[ossec-list] Re: Installing on server without compilers

I've used the method described at http://www.ossec.net/wiki/Know_How:BinaryInstall for several distributions - Arch Linux, Ubuntu. It works well. I used it again just the other day to do new binary build for v2.2. Create a system similar to your cluster systems but with gcc and give it a

[ossec-list] help me to run Ossec Agent

Hello I just installed ossec Agent and about to run it but at start up it asked me to insert Ossec IP Address an Authentication key!what do I have to put for these fields? -- Zokho

[ossec-list] Re: [ossec-list]email alerts not being restricted.

On Mon, 21 Sep 2009 16:53:24 -0500, Bristol, Gary L. gbris...@ou.edu wrote: I have a problem where the email alerting is being sent out for all levels of alerts and I only want to have it sent out for Level 10 or higher. But I still get messages like this; Hello Gary, This is because a

[ossec-list] Re: Ossec and Courieri Logs

Am I the only one dealing with this issue? :O On Sep 20, 7:33 pm, William Maddler n...@maddler.net wrote: Hello, I'm (still) trying to find a solution for Ossec not being able to correctly manage Courier's failed logins logs: LOGIN FAILED, user=madd...@maddler.net, ip=[:::127.0.0.1]

[ossec-list] Re: help me to run Ossec Agent

You will need to get this information from your OSSEC server. Run /var/ossec/bin/manage_agents to add an agent and then extract the info. On Tue, Sep 22, 2009 at 8:11 AM, mohammad shadmehr mohammad.shadm...@gmail.com wrote: Hello I just installed ossec Agent and about to run it but at start up

[ossec-list] Re: Turn off syscheck but keep anomaly emails?

Hi, If you need to disable the file integrity checking, just remove the directories entry from the ossec.conf or set disabled to no inside the syscheck entry. Doing that, it will stop the integrity checking, but the anomaly detection will still run. Note that the anomaly detection is also ran

[ossec-list] Re: the various daemons

Hi Gregor, The following link explain them: http://www.ossec.net/wiki/Ossec_logic And this presentation also covers a bit on how they communicate: http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf But if a daemon is not going to be used, OSSEC generally kill them by default anyway...

[ossec-list] Re: Ossec and Courieri Logs

Hello, here it is: mail.log.4.gz:Sep 15 22:22:15 fennel couriertcpd: LOGIN FAILED, user=eleve, ip=[:::189.113.97.14] mail.log.4.gz:Sep 15 22:22:21 fennel couriertcpd: LOGIN FAILED, user=proxy, ip=[:::189.113.97.14] mail.log.4.gz:Sep 15 22:22:28 fennel couriertcpd: LOGIN FAILED,