tag:blogger.com,1999:blog-7554630712114756330.post4328986369262891376..comments2014-08-26T13:29:06.855-04:00Comments on Security Onion: Security Onion 20110101: OSSEC and SguilDoug Burkshttp://www.blogger.com/profile/09074300658047188367noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7554630712114756330.post-88355932764049602172011-05-20T06:14:32.578-04:002011-05-20T06:14:32.578-04:00Hi Oscar,
Thanks for the kind words.
My quick an...Hi Oscar,<br /><br />Thanks for the kind words.<br /><br />My quick and dirty hack for this issue was to comment out those three lines in ossec_agent.tcl. For reference, that file can be found in the following location in Security Onion:<br />/etc/nsm/ossec/ossec_agent.tcl<br /><br />Thanks,<br />DougDoug Burkshttps://www.blogger.com/profile/09074300658047188367noreply@blogger.comtag:blogger.com,1999:blog-7554630712114756330.post-79297297821843393652011-05-20T05:03:11.596-04:002011-05-20T05:03:11.596-04:00Hi,
I'm an University student and I'm tryi...Hi,<br />I'm an University student and I'm trying to make sguil work together with OSSEC. In previous installation of my security system, I could make ossec_agent.tcl work fine, however now I'm getting some errors. The sguil server is running on Ubuntu server 10.10. Can you take a quick look and maybe give some clue? There is the error message, it appears to be a problem when an alert is triggered and it's trying to get hostname:<br />--------------------------------<br />wrong # args: should be “regsub ?switches? exp string subSpec varName”<br />while executing<br />“regsub {(?x)<br />^::ffff:<br />} $retVal “”"<br />(procedure “ResolveHostname” line 16)<br />invoked from within<br />“ResolveHostname $agent”<br />(procedure “ProcessData” line 112)<br />invoked from within<br />“ProcessData $line”<br />(procedure “ReadFile” line 13)<br />invoked from within<br />“ReadFile $fileID”<br />(procedure “InitAgent” line 43)<br />invoked from within<br />“InitAgent”<br />(file “./ossec_agent.tcl” line 684)<br />-------------------------------<br />many thanks and keep the good work!<br />This onion seems fresh!Oscarhttps://www.blogger.com/profile/07119001974118064457noreply@blogger.comtag:blogger.com,1999:blog-7554630712114756330.post-38891812422978730232011-01-10T11:12:16.311-05:002011-01-10T11:12:16.311-05:00Perfect timing; I was looking for a central tool f...Perfect timing; I was looking for a central tool for all of my snort/ossec events!!David M. Zendzian (dmz)noreply@blogger.comtag:blogger.com,1999:blog-7554630712114756330.post-54122858685291202452011-01-10T00:33:01.051-05:002011-01-10T00:33:01.051-05:00Really awesome work on this Doug- Congrats!!Really awesome work on this Doug- Congrats!!Anonymousnoreply@blogger.com