hey meir i had installed ossim and this one change somethings at my base, so i download the base source and install it in another place. i do these steps for install ossec-ui: * mysqladmin create base -p * mysql base -p < snort_tables.sql * mysql base -p < ossec2base.sql * mysql base -p < trunc_ossecbase.sql * configure my new base to access the base db * cat /opt/ossec/rules/*.xml |ossec2basetxt.pl -e -o /var/www/html/ossecbase/signatures/ * cat /opt/ossec/logs/alerts/2006/Jul/ossec-alerts-31.log |ossec2mysql.pl --interface manualfeed
after this i access the url http://127.0.0.1/ossecbase/ but the problem with signatures continue, look: ID < <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=sig_a> Signature > <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=sig_d> < <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=time_a> Timestamp > <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=time_d> < <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=sip_a> Source Address > <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=sip_d> < <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=dip_a> Dest. Address > <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=dip_d> < <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=proto_a> Layer 4 Proto > <http://127.0.0.1/ossecbase/base_qry_main.php?caller=&num_result_rows=27807¤t_view=0&sort_order=proto_d> #0-(1-1) <http://127.0.0.1/ossecbase/base_qry_alert.php?submit=%230-%281-1%29&sort_order=> 1 2006-07-31 10:41:33 0.0.0.0 <http://127.0.0.1/ossecbase/base_stat_ipaddr.php?ip=0.0.0.0&netmask=32> 10.0.0.9 <http://127.0.0.1/ossecbase/base_stat_ipaddr.php?ip=10.0.0.9&netmask32> IP i don't know what i can do anymore ... do you have any suggestion? but the good side is that the "problem" with dest. address and source address appears to be ok. -- ________________________________________ Leonardo Goldim - Auditoria Intranetworks [EMAIL PROTECTED] Intranetworks Rua Marquês do Pombal 1710/805 Porto Alegre - RS - 90540-000 +55 51 3325-5700 +55 51 8415-8604 Meir Michanie wrote: > > > On 9/19/06, *Leonardo Goldim* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > > hey meir > > do you have any suggestion that i can do to correct my problem with > signatures? > > after this fixes at ossec-ui, how we have to import the signatures ? > with the ossec2base_sigs.pl or ossec2basetxt.pl ? > in my case i used ossec2basetxt.pl ... > > > ossec2base_sigs.pl is legacy. > I will remove it from cvs > it doesn't hurts but it is not needed.
