Building Collector Plugins 1.1 - AlienVault
20.06.2015 Views
Share Embed Flag

Building Collector Plugins 1.1 - AlienVault

Building Collector Plugins 1.1 - AlienVault

Building Collector Plugins 1.1 - AlienVault

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
alienvault.com

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>Building</strong> <strong>Collector</strong> <strong>Plugins</strong> - Admin Guide<br />

2.3 Detector Plugin Configuration<br />

2.3.1 Configuration Files<br />

/etc/ossim/agent/plugins/*.cfg<br />

2.3.2 Common Event Types<br />

Copy and modify the existing plugin files to create plugins of the following types.<br />

a. Log - Reading from files<br />

Plugin statement: source=log<br />

b. Database - Reading from databases<br />

Plugin statement: source=database<br />

− mssql<br />

- Microsoft SQL<br />

Plugin statement: source_type=mssql<br />

− mysql<br />

- MySQL<br />

Plugin statement: source_type=mysql<br />

c. SDEE - Cisco device logs<br />

Plugin statement: source=sdee<br />

d. SnortLog - Snort logs<br />

Plugin statement: source=snortlog<br />

e. WMI - Windows Management Instrumentation<br />

Plugin statement: source=wmi<br />

2.3.3 Parameters<br />

[DEFAULT]<br />

Any variable defined inside this category will be sent to the OSSIM Server if not modified by<br />

a plugin rule. User reserved range is between 9000 and 10000.<br />

plugin_id:<br />

Example:<br />

plugin_id=4003<br />

Numerical identifier of the plugin within the OSSIM system<br />

Page 13 Copyright © Alienvault 2010

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!