Daniel,
Which OSSEC version was this change applied to? I am still seeing the
issue at 2.6:
[root@dev-app-ossec01 etc]# /var/ossec/bin/agent-auth -m 10.30.31.87 -p
1515 ; echo $?
2013/05/16 17:22:58 ossec-authd: INFO: Started (pid: 13374).
INFO: Connected to 10.30.31.87:1515
INFO: Using
In my environment , I'm using OSSEC server running on ubuntu to send logs
to Qradar (siem), the server is currently monitoring events / logs from two
agents (1 windows , 1 linux machine).
Unknown to me, the ossec server has suddenly stopped sending logs to
Qradar. In the ossec.conf at server
On Thu, May 16, 2013 at 2:42 PM, Ali man a.ali...@gmail.com wrote:
In my environment , I'm using OSSEC server running on ubuntu to send logs to
Qradar (siem), the server is currently monitoring events / logs from two
agents (1 windows , 1 linux machine).
Unknown to me, the ossec server has
Looks like the answer to my question is no - looked at our 2.6 version of
the *main-client.c *file and not seeing the changes that was made with SHA
2eff82c:
case SSL_ERROR_SYSCALL:
printf(INFO: Connection closed.\n);
exit(1);
break;
I;m not sure about the version , it was configured by someone else in my
team, I don't remember checking on ossec-csyslogd ? tcpdump shows now 514
traffic generated though? Do i have to restart the service.
On Thursday, May 16, 2013 11:46:11 AM UTC-7, dan (ddpbsd) wrote:
On Thu, May 16, 2013
Answered this question myself as well - looking at the 2.7 source code, it
looks like the fix is in there.
On Thursday, May 16, 2013 2:05:44 PM UTC-5, Col Velo wrote:
Looks like the answer to my question is no - looked at our 2.6 version
of the *main-client.c *file and not seeing the changes
My rule in local_rules.xml on server:
rule id=100074 level=0
program_namepbs_mom/program_name
hostname^compute-0-/hostname
descriptionNode job queue failures/description
/rule
Sample log entry:
May 16 17:17:01 compute-0-13.local pbs_mom: LOG_ERROR::Connection reset by
peer (104) in
How many ossec master servers do you have sending data to the database?
i.e. how many entries are there in the 'server' table?
If you only have one master then all entries will have the same server_id.
Also, a heads up if you have multiple master servers sending their data
to the database:
I have visited this site http://www.ossec.net/?page_id=19 and it say
this method to install it # wget -q -O -
https://www.atomicorp.com/installers/atomic
|sh
# yum install ossec-hids ossec-hids-server (or ossec-hids-client for
the agent) . If just need is the local version what must I discard
I have a web server and db server running and just came across this
wonderful tool. Do you think is fine to install at this stage the
ossec as my server have been running for few months already. Will it
still be able to help me in intrusion detection and how about my file
check integrity? Thank
On Wed, May 15, 2013 at 9:27 PM, netzerosp...@gmail.com wrote:
Hi guys,
I'm trying to install ossec with mysql support
But all the server_id field is having value 1
I'm confused how to do query with this
Can anyone help?
Powered by Telkomsel BlackBerry®
Are your alerts being inserted
On Thu, May 16, 2013 at 8:59 PM, frwa onto frwao...@gmail.com wrote:
I have visited this site http://www.ossec.net/?page_id=19 and it say
this method to install it # wget -q -O -
https://www.atomicorp.com/installers/atomic
|sh
# yum install ossec-hids ossec-hids-server (or ossec-hids-client
On Thu, May 16, 2013 at 8:34 PM, mntbighker mntbigh...@gmail.com wrote:
My rule in local_rules.xml on server:
rule id=100074 level=0
program_namepbs_mom/program_name
hostname^compute-0-/hostname
Does it work if you use the complete hostname?
descriptionNode job queue
On Thu, May 16, 2013 at 4:48 PM, Ali man a.ali...@gmail.com wrote:
I;m not sure about the version , it was configured by someone else in my
team, I don't remember checking on ossec-csyslogd ? tcpdump shows now 514
traffic generated though? Do i have to restart the service.
Find out if
14 matches
Mail list logo