Hi Michael,
Thanks for the response. Patch 02 is close but not what we need. We want to
configure the time a server declares an agent disconnected (and send an
e-mail). If I understand correctly that patch will only modify the time an
agent tries to reconnect.
I want to decrease the amount
I'm having trouble getting the active response agent on windows to work. I
can manually trigger the win_nullroute command by using ./agent_control -b
2.3.4.5 -f win_nullroute600 -u 010 on the ossec server, and the route
appears on the agent host, however none of the rules are firing on any
We have a Windows system making many sftp connections to a Linux system in
a short period of time. It is 3rd party software that I am being told
can't be changed to use key exchange. The result is this is perceived as
an attack and we start denying the host. Is there a way to ignore the
On Wed, Jun 5, 2013 at 10:06 PM, Dave Edwards dave.j.edwa...@gmail.com wrote:
Whoops, sorry. Been busy over the last week. Just getting back to it now.
Nope, ossec-remoted is not in the list of daemons in ossec-control after the
install.
I noticed that and tried adding it manually but it
On Wed, Jun 5, 2013 at 3:36 PM, David Blanton
david.blanton...@gmail.com wrote:
Okay just a quick update:
I'm getting error 1403: ERROR: Incorrectly formated message from 'ipAddress'
Is this a WUI error or an ossec agent error? If it's an ossec agent
error, make sure:
The agent in question
On Thu, Jun 6, 2013 at 10:14 AM, Jeff Neely jefflne...@gmail.com wrote:
We have a Windows system making many sftp connections to a Linux system in a
short period of time. It is 3rd party software that I am being told can't
be changed to use key exchange. The result is this is perceived as an
On Thu, Jun 6, 2013 at 9:04 AM, Andrew Sarver astromod...@gmail.com wrote:
I'm having trouble getting the active response agent on windows to work. I
can manually trigger the win_nullroute command by using ./agent_control -b
2.3.4.5 -f win_nullroute600 -u 010 on the ossec server, and the route
How about any other log files I need to monitor? Is notice there is a
breakdown of folder by month and day what do they store then?
On Wed, Jun 5, 2013 at 9:44 PM, dan (ddp) ddp...@gmail.com wrote:
On Sat, Jun 1, 2013 at 12:04 AM, frwa onto frwao...@gmail.com wrote:
Dear Dan,
Dan,
It seems like only the default active response scripts are being
recognized. In the ossec.log on the agent system, I have these three lines
from testing earlier today:
2013/06/06 12:03:27 ossec-agent: INFO: Active response command not present:
'active-response/bin/restart-ossec.sh'. Not
On Thu, Jun 6, 2013 at 1:02 PM, Andrew Sarver astromod...@gmail.com wrote:
Dan,
It seems like only the default active response scripts are being recognized.
In the ossec.log on the agent system, I have these three lines from testing
earlier today:
2013/06/06 12:03:27 ossec-agent: INFO:
The active-response.log on the agents only shows the responses I manually
executed, e.g. 06/06/2013 10:48 active-response/bin/route-null.cmd add
- 2.3.4.5 (from_the_server) (no_rule_id)
On Thursday, June 6, 2013 1:10:15 PM UTC-4, dan (ddpbsd) wrote:
On Thu, Jun 6, 2013 at 1:02 PM, Andrew
11 matches
Mail list logo
