(was: Re: Sensor in Web interface)

Thread: (was: Re: Sensor in Web interface)

Search this list only Search all lists
(was: Re: Sensor in Web interface)
	2007-08-21 15:18:50

Forwarding this mail from Alberto that got discarded due to the "from" he's used. Anfang der weitergeleiteten E-Mail: Von: os-sim-support-bounceslists.sourceforge.net">os-sim-support-bounceslists.sourceforge.net Datum: 21. August 2007 21:57:39 GMT+02:00 An: os-sim-support-ownerlists.sourceforge.net">os-sim-support-ownerlists.sourceforge.net Betreff: Auto-discard notification The attached message has been automatically discarded. Von: "Alberto Roman" < linazerogmail.com">linazerogmail.com> Datum: 21. August 2007 21:57:34 GMT+02:00 An: "Brian Lavender" < brianbrie.com">brianbrie.com>, os-sim-supportlists.sourceforge.net">os-sim-supportlists.sourceforge.net Betreff: Re: [Os-sim-support] Sensor in Web interface Hi Brian, Ok, I found the problem. Its the same problem that you had with arpwatch: plugins are not inserted in the DB. You just need to insert all the wanted plugins in /etc/ossim/agent/plugins into the DB, and it will work. It's the same solution that in my other mail. The problem is that if the server receives an event regarding some plugin that doesn't exists in DB, it rejects all the information about it. This includes the queries from web (like "server_get_sensor_plugins") or events from agent. Alberto. 2007/8/21, Brian Lavender < brianbrie.com">brianbrie.com>: On Sat, Aug 18, 2007 at 11:34:38AM +0200, Dominique Karg wrote: That's weird, I just checked it here and everything works fine. If you got to Policy --> Sensors and click on a sensor name, does it behave the same ? If I go to Policy -> Sensors, I can click on the sensor name which is 192.168.1.122 and then it comes up with a page like the following. <h1>; Sensors </h1>; <h2 align="center">192.168.1.122 [ cienfuegos ]</h2> <table align="center"> <tr>; <th>; Plugin </th>; <th>; Status </th>; <th>; Action </th>; <th>; Enabled </th>; <th>; Action </th>; </tr> </table> </td> </tr> </table> You can see that no details regarding the plugins is shown. Someone else emailed me regarding this. I looked at the PHP code, but I haven't digested it yet, or was I able to find anything glaringly wrong. I looked at CVS to try and see what changes you made, but I haven't gotten too far there either. brian Greetings, Dominique Am 16.08.2007 um 02:23 schrieb Brian Lavender: It looks like I got snort on one host as a sensor feeding into the snort database on another that is running the server/frameworkd. The problem I seem to be having now is that Monitors->Sensors shows the sensor on the localhost and the sensor running on 192.168.1.122, but it doesn't show any of the plugins available on either of the sensors. What do I need to check here? brian -- Brian Lavender http://www.brie.com/brian/ ---------------------------------------------------------------------- --- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Os-sim-support mailing list Os-sim-supportlists.sourceforge.net">Os-sim-supportlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/os-sim-support -- Brian Lavender http://www.brie.com/brian/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Os-sim-support mailing list Os-sim-supportlists.sourceforge.net">Os-sim-supportlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/os-sim-support
Re: (was: Re: Sensor in Web interface)
United States	2007-08-21 17:45:29
Yes, the sensors are showing! Now to check arpwatch and see if I can trigger this thing!!! BTW, ossim.net is rejecting my email to you guys. I CC messages to the list so no big deal. albertoossim.net SMTP error from remote mail server after end of data: host mail.ossim.net [207.158.15.50]: 550 5.7.1 Message content rejected, UBE, id=27154-04 On Tue, Aug 21, 2007 at 10:18:50PM +0200, Dominique Karg wrote: > Forwarding this mail from Alberto that got discarded due to the > "from" he's used. > > Anfang der weitergeleiteten E-Mail: > > >Von: os-sim-support-bounceslists.sourceforge.net > >Datum: 21. August 2007 21:57:39 GMT+02:00 > >An: os-sim-support-ownerlists.sourceforge.net > >Betreff: