opt/ossim/mrtg/'
>>>>--dir: imagehtml =3D
>>>>--dir: ensure path IN: '/usr/bin'
>>>>--dir: ensure path OUT: '/usr/bin/'
>>>>--dir: ensure path IN: '/usr/lib/perl5'
>>>>--dir: ensure path OUT: '/usr/lib/perl5/'
>>>>--dir: ensure path IN: '/usr/bin/'
>>>>--dir: ensure path OUT: '/usr/bin/'
>>>>--dir: ensure path IN: '/usr/lib/perl5/'
>>>>--dir: ensure path OUT: '/usr/lib/perl5/'
>>>>--dir: ensure path IN: 'global_qualification'
>>>>--dir: ensure path OUT: 'global_qualification/'
>>>>--dir: directory for global 'global_qualification/'
>>>>--tarp: Starting global -> `/opt/ossim/mrtg/global/read_data.pl`
>>>>--tarp: New program target [0] '/opt/ossim/mrtg/global/read_data.pl'
>>>>--tarp: &targparser external done: ' $target->[0]{$mode} '
>>>>--tarp: &targparser complex done: ' $target->[0]{$mode} '
>>>>--tarp: &targparser simple done: ' $target->[0]{$mode} '
>>>>--tarp: &targparser returning: unique =3D 0
>>>>--base: Loading RRD support
>>>>--base: Loading default Locale
>>>>--base: Starting main Loop
>>>>--base: Populate Target object by polling SNMP and external Datasourc=
es
>>>>--snpo: run external /opt/ossim/mrtg/global/read_data.pl
>>>>--snpo: External result:1 out:1 uptime:undef name:Stats from global
>>>>--base: Act on Router/Target global
>>>>--base: Get Current values: in:1, out:1, up:0, name:Stats from global=
,=20
>>>>time:1082777079
>>>>--base: Create Graphics
>>>>--base: start RRDtool section
>>>>--base: maxi:1000000, maxo:1000000
>>>>--base: create /opt/ossim/mrtg/global_qualification/global.rrd
>>>>ERROR: Cannot create logfile: can't parse argument=20
>>>>'RRA:HWPREDICT:1440:0.1:0.0035:288'
>>>>
>>>>
>>>>
>>>>-------------------------------------------------------
>>>>This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
>>>>For a limited time only, get FREE Ground shipping on all orders of $3=
5
>>>>or more. Hurry up and shop folks, this offer expires April 30th!
>>>>http://www.thinkgeek.com/freeshipping/?cpg=3D12297
>>>>_______________________________________________
>>>>Os-sim-support mailing list
>>>>Os-...@li...
>>>>https://lists.sourceforge.net/lists/listinfo/os-sim-support
>>>> =20
>>>>
>>>> =20
>>>>
>>>
>>>-------------------------------------------------------
>>>This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
>>>For a limited time only, get FREE Ground shipping on all orders of $35
>>>or more. Hurry up and shop folks, this offer expires April 30th!
>>>http://www.thinkgeek.com/freeshipping/?cpg=12297
>>>_______________________________________________
>>>Os-sim-support mailing list
>>>Os-...@li...
>>>https://lists.sourceforge.net/lists/listinfo/os-sim-support
>>>
>>>=20
>>>
>>> =20
>>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
>>For a limited time only, get FREE Ground shipping on all orders of $35
>>or more. Hurry up and shop folks, this offer expires April 30th!
>>http://www.thinkgeek.com/freeshipping/?cpg=12297
>>_______________________________________________
>>Os-sim-support mailing list
>>Os-...@li...
>>https://lists.sourceforge.net/lists/listinfo/os-sim-support
>> =20
>>
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
>For a limited time only, get FREE Ground shipping on all orders of $35
>or more. Hurry up and shop folks, this offer expires April 30th!
>http://www.thinkgeek.com/freeshipping/?cpg=12297
>_______________________________________________
>Os-sim-support mailing list
>Os-...@li...
>https://lists.sourceforge.net/lists/listinfo/os-sim-support
>
> =20
>
|
|
From: David G. <dg...@ip...> - 2004-04-24 13:00:08
|
It's better if you modify ossim config files:
--[ /etc/ossim/framework/ossim.conf ]--
rrdtool_path=3D/usr/bin/
rrdtool_lib_path=3D/usr/lib/perl5/5.8.1/i386-linux-thread-multi/
=20
--[ /etc/ossim/framework/mrtg* ]--
PathAdd: /usr/bin/
LibAdd: /usr/lib/perl5/5.8.1/i386-linux-thread-multi/
El s=E1b, 24-04-2004 a las 14:33, Haris Koutsouris escribi=F3:
> Thanks that did the trick. At first i thought i could get away without=20
> loading cgilib from fc-1 but the debian cgilib package doesnot have a=20
> shared library version :-(
> Also i hade to make the addition seen next to draw_graph_combined.pl=20
> (the line with the plus sign is the one i added)
>=20
> use lib $ossim_conf::ossim_data->{"rrdtool_lib_path"};
> + use lib '/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi/';
> use RRDs;
> use CGI;
>=20
> David Gil wrote:
>=20
> >>From the INSTALL.Debian doc:
> >
> > The rrdtool libs used by OSSIM are still in a development
> > status. This is one of the few things which are not in the
> > distro yet, so you have to install them from the sources.
> >
> >Also, you can download 'cgilib' and 'rrdtool' packages from the rpm
> >dependencies page (http://www.ossim.net/download/deps/fc1/rpms) and us=
e
> >alien to convert it to .debs.
> >
> >Regards.
