Menu
▾
▴
os-sim-users-es — Ossim en espaņol
You can subscribe to this list here.
| 2005 |
Jan
|
Feb
(1) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(1) |
| 2008 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: Ritah M. <ry...@gm...> - 2023-09-01 07:22:52
|
Hello Any one able to offer some support?? On Thu, Aug 31, 2023 at 4:02 PM Ritah Mulinde <ry...@gm...> wrote: > Hello > > I just installed Alien Vault OSSIM and I am trying to have it monitor my > server logs and send a report with any discrepancies detected. > > In Alien Vault OSSIM GUI, Under Environment, I have added an Asset under > Assets and Groups. > > However, under Environment -- > Detection, when I try to add a new HID > agent, I don't see my server IP under Assets. > > > Kindly help guide me on this. > > Thank you > Ritah > > |
|
From: Ritah M. <ry...@gm...> - 2023-08-31 13:02:45
|
Hello I just installed Alien Vault OSSIM and I am trying to have it monitor my server logs and send a report with any discrepancies detected. In Alien Vault OSSIM GUI, Under Environment, I have added an Asset under Assets and Groups. However, under Environment -- > Detection, when I try to add a new HID agent, I don't see my server IP under Assets. Kindly help guide me on this. Thank you Ritah |
|
From: Reynier P. M. <rp...@uc...> - 2009-09-04 19:31:55
|
Christian D. Latorre wrote:
> Bien, eso lo puedes hacer perfectamente con Nagios y su plugin NRPE. Con
> ello puedes monitorizar tanto el estado de los servicios en cuanto a sus
> variables de red (respuesta de red, latencia, banner, etc) hasta
> variables internas (TNS de Oracle, carga nominal de procesamiento, carga
> de memoria, estado de procesos, numero de usuarios, estado del disco).
> Eso si, te recomiendo estudiar algo acerca de los archivos de
> configuracion de Nagios y la forma en que OSSIM los maneja... para
> evitar que OSSIM borre los cambios que hagas en un archivo de host de
> nagios al reiniciar ossim-server.
>
Hola nuevamente:
He estado estudiando un poco y he intentado configurar las cosas. Lo
primero que hice fue poner un NRPE como me dijiste en el servidor que
quiero monitorear. Para ello seguí los pasos de la documentación
oficial. Luego instale el plugin NRPE en el servidor que tengo dedicado
al monitoreo (donde está el OSSIM instalado). Comprobé los siguientes
comandos:
#/usr/local/nagios/libexec/check_nrpe -H 10.32.1.100 -c check_users
USERS OK - 2 users currently logged in |users=2;5;10;0
# /usr/local/nagios/libexec/check_nrpe -H 10.32.1.100 -c check_load
OK - load average: 0.00, 0.00, 0.00|load1=0.000;15.000;30.000;0;
load5=0.000;10.000;25.000;0; load15=0.000;5.000;20.000;0;
Por lo que me da a entender que tanto el plugin del lado del OSSIM como
del lado del servidor están funcionando sin problema alguno.
He creado el fichero /etc/nagios3/conf.d/linux-box.cfg con el siguiente
contenido:
define host{
name linux-box
use generic-host
check_period 24x7
check_interval 5
max_check_attempts 10
check_command check-host-alive
notification_period 24x7
notification_interval 30
notification_options d,r
contact_groups admin
register 0
}
Y el fichero /etc/nagios3/conf.d/ossim-configs/hosts/10.32.1.100.cfg con
el siguiente contenido:
define host{
host_name BD PostgreSQL & MySQL Server
alias SVEXPBD01
address 10.32.1.100
use linux-box
}
#Check CPU Load
define service{
use generic-service
hostname BD PostgreSQL & MySQL Server
service_description CPU Load
check_command check_nrpe!check_load
}
#Check Logged Users
define service{
use generic-service
hostname BD PostgreSQL & MySQL Server
service_description Users
check_command check_nrpe!check_users
}
#Check Available Space
define service{
use generic-service
hostname BD PostgreSQL & MySQL Server
service_description Space Available
check_command check_nrpe!check_sda4
}
#Check Total Processes
define service{
use generic-service
hostname BD PostgreSQL & MySQL Server
service_description Processes Running
check_command check_nrpe!check_total_procs
}
#Check Zombie Processes
define service{
use generic-service
hostname BD PostgreSQL & MySQL Server
service_description Zombie Processes
check_command check_nrpe!check_zombie_procs
}
He reiniciado todo:
#/etc/init.d/ossim-server restart
#/etc/init.d/ossim-framework restart
#/etc/init.d/ossim-agent restart
Cuando intento acceder al menú (Monitors->Availability) me sale el
siguiente error:
==================================================================
Whoops!
