Menu
▾
▴
os-sim-support — Support requests
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
(2) |
Mar
(9) |
Apr
(54) |
May
(9) |
Jun
(17) |
Jul
(21) |
Aug
(12) |
Sep
(14) |
Oct
(11) |
Nov
(25) |
Dec
(2) |
| 2005 |
Jan
(1) |
Feb
(4) |
Mar
(1) |
Apr
(27) |
May
(15) |
Jun
(14) |
Jul
(5) |
Aug
(6) |
Sep
(8) |
Oct
(14) |
Nov
(11) |
Dec
(48) |
| 2006 |
Jan
(43) |
Feb
(5) |
Mar
(23) |
Apr
(6) |
May
(5) |
Jun
(39) |
Jul
(9) |
Aug
(5) |
Sep
(4) |
Oct
(4) |
Nov
(8) |
Dec
|
| 2007 |
Jan
(2) |
Feb
(34) |
Mar
(30) |
Apr
(8) |
May
(20) |
Jun
(63) |
Jul
(14) |
Aug
(69) |
Sep
(27) |
Oct
(33) |
Nov
(19) |
Dec
(16) |
| 2008 |
Jan
(45) |
Feb
(16) |
Mar
(26) |
Apr
(15) |
May
(23) |
Jun
(7) |
Jul
(3) |
Aug
(1) |
Sep
|
Oct
|
Nov
(3) |
Dec
|
| 2009 |
Jan
(9) |
Feb
|
Mar
(1) |
Apr
|
May
(3) |
Jun
(1) |
Jul
(2) |
Aug
(5) |
Sep
(29) |
Oct
(11) |
Nov
(4) |
Dec
|
| 2010 |
Jan
|
Feb
(1) |
Mar
(8) |
Apr
(14) |
May
|
Jun
(4) |
Jul
(4) |
Aug
(7) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2011 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(5) |
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Dan F. <da...@vo...> - 2004-04-02 19:24:18
|
I would like to install ossim to get familiar with how it works. Hard to find any information on anything other than Redhat and Debian. Anyway to roll your own? |
|
From: Troy R. <tro...@hr...> - 2004-03-31 23:33:53
|
Thanks for the note about the php-domxml rpm, after installing that, I can
look at the directives. I am still not getting alerts into OSSIM though
and noticed this new problem.
I went through the installation instructions again and changed the
/etc/ossim/server/config.xml to this:
<?xml version='1.0' encoding='UTF-8' ?>
<config>
<log filename="/tmp/ossim.log"/>
<sensor name="server" ip="1.2.3.4" interface="eth0"/>
<datasources>
<datasource name="ossimDB" provider="MySQL" dsn="PORT=3306;USER=root;PASSWORD=xxxxxxxx;DATABASE=ossim;HOST=localhost"/>
<datasource name="snortDB" provider="MySQL" dsn="PORT=3306;USER=root;PASSWORD=xxxxxxxx;DATABASE=snort;HOST=localhost"/>
</datasources>
<directive filename="/etc/ossim/server/directives.xml"/>
<scheduler interval="15"/>
<server port="40001"/>
</config>
and when I try to start ossim, I get the following error message:
(process:13827): GLib-GObject-CRITICAL **: file gobject.c: line 1337 (g_object_unref): assertion `G_IS_OBJECT (object)' failed
as well as this in the /tmp/ossim.log file:
file sim-container.c: line 380 (sim_container_db_get_recovery): assertion `database != NULL' failed
repeated over and over again.
