<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I did a simple thing:</FONT></DIV>
<DIV><FONT face=Arial size=2>- I have Unix (FreeBSD) management server and WEb
with ops authentication;</FONT></DIV>
<DIV><FONT face=Arial size=2>- I installed mhonarc and creted folders for
alerts, wrnings and changes;</FONT></DIV>
<DIV><FONT face=Arial size=2>- all osiris reports are duplicated intothis
'change' archive</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>As a result, I have WEB image of all changes,
looking like this (below) , and use it for daily change reviewes. </FONT></DIV>
<DIV><FONT face=Arial size=2>(Of course, osiris require good web reporting, but
Brian hate this idea, so it was never developed. As a result, let's help
yourself).</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>
<TABLE cellSpacing=0 cellPadding=0 width="100%" bgColor=gray border=2>
<TBODY>
<TR align=middle>
<TD width="30%"><B><A
href="https://amur.amc.portera.com:8100/archive/index.html"><FONT
color=white>back</FONT></A></B></TD>
<TD width="30%"><B><FONT color=yellow>A U D I T</FONT></B></TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/alerts/maillist.html"><FONT
color=white>alerts</FONT></A></B></TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/warnings/maillist.html"><FONT
color=white>warnings</FONT></A></B></TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/reports/maillist.html"><FONT
color=white>reports</FONT></A></B></TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/maillist.html"><FONT
color=white>audits</FONT></A></B></TD>
<TD width=20 bgColor=#ddd></TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/staging/maillist.html"><FONT
color=white>staging</FONT></A></B></TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/from/maillist.html"><FONT
color=white>bounced</FONT></A></B></TD></TR></TBODY></TABLE>
<HR>
<TABLE border=0>
<TBODY>
<TR>
<TD colSpan=4><STRONG>September 13, 04</STRONG></TD></TR>
<TR vAlign=top>
<TD>09:10</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03125.html"
name=03125>Re: scan log - [host: EQXpFE03][+0 -0 !=1 total 3
changes]</A></B></TD>
<TD>Ian_Hopper</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>02:30</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03124.html"
name=03124>scan log - [host: EQXpFE03][+0 -0 !=1 total 3
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>02:05</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03123.html"
name=03123>scan log - [host: secmon1][+0 -0 !=0 total 0
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>00:00</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03122.html"
name=03122>*** STG2 virus</A></B></TD>
<TD>secmon</TD>
<TD></TD></TR>
<TR>
<TD colSpan=4><STRONG>September 12, 04</STRONG></TD></TR>
<TR vAlign=top>
<TD>23:43</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03121.html"
name=03121>scan log - [host: imxwf01][+0 -0 !=2 total 7
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>22:15</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03120.html"
name=03120>scan log - [host: clxwf02][+74 -1 !=2 total 82
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>21:52</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03119.html"
name=03119>failed to start scheduled scan [host: clxstgwf02]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>21:27</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03118.html"
name=03118>failed to start scheduled scan [host: sjcswf04]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>15:51</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03117.html"
name=03117>*** STG2 virus</A></B></TD>
<TD>secmon</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>02:30</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03116.html"
name=03116>scan log - [host: EQXpFE03][+0 -0 !=1 total 3
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>02:05</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03115.html"
name=03115>scan log - [host: secmon1][+0 -0 !=0 total 0
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>00:00</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03114.html"
name=03114>*** STG2 virus</A></B></TD>
<TD>secmon</TD>
<TD></TD></TR>
<TR>
<TD colSpan=4><STRONG>September 11, 04</STRONG></TD></TR>
<TR vAlign=top>
<TD>23:40</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03113.html"
name=03113>failed to start scheduled scan [host: imxwf01]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>22:15</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03112.html"
name=03112>scan log - [host: clxwf02][+74 -1 !=2 total 82
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>15:51</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03111.html"
name=03111>*** STG2 virus</A></B></TD>
<TD>secmon</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>02:30</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03110.html"
name=03110>scan log - [host: EQXpFE03][+0 -0 !=1 total 3
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>02:06</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03109.html"
name=03109>scan log - [host: secmon1][+0 -0 !=0 total 0
changes]</A></B></TD>
<TD>Osiris IDS</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>01:03</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03108.html"
name=03108>*** STG2 virus</A></B></TD>
<TD>secmon</TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>00:00</TD>
<TD><B><A
href="https://amur.amc.portera.com:8100/archive/audit/msg03107.html"
name=03107>*** STG2 virus</A></B></TD>
<TD>secmon</TD>
<TD></TD></TR></TBODY></TABLE></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=phillip@fiu.edu href="mailto:phillip@fiu.edu">phillip@fiu.edu</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=osiris-devel@lists.shmoo.com
href="mailto:osiris-devel@lists.shmoo.com">osiris-devel@lists.shmoo.com</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, September 13, 2004 7:05
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [osiris-devel] osiris +
NOC</DIV>
<DIV><BR></DIV><BR><FONT face=sans-serif size=2>Hello,</FONT> <BR><BR><FONT
face=sans-serif size=2>As we are evaluating Osiris to replace our Tripwire
implementation the question of using it in a NOC has come up. Are there any
type of GUI interfaces or plugins to Nagios available or in the works? If not
are does any one have ideas on ways to review changes on all systems from a
central location, other than the email alerts that Osiris sends out?</FONT>
<BR><BR><FONT face=sans-serif size=2>Thanks!</FONT> <BR><BR><BR><FONT
face=sans-serif size=2>Your friendly neighborhood SA,<BR>phiLLip</FONT>
<P>
<HR>
<P></P>_______________________________________________<BR>osiris-devel mailing
list<BR>osiris-devel@lists.shmoo.com<BR>https://lists.shmoo.com/mailman/listinfo/osiris-devel</BLOCKQUOTE></BODY></HTML>