[vox] OSSIM updates
Brian Lavender
brian at brie.com
Thu Mar 20 11:03:46 PDT 2008
After doing the presentation monday night on OSSIM I realized a few
things. Nothing like doing a presentation to realize what you don't know
about somehting.
It turns out the reason the things were running so slow..., was because
I had a messed up hosts file and localhost was or the machine's name was
unresolvable. This really screws up GNOME. This wasn't an OSSIM problem,
but I was sure feeling pain during the presentation with regard to how
slow things were running.
And... I also discovered there was a different window for showing
alarms when attempting the failed ssh logins. The whole point was to
show failed ssh logins between several machines could be correlated.
If you grab the installer CD, it pretty much does everything for you.
You can point your syslog to the OSSIM server and it will do event
correlation. Syslog on OSSIM is configured to accept remote syslog using
the old BSD style udp transport. It's a quick way to do event
correlation between servers.
http://downloads.alienvault.com/ossim-installer-1.0.4.iso
Information on the installer.
http://www.alienvault.com/home.php?id=download
brian
--
Brian Lavender
http://www.brie.com/brian/
More information about the vox
mailing list