> >David.
> >
> >
> >El s=E1b, 24-04-2004 a las 05:33, Haris Koutsouris escribi=F3:
> > =20
> >
> >>Hello,
> >>
> >>rrdtools fails but i have no idea what goes wrong. Since i am a=20
> >>firsttimer with the rrdtool i don;t know what more data i can supply =
to=20
> >>get an idea of whats going on. I am installing on debian/sarge and ha=
ve=20
> >>loaded the rrdtools through apt-get.
> >>Any ideas will be aprreciated
> >>
> >>thank you
> >>
> >>Haris
> >>
> >># dpkg -l *rrd*
> >>ii librrd0 1.0.46-3 Time-series data storage and displa=
y=20
> >>system
> >>pn librrd0-dev <none> (no description available)
> >>pn librrdp-perl <none> (no description available)
> >>ii librrds-perl 1.0.46-3 Time-series data storage and displa=
y=20
> >>system
> >>ii rrdtool 1.0.46-3 Time-series data storage and displa=
y=20
> >>system
> >>pn rrdtool-tcl <none> (no description available)
> >>
> >>
> >>#`$mrtg_path/mrtg --debug=3Ddir,log,base,tarp,snpo,fork=20
> >>/etc/ossim/framework/mrtg-rrd.cfg`
> >>--base: Creating Lockfiles=20
> >>/var/lock/mrtg/_etc_ossim_framework_mrtg-rrd.cfg_l,/var/lock/mrtg/_et=
c_ossim_framework_mrtg-rrd.cfg_l_20744
> >>--base: Reading Config File: /etc/ossim/framework/mrtg-rrd.cfg
> >>--base: Reading Interface Config cache
> >>--base: Checking Config File
> >>--dir: ensure path IN: '/opt/ossim/mrtg'
> >>--dir: ensure path OUT: '/opt/ossim/mrtg/'
> >>--dir: imagehtml =3D
> >>--dir: ensure path IN: '/usr/bin'
> >>--dir: ensure path OUT: '/usr/bin/'
> >>--dir: ensure path IN: '/usr/lib/perl5'
> >>--dir: ensure path OUT: '/usr/lib/perl5/'
> >>--dir: ensure path IN: '/usr/bin/'
> >>--dir: ensure path OUT: '/usr/bin/'
> >>--dir: ensure path IN: '/usr/lib/perl5/'
> >>--dir: ensure path OUT: '/usr/lib/perl5/'
> >>--dir: ensure path IN: 'global_qualification'
> >>--dir: ensure path OUT: 'global_qualification/'
> >>--dir: directory for global 'global_qualification/'
> >>--tarp: Starting global -> `/opt/ossim/mrtg/global/read_data.pl`
> >>--tarp: New program target [0] '/opt/ossim/mrtg/global/read_data.pl'
> >>--tarp: &targparser external done: ' $target->[0]{$mode} '
> >>--tarp: &targparser complex done: ' $target->[0]{$mode} '
> >>--tarp: &targparser simple done: ' $target->[0]{$mode} '
> >>--tarp: &targparser returning: unique =3D 0
> >>--base: Loading RRD support
> >>--base: Loading default Locale
> >>--base: Starting main Loop
> >>--base: Populate Target object by polling SNMP and external Datasourc=
es
> >>--snpo: run external /opt/ossim/mrtg/global/read_data.pl
> >>--snpo: External result:1 out:1 uptime:undef name:Stats from global
> >>--base: Act on Router/Target global
> >>--base: Get Current values: in:1, out:1, up:0, name:Stats from global=
,=20
> >>time:1082777079
> >>--base: Create Graphics
> >>--base: start RRDtool section
> >>--base: maxi:1000000, maxo:1000000
> >>--base: create /opt/ossim/mrtg/global_qualification/global.rrd
> >>ERROR: Cannot create logfile: can't parse argument=20
> >>'RRA:HWPREDICT:1440:0.1:0.0035:288'
> >>
> >>
> >>
> >>-------------------------------------------------------
> >>This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
> >>For a limited time only, get FREE Ground shipping on all orders of $3=
5
> >>or more. Hurry up and shop folks, this offer expires April 30th!
> >>http://www.thinkgeek.com/freeshipping/?cpg=3D12297
> >>_______________________________________________
> >>Os-sim-support mailing list
> >>Os-...@li...
> >>https://lists.sourceforge.net/lists/listinfo/os-sim-support
> >> =20
> >>
> >
> >
> >
> >-------------------------------------------------------
> >This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
> >For a limited time only, get FREE Ground shipping on all orders of $35
> >or more. Hurry up and shop folks, this offer expires April 30th!
> >http://www.thinkgeek.com/freeshipping/?cpg=12297
> >_______________________________________________
> >Os-sim-support mailing list
> >Os-...@li...
> >https://lists.sourceforge.net/lists/listinfo/os-sim-support
> >
> > =20
> >
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
> For a limited time only, get FREE Ground shipping on all orders of $35
> or more. Hurry up and shop folks, this offer expires April 30th!
> http://www.thinkgeek.com/freeshipping/?cpg=12297
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
|
|
From: Haris K. <ha...@ep...> - 2004-04-24 12:34:18
|
Thanks that did the trick. At first i thought i could get away without=20
loading cgilib from fc-1 but the debian cgilib package doesnot have a=20
shared library version :-(
Also i hade to make the addition seen next to draw_graph_combined.pl=20
(the line with the plus sign is the one i added)
use lib $ossim_conf::ossim_data->{"rrdtool_lib_path"};
+ use lib '/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi/';
use RRDs;
use CGI;
David Gil wrote:
>>From the INSTALL.Debian doc:
>
> The rrdtool libs used by OSSIM are still in a development
> status. This is one of the few things which are not in the
> distro yet, so you have to install them from the sources.
