Adding to this discussion, is it possible to have one particular rule
ID email me at [EMAIL PROTECTED] and not email the default email
address [EMAIL PROTECTED]
I've applied the following rules below to ossec.conf and it's working
ok but I'm getting two emails - one is sent to [EMAIL PROTECTED]
Hi
we use ossec-hids 1.3 on FreeBSD and we would like to monitor
the logs of BIND.
If we use a log_format of 'named' the server cannot even start.
If we use a log_format of syslog for the log file of named we get tons
of false positives.
Is it possible on ossec-hids 1.3 to monitor the logs of
After talking with cisco the command no logging message-counter
syslog will remove the additional counter. However this command was
not introduced until 12.4(11) T.
Hope this helps.
--
Zac Roetemeyer
[EMAIL PROTECTED]
Peter M. Abraham wrote:
Greetings Dave:
Did you miss seeing
3306/tcp open mysql MySQL 5.0.45-community-log
5001/tcp open apc-agent APC PowerChute agent
5432/tcp open postgresql PostgreSQL DB
8009/tcp open ajp13?
8080/tcp open http Apache httpd
8443/tcp open http
Hello, all.
I'm running Debian 4 and OSSEC 1.3. I'm getting alerts about cron jobs
where user root switches to nobody. I've searched the archives and
I know this is a known issue but I wanted to confirm the preferred
solution.
As far as I can tell, what's triggering the alert isn't root doing a
I have tested this with a different email client(I use Thunderbird)
but the same thing happened. also in case of any problem with the
browser it should show the same symptom for other emails.
Cheers
On Sep 6, 10:36 pm, Peter M. Abraham [EMAIL PROTECTED]
wrote:
Greetings:
Given you stated,
Hi Valerio,
Yes, OSSEC can monitor named logs and you need to use the syslog log
format in the config. You need to look at our rules to see what is wrong...
Can you submit the logs that are generating the false positive to us? It would
be much easier to fix them with that in hand.
Thanks,
--