Error: Could not read host and service status information!
The most common cause of this error message (especially for new users),
is the fact that Nagios is not actually running. If Nagios is indeed not
running, this is a normal error message. It simply indicates that the
CGIs could not obtain the current status of hosts and services that are
being monitored. If you've just installed things, make sure you read the
documentation on starting Nagios.
Some other things you should check in order to resolve this error include:
1. Check the Nagios log file for messages relating to startup or
status data errors.
2. Always verify configuration options using the -v command-line
option before starting or restarting Nagios!
Make sure you read the documentation on installing, configuring and
running Nagios thoroughly before continuing. If all else fails, try
sending a message to one of the mailing lists. More information can be
found at http://www.nagios.org.
==================================================================
He revisado los logs y me he topado con lo siguiente:
[1252113595] Warning: Host '10.32.1.100' has no services associated with it!
¿Qué estoy haciendo mal o que no estoy haciendo?
Un saludo
--
Ing. Reynier Pérez Mira
|
|
From: Reynier P. M. <rp...@uc...> - 2009-09-04 17:29:14
|
Hola a todos: Recientemente he instalado OSSIM AlienVault v2.1 usando el ISO disponible en el sitio. Quiero monitorear estos servidores: * 3 RedHat AS 4.6 * 2 Ubuntu Server 9.04 * 3 Windows 2003 (SP1 & SP2 R2) * 1 Gentoo Las siguientes aplicaciones se encuentran distribuidas en esos servidores: * PostgreSQL * MySQL * Apache * DNS * Oracle 10g R2 * SQL Server 2000 & SQL Server 2005 * IIS * MapServer Después de haber instalado OSSIM: qué es lo que sigue? Alguna documentación o pasos a seguir para poder monitorear esos servidores y los servicios en ejecución? Algún tutorial para principiantes? Saludos y gracias por adelantado -- Ing. Reynier Pérez Mira |
|
From: Reynier P. M. <rp...@uc...> - 2008-07-16 13:45:47
|
Hola: Soy nuevo en el mundo de OSSIM pero me interesa mucho el tenerlo instalado y configurado. Tengo un servidor con Ubuntu Server 8.04.1. Mi primera pregunta es si se puede instalar OSSIM en Ubuntu y de ser positivo que me den alguna guía o tutorial a seguir para desenvolverme solito y aprender un poco Desde ya saludos y gracias por adelantado - Salu2 Ing. Reynier Pérez Mira Grupo de Soporte al Desarrollo - Dirección Técnica IP |
|
From: Jorge C. <jc...@ne...> - 2008-01-25 10:46:35
|
Hi all, I have Ossim already running, with events from plugins, alarms, incidents, and so on being already managed through the plataform. Imagine after a trial period I would like to establish an starting reference point. I mean, once everything is tunned and tested, I would like to remove all database events, remove all alerts, anomalies and incidents, clear statistics and counters, and start the monitoring from default. How could I do that? If I clear or delete events, alarms, anomalies and incidents directly from the web console, how would this affect parameters such as Risk or C & A (time dependent), service level, historical data, event backup functions, and so on? How would be affected data bases? Which would be the best method for defaulting everything or establishing startup point once ossim has already been running for a while? Thanks in advance, Jorge |
|
From: Jorge C. <jc...@ne...> - 2007-12-26 18:24:37
|
Hi all, I am getting this error in some framework panels: *Warning*: mysql_connect() [function.mysql-connect <http://192.168.0.91/ossim/event_viewer/function.mysql-connect>]: Access denied for user 'root'@'localhost' (using password: YES) in */usr/share/php/adodb/drivers/adodb-mysql.inc.php* on line *358 We have been trying to find out where this problem come from, reviewing all configuration, but could not find it. Can any one help me? Which config file should I fix? Thanks in advance, Jorge * |
|
From: Jorge C. <jc...@ne...> - 2007-11-19 11:15:44
|
