Security-onion: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 18: | Zeile 18: | ||
* barnyard2-1 (spooler, unified2 format) [ OK ] | * barnyard2-1 (spooler, unified2 format) [ OK ] | ||
</pre> | </pre> | ||
| − | =nsm | + | |
| + | =test= | ||
| + | *cat /etc/nsm/rules/local.rules | ||
| + | alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; GID:1; sid:10000001; rev:001; classtype:icmp-event;) | ||
| + | =nsm restart= | ||
*service nsm restart | *service nsm restart | ||
Version vom 10. August 2016, 15:49 Uhr
nsm status
- service nsm status
Status: securityonion * sguil server [ OK ] Status: HIDS * ossec_agent (sguil) [ OK ] Status: Bro Getting process status ... Getting peer status ... Name Type Host Status Pid Peers Started bro standalone localhost running 3049 0 10 Aug 13:20:10 Status: gondor-eth1 * netsniff-ng (full packet data) [ OK ] * pcap_agent (sguil) [ OK ] * snort_agent-1 (sguil) [ OK ] * snort-1 (alert data) [ OK ] * barnyard2-1 (spooler, unified2 format) [ OK ]
test
- cat /etc/nsm/rules/local.rules
alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; GID:1; sid:10000001; rev:001; classtype:icmp-event;)
nsm restart
- service nsm restart