hey meir
do you have any suggestion that i can do to correct my problem with
signatures?
after this fixes at ossec-ui, how we have to import the signatures ?
with the ossec2base_sigs.pl or ossec2basetxt.pl ?
in my case i used ossec2basetxt.pl ...
tks
--
________________________________________
Leonardo Goldim - Auditoria Intranetworks
[EMAIL PROTECTED]
Intranetworks
Rua Marquês do Pombal 1710/805
Porto Alegre - RS - 90540-000
+55 51 3325-5700
+55 51 8415-8604
Leonardo Goldim wrote:
i've installed the last ossec-ui (i did the download 30 minutes ago)
and the problem with signatures continue ...
ID <
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=sig_a>Signature>
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=sig_d>
<
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=time_a>Timestamp>
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=time_d>
<
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=sip_a>Source Address>
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=sip_d>
<
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=dip_a>Dest. Address>
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=dip_d>
<
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=proto_a>Layer 4 Proto>
<http://127.0.0.1/base//base_qry_main.php?caller=&num_result_rows=12024¤t_view=0&sort_order=proto_d>
#0-(1-1)
<http://127.0.0.1/base//base_qry_alert.php?submit=%230-%281-1%29&sort_order=>
1 2006-07-31 10:41:33 0.0.0.0
<http://127.0.0.1/base//base_stat_ipaddr.php?ip=0.0.0.0&netmask=32>
10.0.0.9
<http://127.0.0.1/base//base_stat_ipaddr.php?ip=10.0.0.9&netmask32> IP
what i forgot to do ?
--
________________________________________
Leonardo Goldim - Auditoria Intranetworks
[EMAIL PROTECTED]
Intranetworks
Rua Marquês do Pombal 1710/805
Porto Alegre - RS - 90540-000
+55 51 3325-5700
+55 51 8415-8604
Meir Michanie wrote:
download ossec-ui
On 9/17/06, *Meir Michanie* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
try my last build
http://www.riunx.com/portal/modules.php?module=tips&mode=article&artid=5
<http://www.riunx.com/portal/modules.php?module=tips&mode=article&artid=5>
On 9/15/06, *|SaMaN|* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
It is latest snapshot of ossec2mysql and running with
resolve. My config is below. So where is the problem?
[EMAIL PROTECTED] rules]# cat /etc/ossec2base.conf
# PARAMS USED BY OSSEC2BASED dbhost=localhost database=snort
debug=5
dbport=3306
dbpasswd=
dbuser=root
fieldseparator=;
daemonize=1
sensor=ossec
interface=daemon
resolve=1
------------------------------------------------------------------------
*From:* [email protected]
<mailto:[email protected]> [mailto:
[email protected]
<mailto:[email protected]>] *On Behalf Of *Meir
Michanie
*Sent:* Friday, September 15, 2006 2:08 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* [ossec-list] Re: ossec server reporting itself as
0.0.0.0 <http://0.0.0.0> and more
use ossec2mysql with resolve (without -n and check your config)
On 9/15/06, * [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>*
< [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
Installed latest snapshot still 0.0.0.0 <http://0.0.0.0>
** Alert 1158312137.299900: mail
2006 Sep 15 12:22:17 localhost -> (X1)
195.X.X.X->\WINNT/System32/LogFiles/W3SVC2/ex060915.log
Rule: 11 (level 8) -> 'Excessive number of connections during
this
hour.
Src IP: (0.0.0.0 <http://0.0.0.0>)
User: (none)
The average number of logs between 12:00 and 13:00 is 8485. We
reached 10184.'No Log Available (HOURLY_STATS)