the mysql database looks like this:
mysql> show databases;
+---------------+
| Database |
+---------------+
| mysql |
| ossim |
| snort |
| snort_archive |
| test |
+---------------+
5 rows in set (0.02 sec)
mysql> use ossim;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+---------------------------+
| Tables_in_ossim |
+---------------------------+
| alert |
| backlog |
| category |
| classification |
| conf |
| control_panel_host |
| control_panel_net |
| host |
| host_mac |
| host_netbios |
| host_os |
| host_plugin_sid |
| host_qualification |
| host_scan |
| host_sensor_reference |
| host_services |
| host_vulnerability |
| net |
| net_host_reference |
| net_qualification |
| net_sensor_reference |
| net_vulnerability |
| plugin |
| plugin_reference |
| plugin_sid |
| policy |
| policy_host_reference |
| policy_net_reference |
| policy_port_reference |
| policy_sensor_reference |
| policy_sig_reference |
| policy_time |
| port |
| port_group |
| port_group_reference |
| protocol |
| rrd_anomalies |
| rrd_anomalies_global |
| rrd_conf |
| rrd_conf_global |
| scan |
| sensor |
| signature |
| signature_group |
| signature_group_reference |
+---------------------------+
45 rows in set (0.00 sec)
mysql> use snort;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+------------------+
| Tables_in_snort |
+------------------+
| acid_ag |
| acid_ag_alert |
| acid_event |
| acid_ip_cache |
| data |
| detail |
| encoding |
| event |
| icmphdr |
| iphdr |
| opt |
| ossim_event |
| reference |
| reference_system |
| schema |
| sensor |
| sig_class |
| sig_reference |
| signature |
| tcphdr |
| udphdr |
+------------------+
21 rows in set (0.01 sec)
Any help would be appreciated!
Troy Rockwood | Security is mostly a supersition.
Research Staff | It does not exist in nature . . .
HRL Labs | Life is either a daring adventure
| or nothing. -- Helen Keller
|
|
From: Fabio O. T. <fo...@os...> - 2004-03-30 09:01:33
|
Hello You can edit the configure.ac file and change:=20 PKG_CHECK_MODULES(DEPS, glib-2.0 >=3D 2.2 gobject-2.0 >=3D 2.2 gthread-2.= 0 >=3D 2.2 libgda >=3D 1.0 gnet-2.0 > 2.0) by=20 PKG_CHECK_MODULES(DEPS, glib-2.0 >=3D 2.0 gobject-2.0 >=3D 2.0 gthread-2.= 0 >=3D 2.0 libgda >=3D 1.0 gnet-2.0 > 2.0) and run autogen.sh script But i am not sure if others dependences required the new version. Regards FOT. El mar, 30 de 03 de 2004 a las 04:03, Troy Rockwood escribi=C3=B3: > I am new to OSSIM and trying to get it working. I am installing on a n= ew fedora core system and did the RPM install, following the instructions= on the web site. I am having some trouble getting things working. Spec= ifically when I try to look at the directives under the configuration, I = get the error: >=20 > Fatal error: Call to undefined function: domxml_open_file() in /var/www= /ossim/directives/index.php on line 179 >=20 > What do I need to do to recognize this function? I have the following = installed: >=20 > php-4.3.4-1.1 > php-mysql-4.3.4-1.1 > php-jpgraph-1.14-1.ossim > php-acid-0.9.6b23-2.ossim > php-adodb-4.11-1.ossim >=20 > Thanks for your help! >=20 > Troy Rockwood | Security is mostly a supersition. > Research Staff | It does not exist in nature . . . > HRL Labs | Life is either a daring adventure > | or nothing. -- Helen Keller >=20 >=20 >=20 >=20 >=20 >=20 > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dc= lick > _______________________________________________ > Os-sim-support mailing list > Os-...@li... > https://lists.sourceforge.net/lists/listinfo/os-sim-support |
|
From: Jordi F. <jfi...@se...> - 2004-03-30 07:07:59
|
> Fatal error: Call to undefined function: domxml_open_file()=20 > in /var/www/ossim/directives/index.php on line 179 >=20 > What do I need to do to recognize this function? I have the=20 > following installed: >=20 > php-4.3.4-1.1 > php-mysql-4.3.4-1.1 > php-jpgraph-1.14-1.ossim > php-acid-0.9.6b23-2.ossim > php-adodb-4.11-1.ossim >=20 For me this problem was fixed with php-domxml-4.3.3-6.i386.rpm, I think. regards |
|
From: Troy R. <tro...@hr...> - 2004-03-30 02:10:09
|
I am new to OSSIM and trying to get it working. I am installing on a new fedora core system and did the RPM install, following the instructions on the web site. I am having some trouble getting things working. Specifically when I try to look at the directives under the configuration, I get the error:
Fatal error: Call to undefined function: domxml_open_file() in /var/www/ossim/directives/index.php on line 179
What do I need to do to recognize this function? I have the following installed:
php-4.3.4-1.1
php-mysql-4.3.4-1.1
php-jpgraph-1.14-1.ossim
php-acid-0.9.6b23-2.ossim
php-adodb-4.11-1.ossim
Thanks for your help!
