Hi.
The file can be found in shared/agent.conf
On Mon, Jun 6, 2011 at 3:42 AM, treydock treyd...@gmail.com wrote:
What settings from the OSSEC server's etc/ossec.conf file are used to
on the clients? For example I've defined rules and active responses
on my server, and they are working
Hi Frank,
If I create an agent.conf file on the server, will it overwrite the settings
of the agent's local ossec.conf or are the two configs merged in some way?
On Mon, Jun 6, 2011 at 6:29 AM, Frank Stefan Sundberg Solli
frankste...@gmail.com wrote:
Hi.
The file can be found in
syscheck
directories realtime=”yes”
check_all=”yes”/etc,/usr/bin,/usr/sbin/directories
directories check_all=”yes”/bin,/sbin/directories
/syscheck
Add if_sid31100/if_sid to your rule.
On Sun, Jun 5, 2011 at 8:02 AM, Rainer serverad...@nextao.de wrote:
Hi,
I want to block a certain WWW bot called verticalpigeon; it is known
to scan for Joomla! installations. You can also trigger it through the
website manually. But the nice thing is, it
http://www.ossec.net/doc/syntax/head_ossec_config.syslog_output.html
Put the following inside of the syslog_output section:
level10/level
On Mon, Jun 6, 2011 at 7:48 AM, Walker, Barry barry.wal...@lids.com wrote:
Can I setup the output of syslog to send only alert level 10 and above?
Below
OSSEC is open source, so you should be able to add it.
On Fri, Jun 3, 2011 at 12:35 PM, Wei Zhang acur...@gmail.com wrote:
Hello everyone,
I just heard that sha1sum and md5sum is being deprecated as approved
hash algorithm for FIPS 140-2 compliance. Does anyone know if I can add
good point, Thanks
On Mon, Jun 6, 2011 at 2:21 PM, dan (ddp) ddp...@gmail.com wrote:
OSSEC is open source, so you should be able to add it.
On Fri, Jun 3, 2011 at 12:35 PM, Wei Zhang acur...@gmail.com wrote:
Hello everyone,
I just heard that sha1sum and md5sum is being deprecated
Hello Folks,
I have a concern about the csyslogd demon:
2011 Jun 04 13:51:03 Rule Id: 151601 level: 7
Location: ossec-server-/var/log/messages
Grouping of kernel error rules.
Jun 4 13:51:02 ossec-server kernel: ossec-csyslogd[21507]: segfault at
rip 003dd8479a30 rsp
Any chance you can run it under gdb in case it crashes again? I think
a backtrace might help find the issue.
On Mon, Jun 6, 2011 at 5:35 PM, blacklight vphu...@yahoo.com wrote:
Hello Folks,
I have a concern about the csyslogd demon:
2011 Jun 04 13:51:03 Rule Id: 151601 level: 7
Location:
I'm new to using OSSEC...does anyone know how to change the Web UI
default password? It's installed as 'ossec' for the username and
password but we'd like to change it to something more secure.
Thanks!
Noah
Hey, I had the same crash too!
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of blacklight
Sent: Monday, June 06, 2011 2:36 PM
To: ossec-list
Subject: [ossec-list] Concern about the ossec-csyslogd daemon
Hello Folks,
I have a
cd to the wui directory.
htpasswd USERNAME
This should prompt you for a password
On Mon, Jun 6, 2011 at 5:47 PM, Noah Grant noah.gr...@teligence.net wrote:
I’m new to using OSSEC…does anyone know how to change the Web UI default
password? It’s installed as ‘ossec’ for the username and
Please try running it under gdb:
gdb ossec-csyslogd
(gdb) set follow-fork-mode child
(gdb) run
On Mon, Jun 6, 2011 at 5:50 PM, Jefferson, Shawn
shawn.jeffer...@bcferries.com wrote:
Hey, I had the same crash too!
-Original Message-
From: ossec-list@googlegroups.com
Thanks Dan, that did it :)
Noah Grant
Systems Engineer
Ext. 3212
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: Monday, June 06, 2011 2:55 PM
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] how to change
On Mon, 2011-06-06 at 14:16 -0400, dan (ddp) wrote:
Add if_sid31100/if_sid to your rule.
OK, I thought I missed something. Thank You.
Steve,
thanks for your hint, the solution in the link is
a good approach. Maybe I can figure out how to
modify it for my case.
Rainer.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jun 6, 2011, at 4:53 PM, Wei Zhang wrote:
good point, Thanks
And, of course, if you do, please share it back with the community!
On Mon, Jun 6, 2011 at 2:21 PM, dan (ddp) ddp...@gmail.com wrote:
OSSEC is open source, so you should be able to
At least OSSEC is reporting it :) And yes, try to run it under gdb so
we can see where it is crashing. Or try the latest snapshot
to see if it works there.
Thanks,
On Mon, Jun 6, 2011 at 6:58 PM, dan (ddp) ddp...@gmail.com wrote:
Please try running it under gdb:
gdb ossec-csyslogd
(gdb) set
17 matches
Mail list logo