>
>Also, you can download 'cgilib' and 'rrdtool' packages from the rpm
>dependencies page (http://www.ossim.net/download/deps/fc1/rpms) and use
>alien to convert it to .debs.
>
>Regards.
>David.
>
>
>El s=C3=A1b, 24-04-2004 a las 05:33, Haris Koutsouris escribi=C3=B3:
> =20
>
>>Hello,
>>
>>rrdtools fails but i have no idea what goes wrong. Since i am a=20
>>firsttimer with the rrdtool i don;t know what more data i can supply to=
=20
>>get an idea of whats going on. I am installing on debian/sarge and have=
=20
>>loaded the rrdtools through apt-get.
>>Any ideas will be aprreciated
>>
>>thank you
>>
>>Haris
>>
>># dpkg -l *rrd*
>>ii librrd0 1.0.46-3 Time-series data storage and display=20
>>system
>>pn librrd0-dev <none> (no description available)
>>pn librrdp-perl <none> (no description available)
>>ii librrds-perl 1.0.46-3 Time-series data storage and display=20
>>system
>>ii rrdtool 1.0.46-3 Time-series data storage and display=20
>>system
>>pn rrdtool-tcl <none> (no description available)
>>
>>
>>#`$mrtg_path/mrtg --debug=3Ddir,log,base,tarp,snpo,fork=20
>>/etc/ossim/framework/mrtg-rrd.cfg`
>>--base: Creating Lockfiles=20
>>/var/lock/mrtg/_etc_ossim_framework_mrtg-rrd.cfg_l,/var/lock/mrtg/_etc_=
ossim_framework_mrtg-rrd.cfg_l_20744
>>--base: Reading Config File: /etc/ossim/framework/mrtg-rrd.cfg
>>--base: Reading Interface Config cache
>>--base: Checking Config File
>>--dir: ensure path IN: '/opt/ossim/mrtg'
>>--dir: ensure path OUT: '/opt/ossim/mrtg/'
>>--dir: imagehtml =3D
>>--dir: ensure path IN: '/usr/bin'
>>--dir: ensure path OUT: '/usr/bin/'
>>--dir: ensure path IN: '/usr/lib/perl5'
>>--dir: ensure path OUT: '/usr/lib/perl5/'
>>--dir: ensure path IN: '/usr/bin/'
>>--dir: ensure path OUT: '/usr/bin/'
>>--dir: ensure path IN: '/usr/lib/perl5/'
>>--dir: ensure path OUT: '/usr/lib/perl5/'
>>--dir: ensure path IN: 'global_qualification'
>>--dir: ensure path OUT: 'global_qualification/'
>>--dir: directory for global 'global_qualification/'
>>--tarp: Starting global -> `/opt/ossim/mrtg/global/read_data.pl`
>>--tarp: New program target [0] '/opt/ossim/mrtg/global/read_data.pl'
>>--tarp: &targparser external done: ' $target->[0]{$mode} '
>>--tarp: &targparser complex done: ' $target->[0]{$mode} '
>>--tarp: &targparser simple done: ' $target->[0]{$mode} '
>>--tarp: &targparser returning: unique =3D 0
>>--base: Loading RRD support
>>--base: Loading default Locale
>>--base: Starting main Loop
>>--base: Populate Target object by polling SNMP and external Datasources
>>--snpo: run external /opt/ossim/mrtg/global/read_data.pl
>>--snpo: External result:1 out:1 uptime:undef name:Stats from global
>>--base: Act on Router/Target global
>>--base: Get Current values: in:1, out:1, up:0, name:Stats from global,=20
>>time:1082777079
>>--base: Create Graphics
>>--base: start RRDtool section
>>--base: maxi:1000000, maxo:1000000
>>--base: create /opt/ossim/mrtg/global_qualification/global.rrd
>>ERROR: Cannot create logfile: can't parse argument=20
>>'RRA:HWPREDICT:1440:0.1:0.0035:288'
>>
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
>>For a limited time only, get FREE Ground shipping on all orders of $35
>>or more. Hurry up and shop folks, this offer expires April 30th!
>>http://www.thinkgeek.com/freeshipping/?cpg=3D12297
>>_______________________________________________
>>Os-sim-support mailing list
>>Os-...@li...
>>https://lists.sourceforge.net/lists/listinfo/os-sim-support
>> =20
>>
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
>For a limited time only, get FREE Ground shipping on all orders of $35
>or more. Hurry up and shop folks, this offer expires April 30th!
>http://www.thinkgeek.com/freeshipping/?cpg=12297
>_______________________________________________
>Os-sim-support mailing list
>Os-...@li...
>https://lists.sourceforge.net/lists/listinfo/os-sim-support
>
> =20
>
|
|
From: David G. <dg...@ip...> - 2004-04-24 11:38:39
|
>From the INSTALL.Debian doc:
The rrdtool libs used by OSSIM are still in a development
status. This is one of the few things which are not in the
distro yet, so you have to install them from the sources.
Also, you can download 'cgilib' and 'rrdtool' packages from the rpm
dependencies page (http://www.ossim.net/download/deps/fc1/rpms) and use
alien to convert it to .debs.
Regards.
David.
