Hi Dan,
Refer to my previous email, I have the following findings.
*
Output from the OSSEC server
*
[root@myserver ~]# /opt/ossec/bin/syscheck_control -i 049 -f
/opt/syslog-ng/conf/syslog-ng.conf
Integrity changes for agent 'myagent (049)
Hi Dan,
I do not know if that is possible but turning off message repeated
messages would probably affect other logging as well.
Now as for overwriting the rule , 5720 is a generic rule that
addresses many platforms ...For IBM AIX for example the described
problem does not exist, at least in my
Hello list,
Windows Ossec agent , default ossec.conf configuration, spits out a
lot of errors I believe others have noticed it as well but I could
not find a relative post .I was wondering if someone knew what they
mean and how can they be resolved .
For example :
ossec-agent: WARN: Error
Hello again,
I followed the steps to configure a rule that will generate a higher
severity alert for specific files and noticed that it works for the
first change detected but not for the second and beyond .For example
the rule triggers successfully for the first syscheck:
** Alert
You have to past in this as ONE line (ends with /myapp/):
[Mon Jan 23 08:40:46 2012] [error] [client 192.168.0.123] user unknownUser not
found: /myapp/
if you only test up to unknownUser it will not segfault.
On 02.02.2012, at 19:33, Andreas Piesk wrote:
On 02.02.2012 10:06, Oliver
On 03.02.2012 16:09, Oliver Müller wrote:
You have to past in this as ONE line (ends with /myapp/):
[Mon Jan 23 08:40:46 2012] [error] [client 192.168.0.123] user unknownUser
not found: /myapp/
that's what i did. testing the above line uo to /myapp/ doesn't produce a
segfault on my