Hi all, I get some warnings regarding mysql permissions when I try to access some menus in OSSIM framwork. I have review all passwords either from configuration menu, mysql users, and all files where I need to setup passwords: snort, php, phpgacl, mysql, apache... I can not finde where the problem is. Does anyone know where could be the wrong user/password? This is the error: Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: YES) in /usr/share/php/adodb/drivers/adodb-mysql.inc.php on line 358 In menu reports. Thanks in advance, Jorge |
|
From: Jorge C. <jc...@ne...> - 2007-11-14 21:16:29
|
Hi all, I am running OSSIM application which is receiving events from several snort instances. From the menu configuration in the framework, I can set up email templates. I would like to know if is there anyway of configuring scheduled email alerts as I can not find any available menu in the framework. Thanks in advance. Jorge |
|
From: Muhammad A. A. A. K. <muz...@gm...> - 2007-02-24 11:01:38
|
Hi thanx for replying Rodrigo but I am sorry I dont know Spanish, besides I need to run it on FC5. Anyways I installed most of the plugins but having some issues with them as given below, please do comment: On running agent, according to the traces *SNORT *runs successfully but how to confirm it from the ossim web-panel and reports *p0f *is also running but also want to confirm its operation *ntop *is also spawned successully *Pads *does not seem to be spawned but traces show recursive attempts as [-] Processing Existing /var/log/ossim/pads.csv [-] Daemonizing... which is an empty file, do I have to populate this csv with my network assets or what? And if yes then isnt there anyway to populate this csv automatically by probing/sensing/scanning network. >From the ossim web panel: Monitors->Sensors: all sensors are up except rrd_threshold, pads and arpwatch whereas I ahve installed 'em all. Secondly there is this problem which I think must have some patch or workaround, I am getting the *"General PHP Error: Non-static method abc::def() should not be called statically" *where abc::def() is any function as I am getting this error in lots of places in ossim's web panel, in grpahs reports and many other places, which I think has got to do something with PhP 5, as I am using PHP 5.2.1. Please anybody from ossim developers or users, help me out if anyone has any idea. Regards -- Its Better to burn than to fade away |
|
From: Muhammad A. A. A. K. <muz...@gm...> - 2007-02-23 04:38:24
|
Hi I just completed my installation of ossim server, agent, framework, snort, ntop, p0f, arpwatch, tcptrack, pads, and acid. Now the installation manual of fc3 and fc4(spanish) says that ossim-utils is must whereas I cant seem to find ossim-utils sources or any rpm for fc5. same is the case for ossim-contrib. any idea where can I find the ossim-utils sources or rpms for fc5 Thanks in advance Regards -- Its Better to burn than to fade away |
|
From: Muhammad A. A. A. K. <muz...@gm...> - 2007-02-20 13:23:03
|
Hi I am new to OSSIM and want to use it for the network and information security, though I have played a little bit with ntop and nagios. I am trying to deploy Ossim 0.9.9 rc3 on FC5. I have completed installation of following using sources(APT nad YUM doesn't seem to work): Apache 2.2.4 PHP 5.2.1 (with required modules) MySQL 5.0.18 OSSIM Server and Agent from the source folder using standard make; make install but I dont think that framework is installed as well. Now I am running the server which seems fine but nmap doesnt show anything listening on port 40001. On running agent it says arpwatch: command not found and same for pads and p0f I am accessign the framework from the browser but too many pages have php error messages and page not found messages Now I dont know where to go as the installation manual is for FC3. The URL www.ossim.net is not accessible for more than 2 days. Anybody please having any idea help me out. -- Its Better to burn than to fade away |
|
From: Jose I. P. <ji...@jc...> - 2005-03-22 14:08:14
|
Hola,
estamos analizando la instalaci=C3=B3n de OSSIM en nuestra organizaci=C3=B3=
n.