Auto-discard notification > > > >The attached message has been automatically discarded. > >Von: "Alberto Roman" <linazerogmail.com> > >Datum: 21. August 2007 21:57:34 GMT+02:00 > >An: "Brian Lavender" <brianbrie.com>, os-sim- > >supportlists.sourceforge.net > >Betreff: Re: [Os-sim-support] Sensor in Web interface > > > > > >Hi Brian, > > > >Ok, I found the problem. Its the same problem that you had with > >arpwatch: plugins are not inserted in the DB. > > > >You just need to insert all the wanted plugins in > >/etc/ossim/agent/plugins into the DB, and it will work. It's the same > >solution that in my other mail. > > > >The problem is that if the server receives an event regarding some > >plugin that doesn't exists in DB, it rejects all the information about > >it. This includes the queries from web (like > >"server_get_sensor_plugins") or events from agent. > > > >Alberto. > > > >2007/8/21, Brian Lavender <brianbrie.com>: > >>On Sat, Aug 18, 2007 at 11:34:38AM +0200, Dominique Karg wrote: > >>>That's weird, I just checked it here and everything works fine. > >>> > >>>If you got to Policy --> Sensors and click on a sensor name, does it > >>>behave the same ? > >> > >>If I go to Policy -> Sensors, I can click on the sensor name which is > >>192.168.1.122 and then it comes up with a page like the following. > >> > >> > >> <h1> Sensors </h1> > >> > >> > >><h2 align="center">192.168.1.122 [ cienfuegos ]</h2> <table > >>align="center"> > >> <tr> > >> <th> Plugin </th> > >> <th> Status </th> > >> <th> Action </th> > >> > >> <th> Enabled </th> > >> <th> Action </th> > >> </tr> > >> </table> > >> </td> > >> </tr> > >> </table> > >> > >>You can see that no details regarding the plugins is shown. > >>Someone else > >>emailed me regarding this. I looked at the PHP code, but I haven't > >>digested it yet, or was I able to find anything glaringly wrong. I > >>looked at CVS to try and see what changes you made, but I haven't > >>gotten too far there either. > >> > >>brian > >> > >>> > >>>Greetings, > >>> > >>>Dominique > >>> > >>>Am 16.08.2007 um 02:23 schrieb Brian Lavender: > >>> > >>>>It looks like I got snort on one host as a sensor feeding into the > >>>>snort > >>>>database on another that is running the server/frameworkd. The > >>>>problem I > >>>>seem to be having now is that Monitors->Sensors shows the sensor on > >>>>the > >>>>localhost and the sensor running on 192.168.1.122, but it > >>>>doesn't show > >>>>any of the plugins available on either of the sensors. What do I > >>>>need to > >>>>check here? > >>>> > >>>>brian > >>>>-- > >>>>Brian Lavender > >>>>http://www.brie.com/brian/ > >>>> > >>>>-------------------------------------------- ----------------------- > >>>>--- > >>>>--- > >>>>This SF.net email is sponsored by: Splunk Inc. > >>>>Still grepping through log files to find problems? Stop. > >>>>Now Search log events and configuration files using AJAX and a > >>>>browser. > >>>>Download your FREE copy of Splunk now >> http://get.splunk.com/ > >>>>____________________________________________ ___ > >>>>Os-sim-support mailing list > >>>>Os-sim-supportlists.sourceforge.net > >>>>https://lists.sourceforge.net/lists/listinfo/os-sim-s upport > >>> > >> > >>-- > >>Brian Lavender > >>http://www.brie.com/brian/ > >> > >>---------------------------------------------------- ----------------- > >>---- > >>This SF.net email is sponsored by: Splunk Inc. > >>Still grepping through log files to find problems? Stop. > >>Now Search log events and configuration files using AJAX and a > >>browser. > >>Download your FREE copy of Splunk now >> http://get.splunk.com/ > >>_______________________________________________ > >>Os-sim-support mailing list > >>Os-sim-supportlists.sourceforge.net > >>https://lists.sourceforge.net/lists/listinfo/os-sim-s upport > >> > > > > > > > -- Brian Lavender http://www.brie.com/brian/ ------------------------------------------------------------ ------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Os-sim-support mailing list Os-sim-supportlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/os-sim-s upport

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )