Hi Peter,
OSSEC will use the IP address specified by the kernel to access that
specific destination ( the server). So, if you have two ips in
different interfaces configured to be in the same network, your
internal routing is going to be all messed up.
A simple way to fix that is to configure
Hello guys!
im tryng to use the new windows audit stuff and im kind of lost..
im following http://ossec.net/wiki/index.php/Know_How:WindowsPolicy
had added:
rule id=512 level=9 overwrite=yes
if_sid510/if_sid
match^Windows Audit/match
descriptionWindows Audit
Hi,
It is currently not officially supported, but Dean Takemori wrote some
decoders for it
already:
http://www.ossec.net/bugs/show_bug.cgi?id=60
The only reason why it is not in there is because of the lacking of
testing and sample
logs. If you can share some of your logs, it can be very
Greetings,
I'm thinking about creating an OSSEC + Prelude appliance for the
purposes of selling it to customers. Are there any restrictions that I
should know about before going down this road?
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Greetings,
I noticed no problem with upgrading a MacOS X Tiger system that already
had OSSEC-HIDS installed to Leopard.
After a fresh Leopard install, however, I needed to create the group and
users that OSSEC needs before compiling and installing OSSEC. This is
because Leopard no longer
Is there a way to audit for a process running if it is only running on
one or two agents? Right now when I set it up I get alerats from the
agents that don't have the process installed so of course it will alert
for the process not running.
Sincerly
Dennis Borkhus-Veto
Systems Administrator
Daniel Cid wrote:
Hi,
It is currently not officially supported, but Dean Takemori wrote some
decoders for it
already:
http://www.ossec.net/bugs/show_bug.cgi?id=60
The only reason why it is not in there is because of the lacking of
testing and sample
logs. If you can share some of
Greetings Adriel:
Presuming active response is turned on, then check /var/ossec/logs/
active-responses.log on the server (agent or local) for activity.
Thank you.
1KDownload
I'll compile ossec on my Powerbook when I get home to see if I get the
same messages.
-Chuck
On Nov 1, 2007 11:53 AM, Reggie Griffin [EMAIL PROTECTED] wrote:
Hello,
I am getting the following errors compiling v1.4 on a Mac G5(haven't
tried earlier versions). Does anyone have
advice as to
Greetings Dennis:
If I understand your question correctly, are you asking to be alerted
if a process fails or otherwise was running and then stops?
If yes, does the process in question record anything in a log file?
If not in a log file, if you are comfortable scripting, you might be
able to
10 matches
Mail list logo