Hi,
thx for your response.
Considering some changelogs that i saw and the tests that i made, ossec
still dont buffer the logs/ continue with the last not sent event.
Indeed i tested NXLOG as the shipper for windows-events and it works pretty
well in the comunity edition but dont have the
Hi Guys,
i have a problem with the ossec-agent on windows 7. I use the appliance
2.7.1. The connection between the host and the server works. But my problem
is this (see my log):
2014/06/18 14:53:27 ossec-agent Using notify time: 600 and max time to
reconnect: 1800
2014/06/18 14:53:27
On Wed, Jun 18, 2014 at 2:19 AM, horst knete baduncl...@hotmail.de wrote:
Hi,
thx for your response.
Considering some changelogs that i saw and the tests that i made, ossec
still dont buffer the logs/ continue with the last not sent event.
The OSSEC project does accept code contributions.
On Wed, Jun 18, 2014 at 7:05 AM, lennyde...@googlemail.com wrote:
Hi Guys,
i have a problem with the ossec-agent on windows 7. I use the appliance
2.7.1. The connection between the host and the server works. But my problem
is this (see my log):
2014/06/18 14:53:27 ossec-agent Using notify
We would Very much welcome it. Some suggestions, but nothing more for the
branch :).
Agent - master:
json and use first char of { to pick new code path for processing the messages.
This will allow master to work with legacy agents and new agents cleanly.
Master-agent:
This is harder but
Log all feature comes up all the time and is confusing I think and maybe
something we should solve better. But I am worried about turning ossec from
security to a log daemon as other tools have solved that problem.
Currently logall just saves the raw messages without any metadata like file
Maybe I’m crazy, but I think OSSEC is like a log daemon +…
It’s cross platform, it includes encryption, it has built in filtering and can
do active response. Why would it make sense to duplicate log shipping if you
need it to do the security stuff? I.e. OSSEC ought to be a good log aggregator
I feel that OSSEC should not be expected to support reliable/guaranteed
log shipping as has come up more than once in the last few weeks on this
mailing list. There are very well supported comercial and free systems
for that. OSSEC is a HIDS, not a log shipping application.
For example; the NXLOG
* James M. Pulver jmp...@cornell.edu [2014-06-18 12:03:15 +]:
Maybe I???m crazy, but I think OSSEC is like a log daemon +???
It???s cross platform, it includes encryption, it has built in filtering and
can do active response. Why would it make sense to duplicate log shipping if
you need
* James M. Pulver jmp...@cornell.edu [2014-06-18 12:03:15 +]:
Maybe I???m crazy, but I think OSSEC is like a log daemon +???
It???s cross platform, it includes encryption, it has built in filtering and
can do active response. Why would it make sense to duplicate log shipping if
you
Ok, here is the ossec agent conf.
!-- READ ME FIRST. If you are configuring OSSEC for the first time,
- try to use the Manage_Agent tool. Go to control panel-OSSEC Agent
- to execute it.
-
- First, add a server-ip entry with the real IP of your server.
- Second, and optionally,
Ok, here is the ossec.conf:
!-- READ ME FIRST. If you are configuring OSSEC for the first time,
- try to use the Manage_Agent tool. Go to control panel-OSSEC Agent
- to execute it.
-
- First, add a server-ip entry with the real IP of your server.
- Second, and optionally, change
On Wed, Jun 18, 2014 at 8:38 AM, lennyde...@googlemail.com wrote:
Ok, here is the ossec.conf:
!-- READ ME FIRST. If you are configuring OSSEC for the first time,
- try to use the Manage_Agent tool. Go to control panel-OSSEC Agent
- to execute it.
-
- First, add a server-ip
On Jun 18, 2014, at 8:09 AM, Artien Bel artien@topicus.nl wrote:
I feel that OSSEC should not be expected to support reliable/guaranteed
log shipping as has come up more than once in the last few weeks on this
mailing list. There are very well supported comercial and free systems
for
Hi Jeremy,
Replies inline.
