Running v3.3.0 on the server and v3.2.0 on the client, trying to exclude
*.bz2 in a given directory, I tried:
/path/to/.bz2$
based on another post. I obviously don't understand how to do it because
it's not working. /var/ossec/etc/shared/agent.conf shows the above and
ossec.conf on
Thanks for the reply, sounds like I need to upgrade the server to the
latest version.
On Thursday, January 23, 2020 at 5:46:43 PM UTC-6, Leroy Tennison wrote:
>
> Received the following message: Trojaned version of file '/bin/grep'
> detected. Signature used: 'bash|givemer|/dev/'
Received the following message: Trojaned version of file '/bin/grep'
detected. Signature used: 'bash|givemer|/dev/' (Generic)." on 18.04.3 LTS.
Downloaded the deb from Ubuntu standard repositories, extracted grep (in
/tmp) and compared sha512sums for it and /bin/grep - identical. I received
You need to clarify, are these servers agents? If so then you need to look
into config-profile for the agent configuration. Define different profiles
in the manager's /var/ossec/etc/shared/agent.conf and specify the
appropriate profile for the agent it it's ossec.conf using config-profile.
Wait a minute, is this a new install, how did you get the key installed on
the client? If there's an automated way to do that please post in a reply.
On Tuesday, November 14, 2017 at 7:26:55 AM UTC-6, Julia Vitoria Cardoso
wrote:
>
> Hi, i have a test setup with a windows agent and a server
Although the context was AliewnVault this solution worked for me in an
internally-installed manager-client environment:
http://www.itinthedatacenter.com/wordpress/?p=369
On Tuesday, November 14, 2017 at 7:26:55 AM UTC-6, Julia Vitoria Cardoso
wrote:
>
> Hi, i have a test setup with a windows
The context is /var/log/syslog monitoring, I have one system which is
generating numerous messages which I don't want to receive alerts for. I
would prefer to avoid a rules-based approach because I'm just beginning to
understand OSSEC and others with less knowledge than i need to be able to
I should have said that this was a new install, the start of the agent was
as a result of completing the installation.
On Wednesday, September 27, 2017 at 8:04:28 AM UTC-5, dan (ddpbsd) wrote:
>
> On Fri, Sep 22, 2017 at 12:11 PM, Leroy Tennison
> <leroy.t...@gmail.com > wrote
Couldn't find anything about this is the archives, I started the agent and
about 10 minutes later got an email with about 100 files listed as being
new. The first 20 were in /usr/share/i18n/locales and I looked at about
the first 10. Using stat to display the access/modify/change time stamps
Thanks again, I appreciate your patience with my learning curve.
On Tuesday, September 5, 2017 at 3:21:41 PM UTC-5, Leroy Tennison wrote:
>
> Just beginning to use OSSEC and going through a trial-and-error process
> setting up a configuration for an internal application.
Just beginning to use OSSEC and going through a trial-and-error process
setting up a configuration for an internal application. Searched for this
before posting and ended up with more questions than answers.
.MB3H8Xv5yaVxEaj(D8+OPZkR')rnzayo9+JI1;L'!MQext'@8b+t[n%kOO@wOdK5HCWcubJ/][Qs1KMD'^eB.A''w4p@p0;e,OhqQ/2'GmmbegEL+-#Ar5u]*JoPRhTNV0lfhvNNIZP[5BGc60*FATAl,Pi,W2Jl!d5*ymzotwjGf.I@X
--END OF NOTIFICATION
On Monday, August 28, 2017 at 10:53:55 AM UTC-5, Leroy Tennison wrote:
>
> Just F
I wondered about that but verify-agent-conf didn't complain so I thought it
was valid. I guess that means regex is only valid in rules?
On Monday, August 28, 2017 at 9:40:53 AM UTC-5, Leroy Tennison wrote:
>
> I'm having trouble getting an ignore expression to actually ignore a
&g
Just FYI, not sure if a resolution
to https://groups.google.com/forum/#!msg/ossec-list/dE3klm84JMU/kGZkRdSl3ZkJ
has been put in place or not but it is occurring in v2.9.2 - I received an
email alert (can post the text if it would be helpful).
Related to this, I noticed that the alert level is
I'm having trouble getting an ignore expression to actually ignore a change
and suspect it's due to not understanding how OSSEC regular expressions
work. When I searched for examples I found very little so I'm hoping
someone can reply with examples or explanations. What I tried was:
Suggestion, these might be worthwhile Architecture or FAQ additions.
On Tuesday, August 22, 2017 at 11:00:04 AM UTC-5, dan (ddpbsd) wrote:
>
>
>
> On Aug 22, 2017 11:55 AM, "Leroy Tennison" <leroy.t...@gmail.com
> > wrote:
>
> Thank you for your reply, sadl
Nagios..., we happen to use Icinga, I'll look at that approach. Thanks
(again).
On Monday, August 21, 2017 at 5:42:30 PM UTC-5, dan (ddpbsd) wrote:
>
>
>
> On Aug 21, 2017 4:58 PM, "Leroy Tennison" <leroy.t...@gmail.com
> > wrote:
>
> I'm hoping to implem
figuration.
On Monday, August 21, 2017 at 5:40:53 PM UTC-5, dan (ddpbsd) wrote:
>
>
>
> On Aug 21, 2017 4:39 PM, "Leroy Tennison" <leroy.t...@gmail.com
> > wrote:
>
> I have added to /var/ossec/etc/shared/agent.conf a profile for a class of
> machine and upda
I have added to /var/ossec/etc/shared/agent.conf a profile for a class of
machine and updated the agent's ossec.conf with the config-profile in the
block.
Do I need to remove the , and all entries
on the client or will the manager simply override them? Is the result
"either (the manager
19 matches
Mail list logo