Page 1 of 1

OSSIM Image support

Posted: Mon May 10, 2021 6:21 am
by raskin
Dear All,

Can we have OSSIM Image support in eve-ng which is a open source SIEM.

https://cybersecurity.att.com/products/ossim

Thanks
Raskin

Re: OSSIM Image support

Posted: Mon May 10, 2021 8:47 am
by Uldis (UD)
I got success, but it is super heavy image..
Might be I will include in next EVE release.
Installed from ISO
x4 CPU
x8GB RAM
HDA hdd 50Gb
Ethernets: 1-2
NIC E1000
console: VNC and https
Qemu version: 2.12.0
Qemu options: -machine type=pc,accel=kvm -vga virtio -usbdevice tablet -boot order=cd -cpu host
Use EVE Linux template

Re: OSSIM Image support

Posted: Mon May 10, 2021 1:31 pm
by raskin
Hi Uldis,

Thanks for your guidance. I tried but failed to install the SIEM like you in eve-ng GCP.
SIEM-1.JPG
SIEM-2.JPG

The installation fails to installs the grub finally.

Not sure what to do to fix it.

Re: OSSIM Image support

Posted: Mon May 10, 2021 3:06 pm
by Uldis (UD)
you did not set qemu option my friend what I mentioned above

-machine type=pc,accel=kvm -vga virtio -usbdevice tablet -boot order=cd -cpu host

Re: OSSIM Image support

Posted: Mon May 10, 2021 6:03 pm
by raskin
Hi Uldis,

Thanks for your help as always . I had inputted below qemu option eacy attempt but somehow -cpu host was not getting saved and finally after multiple attempt its getting saved during edit and first error related to CPU and SSSE3 got fixed.

-machine type=pc,accel=kvm -vga virtio -usbdevice tablet -boot order=cd -cpu host

But still the grub error is coming and if i select no option it does not continues anymore and if i select yes finally unable to install at the end. If we omit the grub install and move forward after installation it shows only booting from HDD and does not gets further anymore post finish of installation.

Re: OSSIM Image support

Posted: Mon May 10, 2021 6:30 pm
by raskin
I am sharing current host settings and boot status

Re: OSSIM Image support

Posted: Wed May 12, 2021 7:38 am
by Uldis (UD)
show me content of your image folder

Code: Select all

root@eve-ng:/opt/unetlab/addons/qemu/linux-ossim# ls -l
total 745672
-rw-r--r-- 1 root root 763363328 May 10 10:11 cdrom.iso
-rw-r--r-- 1 root root    197632 May 10 10:14 hda.qcow2
root@eve-ng:/opt/unetlab/addons/qemu/linux-ossim# 
the HDD was created with:

Code: Select all

root@eve-ng:/opt/unetlab/addons/qemu/linux-ossim# /opt/qemu/bin/qemu-img create -f qcow2 hda.qcow2 50G

Re: OSSIM Image support

Posted: Thu May 13, 2021 2:13 pm
by raskin
Hi Uldis,

i have finally identified the issue. i was following Hdd format as virtioa.qcow2 instead of hda which was resulting to the failure of grub installation properly. Thanks a lot to you for proper guidance to identify the problem.

Thanks
Raskin