[Oisf-users] Suricata->OSSIM
Victor Julien
victor at inliniac.net
Wed Jan 11 16:44:53 UTC 2012
On 01/11/2012 05:39 PM, Dewhirst, Rob wrote:
> I got a copy of the ossim-agent running on one of my suricata sensors
> and I got it connecting back to the OSSIM server, but it's not sending
> any events. I pointed it at the directory that suricata is currently
> writing out unified logs for barnyard2.
>
> It would help if there was a walkthrough of setting up a remote snort
> sensor and ossim-agent (ie. not running on the ossim server itself).
> I had to strip out a bunch of configuration details because the
> ossim-agent assumed it needed to look for and keep a snort process
> running. Like I said before, not many people seem to be doing this.
Maybe you can document the steps required once you got it all working on
our wiki? Might help adoption :)
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list