Hi to all.
I installed the web ossec-wui-0.2, but after all check on file sistem
permission end file configuration, I obtain the message
Unable to access ossec directory when I type
http://192.168.20.133/ossec-wui/.
Some ideas ??
Thank you
Enrico
OSSEC expects the logs to be in the following format (without the message id):
Aug 20 11:28:27 RouterName %SEC-6-IPACCESSLOGS: list 30 denied
203.20.69.66 1 packet
I think the message id in my example was generated by the syslog
server. Below you will find the log entries when I have enabled
Hello,
I rebooted the server and found ossec failed. I tried to start it
service ossec start
Starting OSSEC: 2007/08/21 00:56:01 ossec-syscheckd(1210): Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection r
efused'.
2007/08/21 00:56:01 ossec-rootcheck(1210): Queue
In addition to the discussion regarding timestamps in IOS logs, it's
possible to create access lists with non-numeric names. An example:
Aug 21 15:56:01 router 1577395: Aug 21 22:56:00.380: \
%SEC-6-IPACCESSLOGP: list outbound-filter-08/14/07 \
permitted tcp 1.2.3.4(36257) -
I went back and reset mine (with a psad kick) to 96,000 seconds
On Tuesday 21 August 2007 7:24:16 pm [EMAIL PROTECTED] wrote:
You can't spoof an interactive TCP session such as SSH or SMTP.
Jeff Schroeder wrote:
On Aug 20, 7:58 pm, Thorne Lawler [EMAIL PROTECTED] wrote:
I'm sure there was
Jeff,
ossec-list@googlegroups.com wrote on 22/08/2007 06:53:59 AM:
On Aug 20, 7:58 pm, Thorne Lawler [EMAIL PROTECTED] wrote:
I'm sure there was some solid reasoning behind the default fixed value
for
active-response.timeout. I'd love to hear it if anyone knows what it
was.
Ever heard
Hi Peter,
They should happen almost at the same time, with the active response before
the e-mail (most of the time). Basically, as soon as the alert is
fired, it is sent to the os-remoted (on the server), which forwards to
the correct agent.
Hope it helps.
--
Daniel B. Cid
dcid ( at )
Hi DM,
Please give us more information to debug/reproduce your issue. What happens
if you do a service ossec restart? Anything else in the logs besides
these messages?
Most of the time, we need at least the following information:
http://www.ossec.net/wiki/index.php/Community_manual:BugReport
Hi Thorne,
You raise a valid concern regarding our timeouts (which is by default
10 minutes, not 5)
and it was chosen mainly based on some sshd brute force scripts (that
I had access on
the past), which gave up on a specific ip after 5/6 minutes without
response. That's why 10, so they would
Hi Stephen,
It is actually a bug in ossec. You need to set it to: (note the
underline instead of a dash)
active_response
disabledyes/disabled
/active_response
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 8/21/07, Stephen Williamson [EMAIL PROTECTED] wrote:
I have some agents that
10 matches
Mail list logo