Troy Rockwood | Security is mostly a supersition.
Research Staff | It does not exist in nature . . .
HRL Labs | Life is either a daring adventure
| or nothing. -- Helen Keller
|
|
From: Pau V. <pa...@ve...> - 2004-03-29 15:48:42
|
Hello, I'm trying to install Ossim 0.9.3 in a redhat 8.0 Linux. The problem is when I want to compile Os-Sim server. It depends og glib >= 2.2.3 but redhat 8.0 comes with glib2-2.0.6-2 (and I can't upgrade it , there are many dependences) It's possible install Ossim in a Redhat 8.0?? Thanks, .-Pau Villarragut |
|
From: Fabio O. T. <fo...@os...> - 2004-03-18 10:58:45
|
Hello Jordi
1.- Do I need only to run /usr/share/ossim/agent/agent (as os-sim
component) ?
A/ The agent is an independent module, only need know where is the
plugins (snort, ntop, ...) and where is the server.
2.- Before to run agent, do I need to have running snort, p0f, arpwatch
and ntop?
A/ You can configure the different plugins in the
/etc/ossim/agent/config.xml the plugins must be running.
3.- Have I configurated snort correctly ? :
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=root password=MY_PASSWORD dbname=snort
host=IP_OF_SERVER
output alert_fast: fast.log
A/ Yes.
4.- Do I need to connect to mysql (on SERVER) ntop, arpwatch and p0f?
A/ No, current you only need mysql for server, framework, snort and
rrd_plugin.
5.- Do I need to put on /etc files as snort.conf, ntop.conf, etc or
something else?
A/ The Agent not need to know where is the config files of the plugins,
only need to know where is the output.
6.- Editing /etc/ossim/agent/config.xml
Plugging snort and ntop:
<path></path> To where?
<sensor></sensor> What name? What word?
A/ The path element is reserved for future use. The sensor element is
the IP of the sensor and must be in the sensor table of the ossim db.
For more information please see INSTALL.fc1
Thanks
FOT.
|
|
From: Jordi F. <jfi...@se...> - 2004-03-17 09:16:08
|
Hi all!
I'm very interested on ossim, it seems a very good tool and a very good
idea, I've a big and complex network and I need help to manage it.
I'm trying to run ossim on Fedora Core 1, I have:
.- A SENSOR, with snort+spade, p0f, arpwatch and ntop. All seems running
fine alone. And os-sim-agent-0.9.
.- A SERVER (& framework), with sensor configuration (snort+spade, p0f,
arpwatch and ntop) and mysql, apache+php, mrtg, acid, etc. And
os-sim-server-0.9 + os-sim-framework-0.9.
All seems work fine alone, but I don't understand configuration, so I've
a lot of questions:
On SENSOR:
1.- Do I need only to run /usr/share/ossim/agent/agent (as os-sim
component) ?
2.- Before to run agent, do I need to have running snort, p0f, arpwatch
and ntop?
3.- Have I configurated snort correctly ? :
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=3Droot password=3DMY_PASSWORD =
dbname=3Dsnort
host=3DIP_OF_SERVER
output alert_fast: fast.log
4.- Do I need to connect to mysql (on SERVER) ntop, arpwatch and p0f?
5.- Do I need to put on /etc files as snort.conf, ntop.conf, etc or
something else?