Tenemos ciertas dudas sobre donde situar la=20
m=C3=A1quina que contenga OSSIM, desde el punto de vista de la arquitectu=
ra.
Evidentemente, queremos detectar vulnerabilidades en los equipos, pero
tambi=C3=A9n queremos detectar comportamientos,
IDS, etc.
=C2=BFEs obligatorio colocar la m=C3=A1quina entre nuestra red corporativ=
a y la
red de Internet?, =C2=BFse puede colocar en otro
punto distinto que escuche los paquetes de la red que viene de
Internet?.
Un saludo.
--=20
_ ____ ____ __ __
| |/ ___/ ___| \/ | Jose Illescas Perez. Linux User #73559
_ | | | | | | |\/| | TFNO: +34 925 266 219 FAX: +34 925 266 300
| |_| | |__| |___| | | | El Webteam de http://www.jccm.es
\___/ \____\____|_| |_| Junta de Comunidades de Castilla-La Mancha
|
|
From: Jose I. P. <ji...@jc...> - 2005-03-22 14:07:44
|
Hola, estoy interesado en instalar OSSIM desde los fuentes. He visto el documento INSTALL.src. Me dice que me descargue todos los programas desde la url http://sourceforge.net/projects/os-sim y les haga un untar. =C2=BFEst=C3=A1n todos los programas en la url anterior o tengo que ir a = cada uno de los sitios de snort, nessus, ntop, etc e instalarlo independientemente? =C2=BFDespu=C3=A9s de esto, como instalo OSSIM?. Un saludo. --=20 _ ____ ____ __ __ | |/ ___/ ___| \/ | Jose Illescas Perez. Linux User #73559 _ | | | | | | |\/| | TFNO: +34 925 266 219 FAX: +34 925 266 300 | |_| | |__| |___| | | | El Webteam de http://www.jccm.es \___/ \____\____|_| |_| Junta de Comunidades de Castilla-La Mancha |
|
From: Javi P. <jav...@vi...> - 2005-03-21 08:44:57
|
Hola gentes Tengo un problemilla. Estoy haciendo pruebas con una red, pero los clientes windows no paran de mandar cosas a algunos puertos de un par de servers, y esto me salta alarmas cada 2x3 diciendo: Possible 445 intrusion against windows_server Como puedo hacer que ossim de por bueno el tr=E1fico a este puerto? Haciendo una lista de puertos (todos menos el 445) y asignandole una policy a ese host :? Gracias :) --=20 Javi Polo @ VirtualSys=20 Diputaci=F3 306, Enlo. 1=AA 08009 Barcelona [T] +34 93 412 37 50 [F] +34 93 342 58 72 http://www.virtualsys.com |
|
From: Javi P. <jav...@vi...> - 2005-02-25 12:32:17
|
Buenas a todos! :) Pues nada, que ando cacharreando un poco con el ossim, y me he decidido a apuntarme a las listas de correo y aprender (y aportar) lo que pueda. Saludos ;) --=20 Javi Polo @ VirtualSys=20 Diputaci=F3 306, Enlo. 1=AA 08009 Barcelona [T] +34 93 412 37 50 [F] +34 93 342 58 72 http://www.virtualsys.com |
