Thank you for your reply, I´ll be working on that and share it when done.
Kind Regards
2015-03-11 2:10 GMT+01:00 Brent Morris brent.mor...@gmail.com:
You might need to flesh out the rules for asterisk. I didn't see anything
based on INVITE in the asterisk section of the decodes or the
Thanks Dan,
I will do that just now.
On Monday, March 9, 2015 at 10:07:31 AM UTC-4, dan (ddpbsd) wrote:
On Mon, Mar 9, 2015 at 9:57 AM, ash kumar ak2...@gmail.com javascript:
wrote:
I just stumbled upon the following directive much to my delight
ossec_config
global
There is no interesting output on agent_control -r -a
Here is my standard syscheck config section:
syscheck
frequency14400/frequency
prefilter_cmd/usr/sbin/prelink -y/prefilter_cmd
directories check_all=yes/etc,/usr/bin,/usr/sbin/directories
directories
how to configure ossec to monitor logs nmap and output signal issue of
changing the state of the port or host? help PLS
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an
*Dear All,*
*Could any one tell me about If intrusion response system is an
adaptive, then will they must be automatic or not? . I have confusion.*
*I mean should adaptive intrusion response system must be automatic or
not??*
*Thanks and Regards,*
Zakira Inayat
Ph.D student
why I do not appear Previously open ports: port when I open it and then
close the same
четверг, 12 марта 2015 г., 4:01:49 UTC+3 пользователь Brent Morris написал:
I haven't done it, but the documentation is here:
https://github.com/ossec/ossec-hids/blob/master/doc/nmap.txt
On Wednesday,
From:
http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html#element-jsonout_output
and:
http://ossec-docs.readthedocs.org/en/latest/manual/output/json-alert-log-output.html
Note: This feature first appeared in OSSEC 2.9.
Regards
Christian
Am 12.03.2015 um 09:39
Apologies for the delay coming back to you on this, I have just updated our
test install with the latest ossecalert branch, and removed my cron job to
restart the agent at midnight. I will report back tomorrow with results
Thanks,
Craig
On Wednesday, 25 February 2015 20:24:31 UTC, dan
hello, im trying to configure Ossec to store alerts in JSON format, but the
configuration method on the ossec´s documentation seems not working.
ossec_config
global
jsonout_outputyes/jsonout_output
...
/global
.../ossec_config
When I restart the ossec-control to apply changes,
On Thu, Mar 12, 2015 at 5:30 AM, CraigL craigahlaw...@gmail.com wrote:
Apologies for the delay coming back to you on this, I have just updated our
test install with the latest ossecalert branch, and removed my cron job to
restart the agent at midnight. I will report back tomorrow with results
On Wed, Mar 11, 2015 at 4:54 PM, Corey Morabito
c.morabito1...@gmail.com wrote:
Hey does anyone have a custom rule that will notify Analogi and Ossec of
both successful logon/logoffs and a rule that alerts after so many login
attempts? any advice or thoughts help. Thanks.
From what service?
On Thu, Mar 12, 2015 at 8:20 AM, Juan Carlos Jimenez
ssjbos...@gmail.com wrote:
where can i found Ossec 2.9 version??
It's not out yet, but you can get the code from github
https://github.com/ossec/ossec-hids and help us test.
--
---
You received this message because you are subscribed to
On Thu, Mar 12, 2015 at 3:20 AM, alex petrov allreadypa...@gmail.com wrote:
why I do not appear Previously open ports: port when I open it and then
close the same
Was there an nmap scan while the port was open?
If you look in the nmap logs, does the new port appear?
четверг, 12 марта 2015
On Wed, Mar 11, 2015 at 9:33 PM, D-Dub solobon...@gmail.com wrote:
test:/var/agent/bin# ./manage_agents
*
* OSSEC HIDS v2.8 Agent manager.*
Is this expected when 2.8.1 is installed? Also is there a way to verify
that 2.8.1 is installed?
On Mon, Mar 9, 2015 at 7:00 PM, Linden Varley lvar...@1-stop.biz wrote:
Hi
I've got the following added to /var/ossec/rules/local_rules.xml on the OSSEC
server. Anything I need to do client-side?
rule id=553 level=10 overwrite=yes
categoryossec/category
Doc are incorrect default patterns:
} else {
OSRegex_Compile(.xml$, regex, 0);
}
https://github.com/ossec/ossec-hids/blob/master/src/config/rules-config.c
On Mar 12, 2015, at 4:46 PM, autodidactic theoriginalg...@gmail.com wrote:
I'm using the
https://github.com/ossec/ossec-hids/pull/422
This has not been pulled into ossec. But I think he keeps it up to date over
at https://bitbucket.org/aquerubin/ossec-hids/wiki/Home
This has not been pulled into ossec but should be I think.
On Mar 12, 2015, at 11:41 AM, Sebastian Pesman
*Thanks and Regards,*
Zakira Inayat
Ph.D student in University of Malaya, Malaysia
-- Forwarded message --
From: Zakirasafi zakiras...@gmail.com
Date: Thu, Mar 12, 2015 at 10:46 AM
Subject: Intrusion response system
To: ossec-list@googlegroups.com
*Dear All,*
*Could any one
Hi all,
Just wondering if anyone else has the issues I'm running into with the
Ossec server that will not listen on an IPv6 address.
Running on Centos 6.5 with IPv6 and the Ossec server 2.8
ossec-hids.x86_64 2.8.1-47.el6.art
I'm using the decoder_dir to enable other decoders to be dropped into a
directory and picked up upon restarting ossec. My config snippet is like:
rules
... bunch of include... /include
rule_diretc/rules.d/rule_dir
decoderetc/decoder.xml/decoder
20 matches
Mail list logo