El s=E1b, 24-04-2004 a las 05:33, Haris Koutsouris escribi=F3:
> Hello,
>=20
> rrdtools fails but i have no idea what goes wrong. Since i am a=20
> firsttimer with the rrdtool i don;t know what more data i can supply to=
=20
> get an idea of whats going on. I am installing on debian/sarge and have=
=20
> loaded the rrdtools through apt-get.
> Any ideas will be aprreciated
>=20
> thank you
>=20
> Haris
>=20
> # dpkg -l *rrd*
> ii librrd0 1.0.46-3 Time-series data storage and display=20
> system
> pn librrd0-dev <none> (no description available)
> pn librrdp-perl <none> (no description available)
> ii librrds-perl 1.0.46-3 Time-series data storage and display=20
> system
> ii rrdtool 1.0.46-3 Time-series data storage and display=20
> system
> pn rrdtool-tcl <none> (no description available)
>=20
>=20
> #`$mrtg_path/mrtg --debug=3Ddir,log,base,tarp,snpo,fork=20
> /etc/ossim/framework/mrtg-rrd.cfg`
> --base: Creating Lockfiles=20
> /var/lock/mrtg/_etc_ossim_framework_mrtg-rrd.cfg_l,/var/lock/mrtg/_etc_=
ossim_framework_mrtg-rrd.cfg_l_20744
> --base: Reading Config File: /etc/ossim/framework/mrtg-rrd.cfg
> --base: Reading Interface Config cache
> --base: Checking Config File
> --dir: ensure path IN: '/opt/ossim/mrtg'
> --dir: ensure path OUT: '/opt/ossim/mrtg/'
> --dir: imagehtml =3D
> --dir: ensure path IN: '/usr/bin'
> --dir: ensure path OUT: '/usr/bin/'
> --dir: ensure path IN: '/usr/lib/perl5'
> --dir: ensure path OUT: '/usr/lib/perl5/'
> --dir: ensure path IN: '/usr/bin/'
> --dir: ensure path OUT: '/usr/bin/'
> --dir: ensure path IN: '/usr/lib/perl5/'
> --dir: ensure path OUT: '/usr/lib/perl5/'
> --dir: ensure path IN: 'global_qualification'
> --dir: ensure path OUT: 'global_qualification/'
> --dir: directory for global 'global_qualification/'
> --tarp: Starting global -> `/opt/ossim/mrtg/global/read_data.pl`
> --tarp: New program target [0] '/opt/ossim/mrtg/global/read_data.pl'
> --tarp: &targparser external done: ' $target->[0]{$mode} '
> --tarp: &targparser complex done: ' $target->[0]{$mode} '
> --tarp: &targparser simple done: ' $target->[0]{$mode} '
> --tarp: &targparser returning: unique =3D 0
> --base: Loading RRD support
> --base: Loading default Locale
> --base: Starting main Loop
> --base: Populate Target object by polling SNMP and external Datasources
> --snpo: run external /opt/ossim/mrtg/global/read_data.pl
> --snpo: External result:1 out:1 uptime:undef name:Stats from global
> --base: Act on Router/Target global
> --base: Get Current values: in:1, out:1, up:0, name:Stats from global,=20
> time:1082777079
> --base: Create Graphics
> --base: start RRDtool section
> --base: maxi:1000000, maxo:1000000
> --base: create /opt/ossim/mrtg/global_qualification/global.rrd
> ERROR: Cannot create logfile: can't parse argument=20
> 'RRA:HWPREDICT:1440:0.1:0.0035:288'
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
> For a limited time only, get FREE Ground shipping on all orders of $35
> or more. Hurry up and shop folks, this offer expires April 30th!
> http://www.thinkgeek.com/freeshipping/?cpg=3D12297
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
|
|
From: Haris K. <ha...@ep...> - 2004-04-24 03:33:38
|
Hello,
rrdtools fails but i have no idea what goes wrong. Since i am a
firsttimer with the rrdtool i don;t know what more data i can supply to
get an idea of whats going on. I am installing on debian/sarge and have
loaded the rrdtools through apt-get.
Any ideas will be aprreciated
thank you
Haris
# dpkg -l *rrd*
ii librrd0 1.0.46-3 Time-series data storage and display
system
pn librrd0-dev <none> (no description available)
pn librrdp-perl <none> (no description available)
ii librrds-perl 1.0.46-3 Time-series data storage and display
system
ii rrdtool 1.0.46-3 Time-series data storage and display
system
pn rrdtool-tcl <none> (no description available)
#`$mrtg_path/mrtg --debug=dir,log,base,tarp,snpo,fork
/etc/ossim/framework/mrtg-rrd.cfg`
--base: Creating Lockfiles
/var/lock/mrtg/_etc_ossim_framework_mrtg-rrd.cfg_l,/var/lock/mrtg/_etc_ossim_framework_mrtg-rrd.cfg_l_20744
--base: Reading Config File: /etc/ossim/framework/mrtg-rrd.cfg
--base: Reading Interface Config cache
--base: Checking Config File
--dir: ensure path IN: '/opt/ossim/mrtg'
--dir: ensure path OUT: '/opt/ossim/mrtg/'
--dir: imagehtml =
--dir: ensure path IN: '/usr/bin'
--dir: ensure path OUT: '/usr/bin/'
--dir: ensure path IN: '/usr/lib/perl5'
--dir: ensure path OUT: '/usr/lib/perl5/'
--dir: ensure path IN: '/usr/bin/'
--dir: ensure path OUT: '/usr/bin/'
--dir: ensure path IN: '/usr/lib/perl5/'
--dir: ensure path OUT: '/usr/lib/perl5/'
--dir: ensure path IN: 'global_qualification'
--dir: ensure path OUT: 'global_qualification/'
--dir: directory for global 'global_qualification/'
--tarp: Starting global -> `/opt/ossim/mrtg/global/read_data.pl`
--tarp: New program target [0] '/opt/ossim/mrtg/global/read_data.pl'
--tarp: &targparser external done: ' $target->[0]{$mode} '
--tarp: &targparser complex done: ' $target->[0]{$mode} '
--tarp: &targparser simple done: ' $target->[0]{$mode} '
--tarp: &targparser returning: unique = 0
--base: Loading RRD support
--base: Loading default Locale
--base: Starting main Loop
--base: Populate Target object by polling SNMP and external Datasources
--snpo: run external /opt/ossim/mrtg/global/read_data.pl
--snpo: External result:1 out:1 uptime:undef name:Stats from global
--base: Act on Router/Target global
--base: Get Current values: in:1, out:1, up:0, name:Stats from global,
time:1082777079
--base: Create Graphics
--base: start RRDtool section
--base: maxi:1000000, maxo:1000000
--base: create /opt/ossim/mrtg/global_qualification/global.rrd
