[ossec-list] Please Can You Assist : OSSEC Notification - Alert level 7

Hi, Please can you assist Is it possible to get OSSEC to send alerts as soon as a file gets changed? This file was changed at 16h05 but the alert only came through at 17h27 snip ls -al /etc/group -rw-r--r-- 1 root root 986 2009-05-26 16:05 /etc/group /snip Regards,

[ossec-list] Re: Windows 2003 DHCP Server logs

Here is a clip of the ossec.conf on that server: localfile locationSystem/location log_formateventlog/log_format /localfile localfile locationC:\WINDOWS\system32\dhcp\DhcpSrvLog-Sat.log/location log_formatsyslog/log_format /localfile localfile

[ossec-list] Re: Please Can You Assist : OSSEC Notification - Alert level 7

I'm using an older version of centos, and I do not believe inotify is available. I installed the inotify-tools package. I modified the syscheckd code to use the inotify.h (and inotify-nosys.h) that come with inotify-tools, but that wasn't enough. I get the ERROR: Unable to initialize inotify

[ossec-list] Re: Couple questions re: a new OSSEC installation

Hey, If you enabled active-response during the install it should block brute force attacks automatically (just like denyhosts and fail2ban). As far as nginx, I never used so I can't give more information... However, if it logs in the same format as apache (NSCA), ossec should handle it fine.

[ossec-list] Re: OSSEC agentless do not show up in WUI?

I think you should. I received an email alert for one of my agentless systems (dd-wrt on soho router) last night when /etc/resolv.conf changed. dan On Thu, May 28, 2009 at 12:04 PM, Derrick Farmer dfar...@vertek.com wrote: Daniel, Thank you.  I think I have it working now and I understand

[ossec-list] Re: Windows 2003 DHCP Server logs

Installed the snapshot on my ossec server, restarted the ossec service on the windows server that is running dhcp too, results in log from windows server: 2009/05/28 13:46:15 ossec-execd(1350): INFO: Active response disabled. Exiting. 2009/05/28 13:46:15 ossec-agent(1410): INFO: Reading

[ossec-list] Couple questions re: a new OSSEC installation

I really appreciate having that confirmed -- thanks. I did enable active-response. About nginx, if its logs are in the same format location as apache's (which I think is the case), would I need to do anything else? -- http://www.fastmail.fm - Faster than the air-speed velocity of an

[ossec-list] Re: Couple questions re: a new OSSEC installation

Just to clarify my last question... You said that ossec should handle nginx fine if its logs are the same format as apache (and I think they are)... so what I meant to ask in my last message is, given this assumption about the format, did you mean that ossec would then handle the nginx logs