Hi!
In Internet I found info, that ossec is capable to handle ~600 EPS, so I
wonder - why it stops functioning correctly with my ~39 events per sec. in
server logs?
I disabled unwanted rules in ossec.conf, as described in
Hi,ALL
How can i do for the rule just analysis the specified log file.
i have a rule and just want analysis the syslog,but now my ossec at the
same time will analyze secure
how can i assign the log file for the rule?
--
---
You received this message because you are subscribed to
On Oct 24, 2013 5:37 AM, r...@cnmoker.org wrote:
Hi,ALL
How can i do for the rule just analysis the specified log file.
i have a rule and just want analysis the syslog,but now my ossec at the
same time will analyze secure
how can i assign the log file for the rule?
Try hostname in the
On Oct 24, 2013 5:36 AM, rim bulls rimbul...@gmail.com wrote:
Hi!
In Internet I found info, that ossec is capable to handle ~600 EPS, so I
wonder - why it stops functioning correctly with my ~39 events per sec. in
server logs?
I disabled unwanted rules in ossec.conf, as described in
Hello Guys,
I'd like to know if is possible to configure ossec for ignoring a time
period.
Ex: Where I work, we've got our change process, and we install up to 8
changes a day.
The problem is, ossec is generating lots of notifications of new files,
change files, etc, because this changes may be
On Thu, Oct 24, 2013 at 9:23 AM, Stephan Gomes Higuti
higuti@gmail.com wrote:
Hello Guys,
I'd like to know if is possible to configure ossec for ignoring a time
period.
Ex: Where I work, we've got our change process, and we install up to 8
changes a day.
The problem is, ossec is
On 24.10.2013 01:36, rim bulls wrote:
Do someone have any experience with handling large numbers of EPS? Is
there some tuning has to be done?
Very sorry for my english :(
Have Sun!
I have personally tested OSSEC up to 5000 EPS and it didn't drop
anything. I know of one environment with 20k
The Windows decoder has been problematic for many people. I think it's
time to fix it. But in order to do so, we need some logs. If you would
like to help the project, here is what I need.
Raw logs from the security event log in archives.log on the manager
(the more, the better, hopefully
Was wondering the same thing...
On Tuesday, October 22, 2013 1:27:47 AM UTC-7, carlopmart wrote:
Hi all,
This question is for OSSEC developers/managers. Exists any expected
release date for OSSEC 2.7.1?
Thanks.
--
---
You received this message because you are subscribed to the
On 22.10.2013 03:27, C. L. Martinez wrote:
Hi all,
This question is for OSSEC developers/managers. Exists any expected
release date for OSSEC 2.7.1?
Thanks.
There is currently no release date scheduled. We were getting ready to
release but then discovered a couple of issues that we would
Very soon I should start getting logs from Server 2008R2 domain controller, and
will also have Windows 7 x64 clients reporting...
We have 500+ user accounts, with probably 300 active users.
I see this is a little newer than you were looking for, but would my collecting
these logs help?
--
On 24/10/13 16:16, Michael Starks wrote:
On 22.10.2013 03:27, C. L. Martinez wrote:
Hi all,
This question is for OSSEC developers/managers. Exists any expected
release date for OSSEC 2.7.1?
Thanks.
There is currently no release date scheduled. We were getting ready to
release but then
On Thu, Oct 24, 2013 at 1:47 PM, David Juarez djuar...@usfca.edu wrote:
normally a file as a md5sum
example
$ ls
$ touch test
$ md5sum test
d41d8cd98f00b204e9800998ecf8427e test
$
$ vi test
$ md5sum test
d8e8fca2dc0f896fd7cb4cb0031ba249 test
$
I made changes to the file and md5sum
ok..
I will look into it...
Many Thanks for your advise and quick response.
Kind regards,
D.J.
On Thu, Oct 24, 2013 at 10:59 AM, dan (ddp) ddp...@gmail.com wrote:
On Thu, Oct 24, 2013 at 1:47 PM, David Juarez djuar...@usfca.edu wrote:
normally a file as a md5sum
example
$ ls
$ touch
I would recommend learning and understanding the anatomy of a Linux file
system.
This link is the best I could find; it's a 7 part series.
http://www.cyberciti.biz/tips/understanding-unixlinux-filesystem-inodes.html
There is also a very good book on Unix forensics called Forensic Discovery.
Great !!!
Thank you so much.. I really appreciate it.. I will definitely check these
links..
Kind regards,
D.J.
On Thu, Oct 24, 2013 at 11:32 AM, Saul Alanis sdal...@gmail.com wrote:
I would recommend learning and understanding the anatomy of a Linux file
system.
This link is the best I
Can someone give an example of someone in large retail that is successfully
using OSSEC? We are looking at solutions for our company of over 50
stores, but I'd like to know that someone else has already tried this in a
large environment. Can anyone share links or examples?
Thanks!
--
---
I've never seen this and I work for a large retail company. Are you
referring to having an OSSEC agent installed on every POS system?
On
10/24/2013 03:05 PM, InfoSec Guy wrote:
Can someone give an example
of someone in large retail that is successfully using OSSEC? We are
looking at
On 24.10.2013 12:56, James M. Pulver wrote:
Very soon I should start getting logs from Server 2008R2 domain
controller, and will also have Windows 7 x64 clients reporting...
We have 500+ user accounts, with probably 300 active users.
I see this is a little newer than you were looking for, but
hi there,
i know recently there was an ossec conference in the US last summeri
was wondering if there is any interest/demand for something similar in
europe.
how many european people use ossec?
unfortunately i don't have the opportunity to travel so far for one-day
events :(
so something
At Trend Micro, we continue to gauge the interest for holding an OSSEC CON
in Europe.
Interested users please reply here.
Ideally we would like to co-locate it with one of the other major
conferences.
Your feedback are important to us for making it happen.
On Thursday, October 24, 2013
21 matches
Mail list logo