ERROR: Cannot create logfile: can't parse argument
'RRA:HWPREDICT:1440:0.1:0.0035:288'
|
|
From: DK <dk...@os...> - 2004-04-22 10:07:29
|
Am 22.04.2004 um 11:56 schrieb Michael Boman: > http://lists.ntop.org/pipermail/ntop/2002-November/003731.html > > And it's not really that hard to setup. The biggest issue with having > ntop running on a different port is that some impose very strict egress > firewalling and may not be able to reach port 3000 on the system. Also, > the less ports that can be reached from the outside the better, IMHO. > > But as we are talking many sensors here, I think I have to come up with > a more dynamic recipe for re-write the URL so that you don't need to > restart apache for every new sensor added.. Yep, you're 100% right, firewall piercing isn't nice at all. After reading the article I agree with you and think it won''t be too difficult to pass apache something like this: /ntop/xxx_xxx_xxx_xxx_port/requested_page and proxy that to the right location. But... that would enable additional security holes since after that you could be able to proxy to anywhere through that. Perhaps assume a fixed port initially (3000) and first pass everything to a php script that double-checks the allowed destinations ? Will think about it. Greetings, Dominique |
|
From: Michael B. <mi...@ay...> - 2004-04-22 09:57:48
|
On Thu, 2004-04-22 at 17:41, DK wrote: > I've never used mod_rewrite so my questions are: >=20 > Would it be easy to add new ntop "sensors" running on different ports=20 > to mod_rewrite ? The ntop_link configuration line is almost obsolete,=20 > we try to link everything to the right sensor: >=20 > If a host has an assigned sensor, all it's links would point to that=20 > sensor. > If it has more than 1 defined sensor, the links would point to the=20 > sensor having the highest priority. > If a host has no sensor assigned (e.g., is not in DB) but is part of a=20 > network, the network's sensor will be linked. > If there's no net or host info for that host in DB, we'll use the=20 > highest priority sensor. >=20 > I think it would be too much trouble having to add a new entry into=20 > apache conf for each configured sensor, but please correct me if I'm=20 > wrong. >=20 > Greetings, >=20 > Dominique http://lists.ntop.org/pipermail/ntop/2002-November/003731.html And it's not really that hard to setup. The biggest issue with having ntop running on a different port is that some impose very strict egress firewalling and may not be able to reach port 3000 on the system. Also, the less ports that can be reached from the outside the better, IMHO. But as we are talking many sensors here, I think I have to come up with a more dynamic recipe for re-write the URL so that you don't need to restart apache for every new sensor added.. > Am 22.04.2004 um 11:28 schrieb Michael Boman: >=20 > > I have played around with Apache's mod_rewrite to hide the ntop http > > server from direct access. The problem is that now ntop is accessed by > > > > http://server/ntop/ > > > > (ossim.conf value: ntop_link=3D/ntop ) > > > > The thing is that the www/ntop scripts expects the link to be in > > http://server:port style.. > > > > What is the reason for splitting out the link? Why can't is just be > > passed on as per normal? > > > > --=20 > > Michael Boman --=20 Michael Boman |
|
From: DK <dk...@os...> - 2004-04-22 09:41:17
|
I've never used mod_rewrite so my questions are: Would it be easy to add new ntop "sensors" running on different ports to mod_rewrite ? The ntop_link configuration line is almost obsolete, we try to link everything to the right sensor: If a host has an assigned sensor, all it's links would point to that sensor. If it has more than 1 defined sensor, the links would point to the sensor having the highest priority. If a host has no sensor assigned (e.g., is not in DB) but is part of a network, the network's sensor will be linked. If there's no net or host info for that host in DB, we'll use the highest priority sensor. I think it would be too much trouble having to add a new entry into apache conf for each configured sensor, but please correct me if I'm wrong. Greetings, Dominique Am 22.04.2004 um 11:28 schrieb Michael Boman: > I have played around with Apache's mod_rewrite to hide the ntop http > server from direct access. The problem is that now ntop is accessed by > > http://server/ntop/ > > (ossim.conf value: ntop_link=/ntop ) > > The thing is that the www/ntop scripts expects the link to be in > http://server:port style.. > > What is the reason for splitting out the link? Why can't is just be > passed on as per normal? > > -- > Michael Boman |
|
From: Michael B. <mi...@ay...> - 2004-04-22 09:29:43
|
I have played around with Apache's mod_rewrite to hide the ntop http server from direct access. The problem is that now ntop is accessed by http://server/ntop/ (ossim.conf value: ntop_link=3D/ntop ) The thing is that the www/ntop scripts expects the link to be in http://server:port style.. What is the reason for splitting out the link? Why can't is just be passed on as per normal? --=20 Michael Boman |
|
From: Michael B. <mi...@ay...> - 2004-04-22 00:12:18
|
In version 0.9.3, when I add a host using: Tools -> Scan -> Insert in DB I'd like to add Nessus/nmap scanning preferences at the same time. Now I have to go to Configuration -> Host scan to put in the host for scanning as well. I thought it would be much quicker if you could configure the host scanning preferences at the same time. Graphically I think a multi-select box would do the trick. Also, I'd like to have nessus / nmap to be able to scan whole networks for host discovery (so new hosts are automatically detected and evaluated.. In case someone puts in a new machine into the network w/o telling anyone.. or perhaps this is taken care of by arpwatch?) --=20 Michael Boman |