On Wed, Jun 18, 2014 at 8:48 AM, Jeremy Rossi jer...@jeremyrossi.com wrote:
* James M. Pulver jmp...@cornell.edu [2014-06-18 12:03:15 +]:
Maybe I???m crazy, but I think OSSEC is like a log daemon +???
It???s cross platform, it includes encryption, it has
I'm sure there's no technical inability to do this with OSSEC, but I
feel the effort to create this could be put to better use working on
features/bugfixes that have to do with it's primary task; which is being
a HIDS. But if someone submits a pull request to allow reliable log
transfer and there
I think OSSEC should be a good logging daemon. How do you generate alerts if
you can't guarantee you get the logs, if the alerts are based on central
processing of the logs? This seems like a huge gaping hole in IDS to me - if I
was attacking an OSSEC endpoint, first thing I'd do once I
Wouldn't the primary use-case be that you want to make sure that when
the server goes down, when it comes back up, agent-events will be
processed from the moment it went down? Or perhaps in cases of
(D)DOS/network congestion, to be sure that events eventually would be
delivered to the server?
Well, I'm using the agent on Windows, and many are laptops. So they stay up,
but wander away from our network. They currently can't connect to the OSSEC
server when off our network. This may be unnecessary paranoia on our part, and
we are working on what we can expose to the net at large, but
On 2014-06-18 7:57, Jeremy Rossi wrote:
One of the things that has become more and more clear is that people
expect ossec to do this. Be it bad docs that are not clear, or
something else. Part of me agrees that use the correct tools for the
job, but why ship the logs twice? And more
Agreed. And yes - why do I want 2 streams of data being sent over my
network, when one is sufficient? What if the EPS is so high that sending 2
streams - one for a syslog-tool and the other for OSSEC, brings my network
to its knees? It really does make sense to simply strengthen the log all
I think people forget that when you put OSSEC on a server, it really does
not make sense to run a syslog-type daemon sending data to a central log
host at the same time OSSEC is doing it. Wastes bandwidth and since OSSEC
can actually deliver more than just standard syslogs - it is much more
* Michael Starks ossec-l...@michaelstarks.com [2014-06-18 09:21:05 -0500]:
On 2014-06-18 8:47, Artien Bel wrote:
Again, to be clear: I have no actual objection to this functionality
than that I feel effort could be better invested in other parts of
OSSEC, because there are already better
Hi,
I'm really a newbie in this field and I'm posting this to see if I
installed a standalone version
for a managed server correctly.
The server is Centos 6.5.
I took the following steps:
# wget -q -O - https://www.atomicorp.com/installers/atomic | sh
# yum install ossec-hids
Seriously? OSSEC is FAR from a replacement for centralized syslog
server, and to think it is folly IMO. Can OSSEC guarantee it will
receive all incoming logs? Can OSSEC store those logs in multiple
format, text, sql database? How does OSSEC handle the archival of said
logs? I could go on and on.
On 2014-06-18 11:08, Darin Perusich wrote:
Seriously? OSSEC is FAR from a replacement for centralized syslog
server, and to think it is folly IMO. Can OSSEC guarantee it will
receive all incoming logs? Can OSSEC store those logs in multiple
format, text, sql database? How does OSSEC handle the
When I first started using OSSEC, a big part of why I chose it as my
institution's HIDS was its multi-platform support and ease of installation
and use. The stock components that ship with OSSEC are everything a system
administrator needs to get up and running quickly with FIM and log analysis.
It
Hi! We recently installed OSSEC in order to comply with integrity checking
standards. The computer we're interested in monitoring scans checks on a
daily basis and processes financial information. I am obviously new to
OSSEC, but I managed to install a virtual appliance server and then an
On Wed, Jun 18, 2014 at 11:53 AM, David j davidatwork...@gmail.com wrote:
Hi,
I'm really a newbie in this field and I'm posting this to see if I installed
a standalone version
for a managed server correctly.
The server is Centos 6.5.
I took the following steps:
# wget -q -O -
29 matches
Mail list logo