Re: [ossec-list] Re: Repeated-offenders still not working

2012-03-12 Thread Steven Stern
On 03/12/2012 11:53 AM, Dimitri Yioulos wrote: > On Monday 12 March 2012 12:24:47 pm Steven Stern wrote: >> On 03/12/2012 10:49 AM, Dimitri Yioulos wrote: >>> Anyone have any ideas on this? >>> All, Back at the end of last year, I asked about using the repeated-offenders feature

[ossec-list] syslog output to multiple syslog servers

2012-03-12 Thread Swartz, Patrick H
Hi All, When using the syslog output, is it possible to send the output to two different syslog servers? This is what I have in our server's ossec.conf -- 192.168.246.96 514 172.27.146.15 10009 I ran tcpdump to capture the syslog output using this command: tcpdump -t

Re: [ossec-list] Re: Repeated-offenders still not working

2012-03-12 Thread Dimitri Yioulos
On Monday 12 March 2012 12:24:47 pm Steven Stern wrote: > On 03/12/2012 10:49 AM, Dimitri Yioulos wrote: > > Anyone have any ideas on this? > > > >> All, > >> > >> Back at the end of last year, I asked about using the repeated-offenders > >> feature > >> in OH. I added the following directives to

Re: [ossec-list] Re: Repeated-offenders still not working

2012-03-12 Thread Steven Stern
On 03/12/2012 10:49 AM, Dimitri Yioulos wrote: > Anyone have any ideas on this? > > >> All, >> >> Back at the end of last year, I asked about using the repeated-offenders >> feature >> in OH. I added the following directives to ossec.conf on the host that I >> want >> this to work in: >> >>

[ossec-list] syscheckregistry.db

2012-03-12 Thread Heath
What is OSSEC doing when it's reading the syscheckregistry.db file on a Windows system? My OSSEC CPU usage is low most of the time but sometimes it's really high (in task manager it bounces between 30% and 90%) and when it's really high I've noticed that it's reading this file Just trying to get

[ossec-list] Re: Repeated-offenders still not working

2012-03-12 Thread Dimitri Yioulos
Anyone have any ideas on this? > All, > > Back at the end of last year, I asked about using the repeated-offenders > feature > in OH. I added the following directives to ossec.conf on the host that I > want > this to work in: > > > host-deny > host-deny.sh > srcip > yes

[ossec-list] Ossec agent not banning ips

2012-03-12 Thread go
Hello everyone, I'm receiving a lot of alerts on one of my servers where the ossec agent is running that someone was attempting to get in. That would not be surprising, if there was a different ip in each email - but there is not. 1. I did some troubleshooting by trying to ban an ip permanently f

Re: [ossec-list] Problem with ossec compiled support mysql

2012-03-12 Thread Eero Volotinen
2012/3/12 Roa : > http://pastebin.com/gyqK52QQ > > The ossec server running in  Ubuntu . > > > > *** Making os_dbd *** > > make[1]: Entering directory `/home/desarrollo/ossec-hids-2.6/src/ > os_dbd' > Compiling DB support with: > gcc -g -Wall -I../ -I../headers  -DDEFAULTDIR=\"/var/ossec\" - > DUSE