|
From: tyler <ty...@sc...> - 2004-04-21 22:49:01
|
yea you need to get nessus from nessus.org.. I don't know of any RPMs, I am sure there are some.. Tyler ----- Original Message ----- > On update_scan.pl script I get a nessus error, seems it isnt installed. > So > I looked in the dependencies on the ossim website but couldnt find > nessus. > > > I did an rpm qa nessus* and it doesnt seem to be installed on my fedora > box. > > > > Should I install it? Where should I get it from; nessus.org? Do you assume > users have it installed? > > > > Thanks for your help! > > > > -oscar > > > > Oscar Castaneda V. > > SISAP/Consul > > > > |
|
From: <oca...@si...> - 2004-04-21 21:01:40
|
On update_scan.pl script I get a nessus error, seems it isn=92t installed. = So I looked in the dependencies on the ossim website but couldn=92t find nessu= s. I did an rpm =96qa nessus* and it doesn=92t seem to be installed on my fedo= ra box. =20 Should I install it? Where should I get it from; nessus.org? Do you assume users have it installed? =20 Thanks for your help! =20 -oscar =20 Oscar Castaneda V. SISAP/Consul =20 |
|
From: Fabio O. T. <fo...@os...> - 2004-04-20 16:03:14
|
Hi You need the rrdtool from cvs or download te file form the http://www.ossim.net El lun, 19-04-2004 a las 08:05, mel escribi=C3=B3: > Hi, >=20 > Running mrtg with patch gives the following error: >=20 > ERROR: Cannot create logfile: can't parse argument=20 > 'RRA:HWPREDICT:1440:0.1:0.0035:288' >=20 > Any ideas? >=20 > Regards, >=20 > --mel >=20 >=20 > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dc= lick > _______________________________________________ > Os-sim-support mailing list > Os-...@li... > https://lists.sourceforge.net/lists/listinfo/os-sim-support --=20 Fabio Ospitia Trujillo <fo...@os...> OSSIM |
|
From: DK <dk...@os...> - 2004-04-20 15:48:00
|
And regarding your second question: Am 20.04.2004 um 09:23 schrieb David Gil: > About first question: > > Fedora apache process is named httpd. You must configure > /etc/ossim/agent/config.xml: > > <plugin id=3D"1501" name=3D"httpd" type=3D"detector" start=3D"yes"=20 > enable=3D"yes"> > ^^^^^ > <startup>/etc/init.d/httpd start</startup> > ^^^^^ > <shutdown>/etc/init.d/httpd stop</shutdown> > ^^^^^ > <source>common</source> > <interface>eth0</interface> > <sensor>your_sensor_ip</sensor> > <location>/var/log/httpd/access_log</location> > </plugin> > > > El s=E1b, 17-04-2004 a las 20:04, tyler escribi=F3: >> I have two questions.. >> >> My first question/issue concerns the agent and apache. I am running=20= >> on >> Fedora and have configed the agent to watch my apache install. It=20 >> never >> sees that apache is up and running, even if I have the agent start=20 >> it, it >> will restart it next time around?? So I have had to set start=3Dno = but >> would like to have the agent watch it!! The agent does a 'ps axc' extracting the process name from there. The=20 name compared is the "name" tag from plugin within agent/config.xml. If=20= they don't match, it won't show up as being "up". If you want the agent=20= to monitor your web server, provide the correct name (this will change)=20= and also provide the right startup/shutdown sequences. >> Another thing with apache is >> that it is constantly giving this message "apache: Code 200 - OK" =20 >> Well I >> don't really care when a page is successfully pulled from my=20 >> webserver, >> that is what it is there for. Or should I care? How do I disable=20= >> this? The main use for logging 200 OK messages is to correlate http alerts;=20 more than half of snort rules detect web attacks (if snort matches a=20 web attack and there's a 200-OK for that URI the the reliability should=20= increase). Of course, most of those alerts are noise and perhaps they=20 shouldn't be logged into acid and merely interpreted by the server. >> >> My second question is about running an agent on another machine other=20= >> than >> the server. I want to have an agent monitor my production web server=20= >> and >> run snort watching that server. I have set it up and installed ssh=20= >> keys >> for communication. I think I have it set up right b/c the agent says=20= >> it >> is connected to the server and I see the apache:Code 200 - OK"=20 >> messages in >> ACID. But now I also get a ton of spade alerts between my two=20 >> servers. >> How do I turn this off? >> Edit the spade.conf you're using and exclude source/dest ip or/and=20 ports. Take a look at spade.more.conf and search (Xdips, Xsips and the=20= likes) >> How do I setup the snort sensor? Do I have the sensor log to the DB=20= >> on my >> ossim server or does it log it locally and the agent takes care of >> transferring it to the server?? Both. Snort itself logs to DB, the server receives the alerts from the=20= agent and updates acid so risk/asset/reliability/priority show up there=20= as well. >> >> >> Thanks, >> Tyler >> Greetings, Dominique |
|
From: DK <dk...@os...> - 2004-04-20 15:40:46
|
Hi Mel, are you sure the running mrtg is patched ? Try this: "grep HWPREDICT `which mrtg`". There should be only single match. If you created some rrd's before patching mrtg, delete them, they aren't compatible. Greetings, Dominique Am 19.04.2004 um 08:05 schrieb mel: > Hi, > > Running mrtg with patch gives the following error: > > ERROR: Cannot create logfile: can't parse argument > 'RRA:HWPREDICT:1440:0.1:0.0035:288' > > Any ideas? > > Regards, > > --mel > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Os-sim-support mailing list > Os-...@li... > https://lists.sourceforge.net/lists/listinfo/os-sim-support > |
