Hi,
This happens on my machine running AIX 5.3. Compilations fails
unless I comment out all pthread.h includes. And as I'm writing this
while sitting in airport, the new beta test has to wait till next
week. :)
On 24/10/2007, Daniel Cid [EMAIL PROTECTED] wrote:
Hi Nerijus,
Can you refresh
In the last days I've been having problems contacting with some ossec
agents, I changed some directory permissions, but after, I recovered
from backup, reinstalled, upgraded, re-created the agents... but some
agents doesn't still contact with the server.
it's a bit confusing, in the web
Hi,
I'm trying to create a new proftpd rule in
/var/ossec/rules/local_rules.xml but for some reason ossec is not
performing the active response. Here is my rule:
!-- Proftpd Rules --
group name=proftpd
rule id=1101 level=10 frequency=20 timeframe=60
Hi,
I am having a problem with Ossec running on windows, versions 1.1 and
1.2, the machine stops working after a few weeks,
The windows is running an agent connected to a central server.
Messages like not enough server storage is available to process this
command and things like that
Yes, It is due to a resource pool leak in those versions. Upgrade to
1.3.
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED]
On Behalf Of Marco Supino
Sent: Wednesday, October 24, 2007 10:47 AM
To: ossec-list@googlegroups.com
Subject:
Marco Supino wrote:
Hi,
I am having a problem with Ossec running on windows, versions 1.1 and
1.2, the machine stops working after a few weeks,
Hello Marco,
I have these versions of OSSEC running on several Windows machines and
don't have these problems. Are you sure you don't have
Daniel Rubio wrote:
In the last days I've been having problems contacting with some ossec
agents, I changed some directory permissions, but after, I recovered
from backup, reinstalled, upgraded, re-created the agents... but some
agents doesn't still contact with the server.
Daniel,
As
Steve West wrote:
Am I doing something wrong as to why active response is not being
invoked after 20 no such user in a 60 seconds time frame?
Hello Steve,
I ran into a problem awhile back where it seemed like my rule wasn't
working. What I found after working with Daniel was that the
Michael Starks wrote:
Try 21 or 22 invalid logins in 60 seconds.
-Mike
Hi Mike,
Thanks for the suggestion! I try over 25 invalid logins and still ossec
active response doesn't fire. Not really sure why but I think it might
be related to my rule or the underlaying proftpd group rule
Where can I find this info ? I couldn't find anything in the changelog
Marco.
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED]
On Behalf Of McClinton, Rick
Sent: Wednesday, October 24, 2007 17:05
To: ossec-list@googlegroups.com
Subject: [ossec-list] Re: Ossec on windows
Hi Marco,
It is in the changelog of the version 1.3:
http://www.ossec.net/announcements/v1.3-2007-08-08.txt
-Fixed file descriptor leak on the Windows agent while reading
the Windows registry.
(Reported by Luke Bradeen lbradeen at suresource.com)
Thanks,
--
Daniel B. Cid
dcid ( at )
Hi Steve,
Are the alerts being generated based on your rule? If yes, can you
show us the output of them? (from /var/ossec/logs/alerts.log ). You
need to make sure that the srcip is present
in the alert (meaning that it was decoded properly), otherwise the
active response is not
going to fire.
Hello, I'm having an issue that I'm hoping someone could provide me
some help on. To give a brief synopsis of the situation:
We originally had a single server setup running OSSEC. Last week, we
decided to combine this server with another two that were running as
a simple log server (in high
13 matches
Mail list logo
