- le SITE - contribuer - le FORUM - liste évènements - livres sécurité info - @abcdelasecurite (twitter) - groupe Facebook - admin


Le portail dédié à la sécurité informatique et la protection des données, systèmes, réseaux, vie privée et usagers d'Internet.
Forum prévention, configuration, astuces, matériel, logiciel, informations ... hors warez crack serial

Vous n'êtes pas connecté.

Pages: 1

Poster une réponse

#1 25-07-2012 17:22:08

amine
anonyme

how to make an existing Snort work on OSSIM

Dear all,

I have been trying to make existing SNORT (on backtrack) work on OSSIM. Through the iso image, I installed 3 components of OSSIM ( Server, framwork & DB) in the first machine. Then T tried to install ossim-agent in other machine (backtrack)  in the same network, in order to use snort as an existing feature on backtrack. And now, i'm trying tirelessly to force the agent to communicate with the server.
On the client side, I followed the steps listed below to my snort machine :
- I copied  the  following directories:   
/etc/ossim/agent/   +  /usr/share/ossim-agent  and the file  /usr/bin/ossim-agent   
- In the file /etc/ossim/agent/config.cfg   i add
[snort_syslog-cfg]
host=127.0.0.1
pass=temporal
port=9390
user=root
*************************

[snortunified_eth0-cfg]
host=127.0.0.1
pass=temporal
port=9390
user=test

I activated only Snort/ossim-agent plugins:
[plugins]
ossim-agent=/etc/ossim/agent/plugins/ossim-agent.cfg
ossim-monitor=/etc/ossim/agent/plugins/ossim-monitor.cfg
snort_syslog=/etc/ossim/agent/plugins/snort_syslog.cfg
snortunified_eth0=/etc/ossim/agent/plugins/snortunified_eth0.cfg
when i check on  ???
snort_syslog=/etc/ossim/agent/plugins/snort_syslog.cfg               location:  /var/log/%(process)s/alert       ???
snortunified_eth0=/etc/ossim/agent/plugins/snortunified_eth0.cfg         directory :  /var/log/snort     ???
On the serverside: I activated Snort sensor in ossim-setup, finally when i execute the following command:
# ossim-agent -f -d -c -v /etc/ossim/agent/config.cfg      or even    ossim-agent  -d
I get the following message :
usr/share/ossim-agent/ossim_agent/ParserUtil.py:35: DeprecationWarning: the md5 module is deprecated; use hashlib instead
  import md5
Traceback (most recent call last):
  File "/usr/bin/ossim-agent", line 7, in <module>
    from ossim_agent.Agent import Agent
  File "/usr/share/ossim-agent/ossim_agent/Agent.py", line 46, in <module>
    from ParserLog import ParserLog
  File "/usr/share/ossim-agent/ossim_agent/ParserLog.py", line 37, in <module>
    import pyinotify #deb package python-pyinotify
ImportError: No module named pyinotify
Is the followed steps are the righ ones?II there any missed configuration?How can I make this agent work?Please advise me with any indication that might be helpfull. Thank you


social bookmark : Add to: Mr. Wong Add to: Webnews Add to: Icio Add to: Oneview Add to: Folkd Add to: Yigg Add to: Linkarena Add to: Digg Add to: Del.icio.us Add to: Reddit Add to: Simpy Add to: StumbleUpon Add to: Slashdot Add to: Netscape Add to: Furl Add to: Yahoo Add to: Spurl Add to: Google Add to: Blinklist Add to: Blogmarks Add to: Diigo Add to: Technorati Add to: Newsvine Add to: Blinkbits Add to: Ma.Gnolia Add to: Smarking Add to: Netvouz


Poster une réponse

Pages: 1