• Support
  • Forums
  • Blogs

Problem with plugin-cisco router

mayerli04mayerli04

Entry Level
+3
I was doing some changes to the plugin cisco specifically router in regular for some events leave with more information expressions, change the name the plugin to come out with another name and so the update did not lose my changes but I can not make it work even went back to put the original plug-cisco router and I do not see any events in OSSIM website. Even try injecting events to syslog directly and have not been successful.

I reviewed the logs agent_error.log, agent.log, server.log and I can not see the fault.

please if anyone can help me to detect that happens.

I'm working on the 4.9 version of OSSIM.

cisco-router-test.cfg

------------------------------------------------
# Test plugin
# Author: My
# Plugin cisco-router-test id:1510 version: 0.0.1
# Last modification: 2014-07-03 10:03
#
# Accepted products:
# cisco - router_2500
# Description:
# Cisco Router
#
#
[DEFAULT]
plugin_id=1510

[config]
type=detector
enable=yes

source=log
location=/var/log/syslog

create_file=true

process=rsyslogd
start=no
stop=no
startup=/etc/init.d/rsyslog start
shutdown=/etc/init.d/rsyslog stop

Share post:

Best Answer

Answers

  • you should use the .local mechanism to change/augment plugins.
  • edited July 2014
    no, leave him the same name as when I auditioned with .local I did not appear in the list of plugins on the web.

    Even delete the plugin that had changed and returned to the original mount ossim-reconfig did and still bring me data.
  • even my old events collected with cisco plugin now appear as the gatherers rule ossec to cisco.

    and now I do not go out or rule or as events ossec plugin cisco even though the plugin and get this ignition internal events to syslog

    ossec: Cisco IOS router configuration changed.
    smilingtears
This discussion has been closed.