This is the instruction how to make OSSIM properly display Russian text on the screen and when you export to csv. Usefull for ossec-agent on Russian Windows and for database type connectors for MSSQL databases.
And check_encoding.py script. See instruction.txt for details
| #! /usr/bin/python | |
| # -*- coding: latin1 -*- | |
| # Author Eugene Sokolov esguardian@outlook.com | |
| # use with OSSIM | |
| # this script add "encoding" param for each plugin in /etc/ossim/agent/config.cfg | |
| # I call this script in d_start() section in both | |
| # /etc/init.d/ossim-server and /etc/init.d/ossim-agent | |
| # for check and reconfig encoding before start plagins. | |
| # | |
| import sys | |
| import subprocess | |
| cfg_path = '/etc/ossim/agent/config.cfg' | |
| new_cfg_path = '/var/local/config.tmp' | |
| encoding_exceptions = {'wmi-monitor':'utf8'} | |
| my_encoding = 'cp1251' | |
| with open (cfg_path,'r') as f: | |
| conf = f.read() | |
| f.close | |
| start_flag = False | |
| continue_flag = True | |
| need_update = False | |
| out_lines=[] | |
| for line in conf.splitlines(): | |
| out_lines.append(line.strip()) | |
| if start_flag and continue_flag : | |
| if not '=' in out_lines[-1]: | |
| continue_flag = False | |
| elif not '|' in out_lines[-1]: | |
| key = out_lines[-1].split('=')[0] | |
| need_update = True | |
| if key in encoding_exceptions: | |
| out_lines[-1] = out_lines[-1] + '|' + encoding_exceptions[key] | |
| else: | |
| out_lines[-1] = out_lines[-1] + '|' + my_encoding | |
| if '[plugins]' in out_lines[-1]: | |
| start_flag = True | |
| if need_update : | |
| with open(new_cfg_path,'w') as f: | |
| for line in out_lines: | |
| f.write(line + '\n') | |
| f.close | |
| cmd = '/bin/cp -f /etc/ossim/agent/config.cfg /etc/ossim/agent/config.cfg.myreconfig.bak' | |
| p = subprocess.Popen (cmd, shell=True) | |
| p_stutus = p.wait() | |
| cmd = '/bin/cp -f /var/local/config.tmp /etc/ossim/agent/config.cfg' | |
| p = subprocess.Popen (cmd, shell=True) | |
| p_stutus = p.wait() |
| 0. Add locale to system. use command | |
| #dpkg-reconfigure locales | |
| from console for generate ru_RU.cp1251 and UTF-8 locales (missing by deafault in OS) | |
| 1. modify /etc/mysql/my.cnf | |
| [client] | |
| port=3306 | |
| socket=/var/run/mysqld/mysqld.sock | |
| default-character-set=utf8 | |
| [mysqld] | |
| collation-server = utf8_unicode_ci | |
| init-connect='SET collation_connection = utf8_unicode_ci' | |
| init_connect='SET NAMES utf8' | |
| character-set-server = utf8 | |
| 2.0 For OSSIM version 5 it is no longer necessary to modify the file TailFollovBookmark.py. | |
| Enough to specify the encoding wich an agent has to work in file | |
| /etc/ossim/agent/config.cfg. Like so: | |
| [plugins] | |
| ... | |
| ossec-single-line=/etc/ossim/agent/plugins/ossec-single-line.cfg|cp1251 | |
| ... | |
| If you omit encoding, OSSIM will use latin1 | |
| enjoy | |
| But ... | |
| every time you change the server configuration through the menu, or when you do any upgrade | |
| the encoding informaition from /etc/ossim/agent/config.cfg will be lost | |
| and you must edit this file manualy and then run /etc/init.d/ossim-agent restart | |
| Oooops ... | |
| What can we do? | |
| I changed scripts /etc/init.d/ossim-server and /etc/init.d/ossim-agent. | |
| To both scripts in section d_start() I added (as first line) | |
| /usr/local/bin/check_encoding.py | |
| This is my own script wich write "encoding" param in /etc/ossim/agent/config.cfg | |
| Becouse each ossim-reconfig command execute at end of work ossim-server restart and ossim-agent restart | |
| this script allways run and restore "right" encoding. | |
| 4. For reading cyrillic characters in MSSQL databases with database type plugins | |
| you must change freetds.conf in /etc/freetds | |
| By default FreeTDS configured for use ASCII encoding. | |
| Solution: | |
| Modify the [global] section of freetds.conf file. | |
| #/ets/freetds/freetds.conf | |
| [global] | |
| tds version = 7.0 | |
| client charset = UTF-8 |