|
From: DK <dk...@os...> - 2004-04-20 15:39:36
|
Hi, remote sensor management isn't finished yet and I don't think it should work well right now. And yes, granting root access to the web user IS a serious security issue, that's why we didn't work that out as of today. Greetings, Dominique Am 19.04.2004 um 16:59 schrieb Josh Schulenberg: > > I got that working, thanks for your help. But, I had one other > question..this one is regarding sensors on localhost. I assume you have > to setup a local user with DSA as if it were a remote sensor. I have > done that...but there does not appear to be a way to activate it. Isn't > it also a security hazard to have the web user be able to access root > via ssh? > > > > > On Fri, 2004-04-16 at 19:32, tyler wrote: >> Sender: os-...@li... >> Errors-To: os-...@li... >> X-BeenThere: os-...@li... >> X-Mailman-Version: 2.0.9-sf.net >> Precedence: bulk >> List-Unsubscribe: >> <https://lists.sourceforge.net/lists/listinfo/os-sim-support>, >> <mailto:os-...@li...? >> subject=unsubscribe> >> List-Id: Support issues <os-sim-support.lists.sourceforge.net> >> List-Post: <mailto:os-...@li...> >> List-Help: >> <mailto:os-...@li...?subject=help> >> List-Subscribe: >> <https://lists.sourceforge.net/lists/listinfo/os-sim-support>, >> <mailto:os-...@li...? >> subject=subscribe> >> List-Archive: >> <http://sourceforge.net/mailarchive/forum.php?forum=os-sim-support> >> Date: Fri, 16 Apr 2004 19:31:26 -0500 (CDT) >> X-Spam-Status: No, hits=-3.6 required=4.5 >> tests=BAYES_00,PRIORITY_NO_NAME, RCVD_IN_SORBS >> X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.70-r6256 >> (2004-01-23) on dhgsrv16.deltahealthgroup.com >> X-Virus-Scanned: clamd / ClamAV version 0.70-rc, clamav-milter >> version 0.70 >> >> You will need to edit the directives.xml and change the first line to: >> <?xml version='1.0' encoding='UTF-8' ?> >> >> Since you are running a vanilla fedora install you will need to add >> php-mysql and php-domxml RPMs. This can be done with a: >> yum install php-mysql >> yum install php-domxml >> >> Let us know if you have any other issues! >> >> Tyler >> >> >> >> ----- Original Message ----- >>> >>> I have a clean install of Fedora Core 1 with all of the latest >>> updates. >>> I installed Python 2.3 (because that part was left out of the Fedora >>> installation guide) and installed all dependency RPMS that the guide >>> stated. I followed the guide without any problems until it came time >>> to >>> run 'ossim'. When I did, I got this: >>> >>> [root@chupacabra server]# ossim >>> xmlEncodeEntitiesReentrant : input not UTF-8 >>> Segmentation fault >>> >>> >>> >>> >>> _____________________________________________________________________ >>> _____ >>> >>> "The information transmitted is intended only for the person or >>> entity to >>> which it is addressed and may contain confidential, proprietary, >>> and/or >>> privileged material. Any review, retransmission, dissemination or >>> other >>> use of, or taking of any action in reliance upon, this information by >>> persons or entities other than the intended recipient is prohibited. >>> If you received this in error, please contact the sender and delete >>> the material from all computers." >>> >>> >>> ------------------------------------------------------- >>> This SF.Net email is sponsored by: IBM Linux Tutorials >>> Free Linux tutorial presented by Daniel Robbins, President and CEO of >>> GenToo technologies. Learn everything from fundamentals to system >>> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >>> _______________________________________________ >>> Os-sim-support mailing list >>> Os-...@li... >>> https://lists.sourceforge.net/lists/listinfo/os-sim-support >>> >>> >> >> >> >> ------------------------------------------------------- >> This SF.Net email is sponsored by: IBM Linux Tutorials >> Free Linux tutorial presented by Daniel Robbins, President and CEO of >> GenToo technologies. Learn everything from fundamentals to system >> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >> _______________________________________________ >> Os-sim-support mailing list >> Os-...@li... >> https://lists.sourceforge.net/lists/listinfo/os-sim-support > > > _______________________________________________________________________ > ___ > > "The information transmitted is intended only for the person or entity > to > which it is addressed and may contain confidential, proprietary, and/or > privileged material. Any review, retransmission, dissemination or > other > use of, or taking of any action in reliance upon, this information by > persons or entities other than the intended recipient is prohibited. > If you received this in error, please contact the sender and delete > the material from all computers." > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Os-sim-support mailing list > Os-...@li... > https://lists.sourceforge.net/lists/listinfo/os-sim-support > |
|
From: David G. <dg...@ip...> - 2004-04-20 07:23:37
|
About first question:
Fedora apache process is named httpd. You must configure
/etc/ossim/agent/config.xml:
<plugin id=3D"1501" name=3D"httpd" type=3D"detector" start=3D"yes" enable=
=3D"yes">
^^^^^
<startup>/etc/init.d/httpd start</startup>
^^^^^
<shutdown>/etc/init.d/httpd stop</shutdown>
^^^^^=20
<source>common</source>
<interface>eth0</interface>
<sensor>your_sensor_ip</sensor>
<location>/var/log/httpd/access_log</location>
</plugin>
El s=E1b, 17-04-2004 a las 20:04, tyler escribi=F3:
> I have two questions..
