I'm very new on ossim. i have installed ossim 3.1 onto a virtual machine (vmware)
I have 2 questions:
1) I have enabled SYSLOG from ossim-setup. Now I'm getting horde of syslog messages in ANALYSIS-> SIEM. How can i modify the logging rate? how can I manage syslog configuration? I looked for syslog conf files but there aren't any. I can find only rsyslog files. Moreover if I do
alienvault:~# ps aux | grep sys
root 3481 0.1 0.0 2492 1416 ? S 08:51 0:12 /var/ossec/bin/ossec syscheckd
root 5951 0.0 0.0 35512 1416 ? Sl 08:58 0:00 /usr/sbin/rsyslogd -c3 -x
root 18427 0.0 0.0 1716 636 pts/0 S+ 11:29 0:00 grep --color=auto sys
I get that only rsyslogd is running
2) I have enabled Dionaea from ossim-setup and i'm trying to send its log to ossim without any result. How can I do that? After that, am I suppose to do something else to let ossim correlate log from Dioanea with other logs?
Thank you