So you’ve installed OSSIM, setup your agents / remote sysloggers and still not seeing data? logs on your remote devices state target unavailable. Don’t forget to open the firewall ports..
open file using NANO
nano /etc/ossim/firewall_include
examples :-
open one port
-A INPUT -p udp -m state --state NEW -m udp --dport 555 -j ACCEPT
open range of ports
iptables -A INPUT -p tcp --dport 1000:2000 will open up inbound traffic to TCP ports 1000 to 2000 inclusive
to save your changes
CTRL + X, Y to confirm
Tell the firewall to reload using updated rules
ossim-reconfig
notes about switches
-m multiport –dports is only needed if the range you want to open is not continuous,
eg -m multiport --dports 80,443, which will open up HTTP(80) and HTTPS(443) – but not any of the ports in between