I've used the method described at
http://www.ossec.net/wiki/Know_How:BinaryInstall for several
distributions - Arch Linux, Ubuntu. It works well. I used it again just
the other day to do new binary build for v2.2.
Create a system similar to your cluster systems but with gcc and give it
a
Hello
I just installed ossec Agent and about to run it but at start up it asked me
to insert Ossec IP Address an Authentication key!what do I have to put for
these fields?
--
Zokho
On Mon, 21 Sep 2009 16:53:24 -0500, Bristol, Gary L. gbris...@ou.edu
wrote:
I have a problem where the email alerting is being sent out for all
levels
of alerts and I only want to have it sent out for Level 10 or higher.
But I still get messages like this;
Hello Gary,
This is because a
Am I the only one dealing with this issue? :O
On Sep 20, 7:33 pm, William Maddler n...@maddler.net wrote:
Hello,
I'm (still) trying to find a solution for Ossec not being able to
correctly manage Courier's failed logins logs:
LOGIN FAILED, user=madd...@maddler.net, ip=[:::127.0.0.1]
You will need to get this information from your OSSEC server. Run
/var/ossec/bin/manage_agents to add an agent and then extract the
info.
On Tue, Sep 22, 2009 at 8:11 AM, mohammad shadmehr
mohammad.shadm...@gmail.com wrote:
Hello
I just installed ossec Agent and about to run it but at start up
Hi,
If you need to disable the file integrity checking, just remove the
directories entry
from the ossec.conf or set disabled to no inside the syscheck entry.
Doing that, it will stop the integrity checking, but the anomaly
detection will still run. Note that
the anomaly detection is also ran
Hi Gregor,
The following link explain them: http://www.ossec.net/wiki/Ossec_logic
And this presentation also covers a bit on how they communicate:
http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf
But if a daemon is not going to be used, OSSEC generally kill them by
default anyway...
Hello,
here it is:
mail.log.4.gz:Sep 15 22:22:15 fennel couriertcpd: LOGIN FAILED,
user=eleve, ip=[:::189.113.97.14]
mail.log.4.gz:Sep 15 22:22:21 fennel couriertcpd: LOGIN FAILED,
user=proxy, ip=[:::189.113.97.14]
mail.log.4.gz:Sep 15 22:22:28 fennel couriertcpd: LOGIN FAILED,