Beitrag von BrianPugh


I installed OSSIM in a VM running on a Dell R510 server (16GB RAM, 4cores 16threads), inside the LAN.

q1: I set up the Ossim VM with a single NIC (paravirtualized, promiscuous mode). Is this enough? Do I need to set it up with more NICs?

q2: if I want to monitor the DMZ LAN, considering that it hosts a single server (and a couple of VMs), is it enough to install the Ossec Agent on the dmz server, or should I install as well a 2nd Ossim VM in the DMZ, configured as sensor?

Please help.