>=20
> My first question/issue concerns the agent and apache. I am running on
> Fedora and have configed the agent to watch my apache install. It neve=
r
> sees that apache is up and running, even if I have the agent start it, =
it
> will restart it next time around?? So I have had to set start=3Dno but
> would like to have the agent watch it!! Another thing with apache is
> that it is constantly giving this message "apache: Code 200 - OK" Well=
I
> don't really care when a page is successfully pulled from my webserver,
> that is what it is there for. Or should I care? How do I disable thi=
s?
>=20
> My second question is about running an agent on another machine other t=
han
> the server. I want to have an agent monitor my production web server a=
nd
> run snort watching that server. I have set it up and installed ssh key=
s
> for communication. I think I have it set up right b/c the agent says i=
t
> is connected to the server and I see the apache:Code 200 - OK" messages=
in
> ACID. But now I also get a ton of spade alerts between my two servers.=
=20
> How do I turn this off?
>=20
> How do I setup the snort sensor? Do I have the sensor log to the DB on=
my
> ossim server or does it log it locally and the agent takes care of
> transferring it to the server??
>=20
>=20
> Thanks,
> Tyler
>=20
>=20
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dc=
lick
> _______________________________________________
> Os-sim-support mailing list
> Os-...@li...
> https://lists.sourceforge.net/lists/listinfo/os-sim-support
|
|
From: Josh S. <jsc...@De...> - 2004-04-19 14:59:54
|
I got that working, thanks for your help. But, I had one other question..this one is regarding sensors on localhost. I assume you have to setup a local user with DSA as if it were a remote sensor. I have done that...but there does not appear to be a way to activate it. Isn't it also a security hazard to have the web user be able to access root via ssh? On Fri, 2004-04-16 at 19:32, tyler wrote: > Sender: os-...@li... > Errors-To: os-...@li... > X-BeenThere: os-...@li... > X-Mailman-Version: 2.0.9-sf.net > Precedence: bulk > List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/os-sim-support>, > <mailto:os-...@li...?subject=unsubscribe> > List-Id: Support issues <os-sim-support.lists.sourceforge.net> > List-Post: <mailto:os-...@li...> > List-Help: <mailto:os-...@li...?subject=help> > List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/os-sim-support>, > <mailto:os-...@li...?subject=subscribe> > List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=os-sim-support> > Date: Fri, 16 Apr 2004 19:31:26 -0500 (CDT) > X-Spam-Status: No, hits=-3.6 required=4.5 tests=BAYES_00,PRIORITY_NO_NAME, RCVD_IN_SORBS > X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.70-r6256 (2004-01-23) on dhgsrv16.deltahealthgroup.com > X-Virus-Scanned: clamd / ClamAV version 0.70-rc, clamav-milter version 0.70 > > You will need to edit the directives.xml and change the first line to: > <?xml version='1.0' encoding='UTF-8' ?> > > Since you are running a vanilla fedora install you will need to add > php-mysql and php-domxml RPMs. This can be done with a: > yum install php-mysql > yum install php-domxml > > Let us know if you have any other issues! > > Tyler > > > > ----- Original Message ----- > > > > I have a clean install of Fedora Core 1 with all of the latest updates. > > I installed Python 2.3 (because that part was left out of the Fedora > > installation guide) and installed all dependency RPMS that the guide > > stated. I followed the guide without any problems until it came time to > > run 'ossim'. When I did, I got this: > > > > [root@chupacabra server]# ossim > > xmlEncodeEntitiesReentrant : input not UTF-8 > > Segmentation fault > > > > > > > > > > __________________________________________________________________________ > > > > "The information transmitted is intended only for the person or entity to > > which it is addressed and may contain confidential, proprietary, and/or > > privileged material. Any review, retransmission, dissemination or other > > use of, or taking of any action in reliance upon, this information by > > persons or entities other than the intended recipient is prohibited. > > If you received this in error, please contact the sender and delete > > the material from all computers." > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: IBM Linux Tutorials > > Free Linux tutorial presented by Daniel Robbins, President and CEO of > > GenToo technologies. Learn everything from fundamentals to system > > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > > _______________________________________________ > > Os-sim-support mailing list > > Os-...@li... > > https://lists.sourceforge.net/lists/listinfo/os-sim-support > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Os-sim-support mailing list > Os-...@li... > https://lists.sourceforge.net/lists/listinfo/os-sim-support __________________________________________________________________________ "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." |
|
From: mel <me...@my...> - 2004-04-19 06:03:20
|
Hi, Running mrtg with patch gives the following error: ERROR: Cannot create logfile: can't parse argument 'RRA:HWPREDICT:1440:0.1:0.0035:288' Any ideas? Regards, --mel |
9 messages has been excluded from this view by a project administrator.
