First, I'd like to say that I've been doing a lot of Goggling around and
tried a lot of things to no avail.
Error:
2011/03/18 09:46:34 ossec-logcollector: INFO: Started (pid: 5415).
2011/03/18 09:46:38 ossec-agentd(1218): ERROR: Unable to send message to
server.
2011/03/18 09:46:44
I am looking to do a mass deployment of OSSEC agents to windows
workstations. I do not want to invest in an IBM product (BigFix) to do this.
Is there are clean way to achieve this in an automated way? I am not opposed
to creating a single key for a sub-net to ease the pain.
Thanks in advance
this could help :
http://dcid.me/2011/01/automatically-creating-and-setting-up-the-agent-keys/
On Fri, Mar 18, 2011 at 4:09 PM, ash kumar ak25...@gmail.com wrote:
I am looking to do a mass deployment of OSSEC agents to windows
workstations. I do not want to invest in an IBM product (BigFix) to
Hi. Maybe puppet (http://www.puppetlabs.com) Is worth taking a look at?
On Fri, Mar 18, 2011 at 4:09 PM, ash kumar ak25...@gmail.com wrote:
I am looking to do a mass deployment of OSSEC agents to windows
workstations. I do not want to invest in an IBM product (BigFix) to do this.
Is there are
Hi,
You can do the same thing with psexec from sysinternals.
- Write a batch file to read computer names from a text file
- extract the client key for your computer with a simple find command
- copy the installer/client key up to the computer
- use psexec to do a silent install
Also, I ran tcpdump on UDP/1514 and I do get traffic on the server:
00 [03/18/11 11:40:57 AM] - root# tcpdump -vv -i eth0 -A -s 0 udp port 1514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
11:41:35.833808 IP (tos 0x0, ttl 64, id 11077, offset 0, flags [DF],
Is there an XML schema/template available for ossec I can use in a editor?
I am looking to clean up local_rules.xml and local_decoder.xml. I think it
may be easier to maintain the rules in an editor.
Thanks in advance
Ash
Thank you for all the responses.
I am inclined to use psexec route. I will document as I go along
Step 1: Gather hostnames
Command line: (Actually typed into a single line, I have indented it here
for clarity:
FOR /l %a IN (1,1,255) DO \
FOR /l %b IN (1,1,255) DO \
FOR /l %c in
Why not get your host names from AD? Or is this not an AD domain?
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of ash kumar
Sent: Friday, March 18, 2011 1:33 PM
To: ossec-list@googlegroups.com
Subject: Re: RE: [ossec-list]
On Mar 18, 2011, at 10:20 AM, Eric Hansen wrote:
First, I'd like to say that I've been doing a lot of Goggling around and
tried a lot of things to no avail.
Did you register the client on the server using manage_agents? And did you
then copy the key to the client and install it using
That I did.
When your work speaks for itself, don’t interrupt.
– Henry J. Kaiser
On Fri, Mar 18, 2011 at 10:07 PM, Jason 'XenoPhage' Frisvold
xenoph...@godshell.com wrote:
On Mar 18, 2011, at 10:20 AM, Eric Hansen wrote:
First, I'd like to say that I've been doing a lot of Goggling around
11 matches
Mail list logo
