hi
2013/03/04 13:06:27 rules_list: Signature ID '1050001' not found. Invalid
'if_sid'.
thanksBest Regards
From: dan (ddp)
Date: 2013-03-01 22:52
To: ossec-list
Subject: Re: [ossec-list] Invalid 'if_sid' problem
On Fri, Mar 1, 2013 at 3:14 AM, root r...@cnmoker.org wrote:
hi,all
my
I installed Ossec Server and some agents on other servers. But the thing is
that out of 10 agents only 7 servers are able to communicate with Ossec
Server and 3 are not.
This is the Ossec Server information
DIRECTORY=/var/ossec
VERSION=v2.5.1
DATE=Thu Jan 13 17:03:30 AST 2011
TYPE=server
hi,
now i has match discarded value in rsyslog-stats,i want monitoring this if
value is 0 no alert and if not alert it!
so how can i do?
thanksBest Regards
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this
Hello. I am running OSSEC 2.6. I am pushing logs from Windows Domain
Controllers
I only want certain level alerts to generate emails, and different alerts
to go to different groups. For example, all network alerts above 8 go to
the network team, Linux alerts above 8 go to the Linux tea, and
ok,this problem i kown why.because local group not have 1050001,so if_sid
can not find it.
thanksBest Regards
From: root
Date: 2013-03-04 13:07
To: ossec-list
Subject: Re: Re: [ossec-list] Invalid 'if_sid' problem
hi
2013/03/04 13:06:27 rules_list: Signature ID '1050001' not found.
hi
i write rule like this
group name=rsyslog,
rule id=105001 level=0
decoded_asrsyslog-pstats/decoded_as
extra_data^0/extra_data
descriptionrsyslog is right/description
/rule
rule id=105002 level=13
decoded_asrsyslog-pstats/decoded_as
extra_data^1/extra_data
I just tried your rules:
group name=local,rsyslog,
rule id=150001 level=0
!--decoded_asrsyslog-pstats/decoded_as --
extra_data0/extra_data
descriptionrsyslog is right/description
/rule
rule id=150002 level=1
if_sid150001/if_sid
extra_data1/extra_data
bump
On Tuesday, February 26, 2013 9:44:59 AM UTC-7, cspragu...@gmail.com wrote:
If so, did you use one of the scripts within /var/ossec/agentless or did
you create your own script?
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To
Just wondering if I am missing something. I have an agent that has used too
much space for syscheck changes. I want to re-init with new rules. If I run
syscheck_control with -u it says it will INIT the database, but the old
stuff is still there. So I have to get on every system to clear the old
Update to 2.7 on both Manager and client ...
On Sunday, March 3, 2013 11:46:51 PM UTC-8, Umair Mustafa wrote:
I installed Ossec Server and some agents on other servers. But the thing
is that out of 10 agents only 7 servers are able to communicate with Ossec
Server and 3 are not.
This is
Hey everybody,
I have a task that I'm struggling with; could you help?
*Task*: I need to have a blacklist capability on all of my agents ( to
alert, not block)
*Issue 1*: The blacklist contains over 700 IPs (currently) so creating a
rule for each would (to me) seem taxing on the agent and
now, i wrote like this
decoder name=rsyslog-pstats-main
parentrsyslog-pstats/parent
prematch^main\sQ/prematch
/decoder
decoder name=rsyslog-pstats-discarded-full
parentrsyslog-pstats-main/parent
regex offset=after_parent^\.*discarded\pfull=(\d+)\.*/regex
orderextra_data/order
Is it possible to add this functionality in a future version of ossec-agent
for win?
среда, 27 февраля 2013 г., 10:11:21 UTC+6 пользователь Андрей Шевченко
написал:
It looks like this feature was not included in the ossec-hids/src/win32/
I have not found any changes in the win32 sources.
13 matches
Mail list logo