[Oisf-users] Suricata->OSSIM

Dewhirst, Rob robdewhirst at gmail.com
Wed Jan 11 11:58:57 EST 2012


Happy to document it, but right now I am at a roadblock.   I'll pop
over to snort-users and see if anyone has done this.

On Wed, Jan 11, 2012 at 10:44 AM, Victor Julien <victor at inliniac.net> wrote:
> On 01/11/2012 05:39 PM, Dewhirst, Rob wrote:
>> I got a copy of the ossim-agent running on one of my suricata sensors
>> and I got it connecting back to the OSSIM server, but it's not sending
>> any events.  I pointed it at the directory that suricata is currently
>> writing out unified logs for barnyard2.
>>
>> It would help if there was a walkthrough of setting up a remote snort
>> sensor and ossim-agent (ie. not running on the ossim server itself).
>> I had to strip out a bunch of configuration details because the
>> ossim-agent assumed it needed to look for and keep a snort process
>> running.  Like I said before, not many people seem to be doing this.
>
> Maybe you can document the steps required once you got it all working on
> our wiki? Might help adoption :)
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


More information about the Oisf-users mailing list