|
List Info
Thread: An ossim tutorial?
|
|
| An ossim tutorial? |
|
2007-10-02 20:09:46 |
I think would be great to have a tutorial, after all the
installation process, the basics of how implement
plugins, and every operation available on ossim.
something like a tour, implementing some ossim basics.
Does anyone has something like that?
if not, i think i could work on something, (but first i have
to solve my own problems on the ossim installation
Alex
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Os-sim-support mailing list
Os-sim-support lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-s
upport
|
|
| Re: An ossim tutorial? |
|
2007-10-03 00:54:42 |
On Wed, Oct 03, 2007 at 06:09:46AM +0500, alex wrote:
> I think would be great to have a tutorial, after all
the installation process, the basics of how implement
> plugins, and every operation available on ossim.
>
> something like a tour, implementing some ossim basics.
> Does anyone has something like that?
> if not, i think i could work on something, (but first i
have to solve my own problems on the ossim installation
>
Alex, I am experiencing the same thing as you are. I did
write simple
howto for doing a plugin.
http://www.ossim.net/dokuwiki/doku.php?id=a
rchitecture:plugin_writing
My next target is to get a handle on the rules engine. I did
succeed at
having the rules engine process the event from my plugin,
but then I
experienced some problems. I spoke with Fyodor off list and
he was
talking about writing an API to access the rules engine
directly. It
certainly seems like a good idea to be able to feed the
rules engine
events directly and decouple it from having the agent
sending events to
it. I have been investigating gnet and gda, both of which
the rules
engine uses. Plus, I created some simple code to parse the
XML. But I
think if we have an API where we populate a struct and then
submit it to
the rules engine, this would be a great value.
brian
--
Brian Lavender
http://www.brie.com/brian/
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Os-sim-support mailing list
Os-sim-supportlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-s
upport
|
|
| Re: An ossim tutorial? |
|
2007-10-10 14:26:22 |
Hello,
There are a new documentation Manual since some days ago. It
shows the meaning
of all the OSSIM screens:
http://www.ossim.net/dokuwiki/doku.php?id=user
_manual:introduction
There are also an almost new faq :
http://
www.ossim.net/dokuwiki/doku.php?id=faq
Hope this helps...
BR,
Alberto.
El Miércoles, 3 de Octubre de 2007 07:54, Brian Lavender
escribió:
> On Wed, Oct 03, 2007 at 06:09:46AM +0500, alex wrote:
> > I think would be great to have a tutorial, after
all the installation
> > process, the basics of how implement plugins, and
every operation
> > available on ossim.
> >
> > something like a tour, implementing some ossim
basics.
> > Does anyone has something like that?
> > if not, i think i could work on something, (but
first i have to solve my
> > own problems on the ossim installation
> >
> >
>
> Alex, I am experiencing the same thing as you are. I
did write simple
> howto for doing a plugin.
> http://www.ossim.net/dokuwiki/doku.php?id=a
rchitecture:plugin_writing
>
> My next target is to get a handle on the rules engine.
I did succeed at
> having the rules engine process the event from my
plugin, but then I
> experienced some problems. I spoke with Fyodor off list
and he was
> talking about writing an API to access the rules engine
directly. It
> certainly seems like a good idea to be able to feed the
rules engine
> events directly and decouple it from having the agent
sending events to
> it. I have been investigating gnet and gda, both of
which the rules
> engine uses. Plus, I created some simple code to parse
the XML. But I
> think if we have an API where we populate a struct and
then submit it to
> the rules engine, this would be a great value.
>
> brian
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Os-sim-support mailing list
Os-sim-supportlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-s
upport
|
|
| Re: An ossim tutorial? |
|
2007-10-10 15:16:57 |
Alberto,
Much thanks to you and the team for creating the rules
engine. I
read through the section on policy. I will continue to read
the
documentation. I am still a little fuzzy on the processing
of events. I
think if I created an agent that emulates events sent to the
server
this would further clarify understanding and vefication of
the rules
engine. I know I successfully got one event processed. It
seems like
to me that I should be able to take the python code for the
sensor,
fill the data structure for an event and send it to the
server.
brian
On Wed, Oct 10, 2007 at 09:26:22PM +0200, Alberto Roman
Linacero wrote:
> Hello,
>
> There are a new documentation Manual since some days
ago. It shows the meaning
> of all the OSSIM screens:
>
> http://www.ossim.net/dokuwiki/doku.php?id=user
_manual:introduction
>
> There are also an almost new faq :
>
> http://
www.ossim.net/dokuwiki/doku.php?id=faq
>
> Hope this helps...
>
> BR,
> Alberto.
>
> El Mi?rcoles, 3 de Octubre de 2007 07:54, Brian
Lavender escribi?:
> > On Wed, Oct 03, 2007 at 06:09:46AM +0500, alex
wrote:
> > > I think would be great to have a tutorial,
after all the installation
> > > process, the basics of how implement plugins,
and every operation
> > > available on ossim.
> > >
> > > something like a tour, implementing some
ossim basics.
> > > Does anyone has something like that?
> > > if not, i think i could work on something,
(but first i have to solve my
> > > own problems on the ossim installation
> > >
> > >
> >
> > Alex, I am experiencing the same thing as you are.
I did write simple
> > howto for doing a plugin.
> > http://www.ossim.net/dokuwiki/doku.php?id=a
rchitecture:plugin_writing
> >
> > My next target is to get a handle on the rules
engine. I did succeed at
> > having the rules engine process the event from my
plugin, but then I
> > experienced some problems. I spoke with Fyodor off
list and he was
> > talking about writing an API to access the rules
engine directly. It
> > certainly seems like a good idea to be able to
feed the rules engine
> > events directly and decouple it from having the
agent sending events to
> > it. I have been investigating gnet and gda, both
of which the rules
> > engine uses. Plus, I created some simple code to
parse the XML. But I
> > think if we have an API where we populate a struct
and then submit it to
> > the rules engine, this would be a great value.
> >
> > brian
--
Brian Lavender
http://www.brie.com/brian/
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Os-sim-support mailing list
Os-sim-supportlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-s
upport
|
|
| Re: An ossim tutorial? |
|
2007-10-10 16:23:17 |
On Wed, Oct 10, 2007 at 01:16:57PM -0700, Brian Lavender
wrote:
> Alberto,
>
> Much thanks to you and the team for creating the rules
engine. I
Sorry, I meant thanks for creating the documentation.
> read through the section on policy. I will continue to
read the
> documentation. I am still a little fuzzy on the
processing of events. I
> think if I created an agent that emulates events sent
to the server
> this would further clarify understanding and vefication
of the rules
> engine. I know I successfully got one event processed.
It seems like
> to me that I should be able to take the python code for
the sensor,
> fill the data structure for an event and send it to the
server.
>
> brian
--
Brian Lavender
http://www.brie.com/brian/
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Os-sim-support mailing list
Os-sim-supportlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-s
upport
|
|
[1-5]
|
|