6.- Editing /etc/ossim/agent/config.xml
Plugging snort and ntop:
<path></path> To where?
<sensor></sensor> What name? What word?
Thanks a lot for any help or link to any documentation about this
points.
Best regards.
|
|
From: DK <dk...@os...> - 2004-03-16 10:27:25
|
Hi Mohammed, Could you be more specific please ? Did you read the instructions within INSTALL.Debian ? It's the best approximation we've got to a generic installation document. Greetings, DK Am 15.03.2004 um 20:49 schrieb Mohammed Aslam: > I have downloaded the package, unzip / untar the same. > However not able to compile, can some one send me detail instuctions > > Tx > Mohammed Aslam > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Os-sim-support mailing list > Os-...@li... > https://lists.sourceforge.net/lists/listinfo/os-sim-support > |
|
From: Mohammed A. <ma...@ci...> - 2004-03-15 19:49:59
|
I have downloaded the package, unzip / untar the same. However not able to compile, can some one send me detail instuctions Tx Mohammed Aslam |
|
From: DK <dk...@os...> - 2004-02-17 18:21:44
|
Hola Jordi, prueba a usar python 2.3.3 Saludos, DK Am 17.02.2004 um 19:10 schrieb Jordi Figueras: > <image.tiff> > > Jordi Figueras =96 jfi...@se... - http://www.semic.es > > > <image.tiff>Hola! > > =A0 > > Veo que la mailing list no est=E1 muy concurrido, as=ED que espero no =20= > molestar a nadie escribiendo en castellano. > > =A0 > > Intento poner en marcha ossim, de momento en una m=E1quina, con RedHat = =20 > 9. Creo que me funciona casi todo; snort+spade, nmap, p0f, arpwatch, =20= > rrdtools, mrtg, ntop, mysql, acid, apache, php... tambi=E9n opennms y =20= > los scripts de OS-SIM. Parece que en general funciona, aunque me =20 > encuentro con algunos avisos y errores, como este al arrancar =20 > ./main.py > > =A0 > > ------------------------------------------------------------------ > > [root@ossim-cli agent]# ./main.py & > [1] 3398 > [root@ossim-cli agent]# Waiting for server... > Server connected > > =A0(=3D>)=A0 Agent:=A0=A0 Apending plugins... > =A0* server said: ok id=3D"6" > > Exception in thread Thread-1: > Traceback (most recent call last): > =A0 File "/usr/lib/python2.2/threading.py", line 408, in __bootstrap > =A0=A0=A0 self.run() > =A0 File "./Monitor.py", line 103, in run > =A0=A0=A0 if data.__contains__('watch-rule'): > TypeError: 'in <string>' requires character as left operand > > =A0(--)=A0 ParserSnort:=A0=A0=A0=A0 plugin started (syslog)... > > = -----------------------------------------------------------------------=20= > ---- > > =A0 > > =BFAlguien me puede ayudar? > > =A0 > > Gracias! > > =A0 > > =A0 > > Este mensaje y la documentaci=F3n unida a ella como anexo se dirige =20= > exclusivamente a su destinatario. > > Se informa a quien reciba por error este correo que su lectura, copia =20= > y uso est=E1n prohibidos, toda vez que contiene INFORMACI=D3N = CONFIDENCIAL =20 > sometida a secreto profesional, cuya divulgaci=F3n est=E1 prohibida = por la =20 > ley. > > Le pedimos que si lo ha recibido por error nos lo comunique =20 > inmediatamente por esta misma v=EDa a la direcci=F3n se...@se... o = por =20 > tel=E9fono (973 280 800), absteni=E9ndose de realizar copias del = mensaje, =20 > enviarlo o entregarlo a otra persona, procediendo a eliminarlo =20 > inmediatamente. > > =A0 > > =A0 |
|
From: David G. <dg...@ip...> - 2003-09-22 21:05:24
|
|
From: DK <dk...@ip...> - 2003-08-22 06:57:02
|
9 messages has been excluded from this view by a project administrator.
