Re: [ossec-list] Emails are not going

On Wed, Mar 30, 2016 at 5:36 AM, sandeep dubey wrote: > Hi, > > Can i use third party email provider to send OSSEC emails ? For example > AWS's SES service. > I believe there was a recent thread on this exact topic. -- --- You received this message because you are

Re: [ossec-list] How to ignore log ?

On Wed, Mar 30, 2016 at 6:00 AM, sandeep dubey wrote: > Yes, below is the rule and output for test - > > RULE : > > DENIED > 1002 > profile="docker-default" > IGNORE RULE > > > TEST : > root@ossec-cloud:/var/ossec/bin# ./ossec-logtest > 2016/03/30 10:00:39

Re: [ossec-list] How to ignore log ?

Yes, below is the rule and output for test - RULE : DENIED 1002 profile="docker-default" IGNORE RULE TEST : root@ossec-cloud:/var/ossec/bin# ./ossec-logtest 2016/03/30 10:00:39 ossec-testrule: INFO: Reading local decoder file. 2016/03/30 10:00:39 ossec-testrule: INFO: Started (pid:

Re: [ossec-list] Emails are not going

Thanks Pedro for quick reply. Let me try at my setup, will update this thread if i fail to do so. On Wed, Mar 30, 2016 at 3:19 PM, Pedro S wrote: > You can set up on OSSEC any SMTP server and it will use it to send the > emails, BUT OSSEC is not able to use SMTP

Re: [ossec-list] Emails are not going

You can set up on OSSEC any SMTP server and it will use it to send the emails, BUT OSSEC is not able to use SMTP authentication. Amazon SES works with TLS authentication so.. I don't think OSSEC out-the-box can use Amazon SES. Instead of that you can probably configure Amazon SES SMTP account

Re: [ossec-list] Emails are not going

Hi, Can i use third party email provider to send OSSEC emails ? For example AWS's SES service. On Thu, Mar 24, 2016 at 3:27 PM, sandeep dubey wrote: > Thanks for the update. > On 24-Mar-2016 3:09 PM, "dan (ddp)" wrote: > >> >> On Mar 24, 2016 12:21

Re: [ossec-list] Apache log porting to Ossec server

Thanks ! The solution given here got worked!. Regards, Bhuvanesh On Thursday, March 3, 2016 at 11:49:28 PM UTC+5:30, Santiago Bassett wrote: > > Yes, it is possible. You need to use OSSEC logall option and have > logstash/filebeat reading /var/ossec/logs/archives.log > > My advice is to use

[ossec-list] Re: Help needed with Ossec implementation

Thanks Guys!! The solution given here got worked!. Regards, Bhuvanesh On Thursday, March 3, 2016 at 4:07:43 PM UTC+5:30, Pedro S wrote: > > Hi, > > If you need to forward to Elastic all the events (not only alerts), try to > enable the option *yes* (available at Wazuh > Fork

[ossec-list] Re: Decoding long messages - multiple regex statements

Hi Jose, I got some help to sort out the different timestamps (format) and all log types now use "Jan 27 09:41:01". You asked about the firewall, this particular one is a Checkpoint currently running version R77.20. The remaining question, that might be of interest to others on the path to

[ossec-list] Re: Windows agent - unable to start agent (check config)

Hi Thanks for answer, I try after 6 pm beacuse now people are working and can not reset the computer. W dniu wtorek, 29 marca 2016 22:51:25 UTC+2 użytkownik Victor Fernandez napisał: > > Hi. > > Have you added the original administrator and your own account to the > "Administrators" group? >

Re: [ossec-list] How to ignore log ?

Did you run ossec-logtest to verify that your log triggers the rule just created? Try to run it and paste the log, if the rule 81 is not being fired something went wrong with the rule creation. On Wednesday, March 30, 2016 at 8:10:39 AM UTC+2, sandeep wrote: > > Hi Dan, > > Thanks for the

Re: [ossec-list] How to ignore log ?

Hi Dan, Thanks for the detailed step and rule. I tried the same and still getting alert. On 29-Mar-2016 9:07 PM, "dan (ddp)" wrote: > On Tue, Mar 29, 2016 at 11:29 AM, sandeep dubey > wrote: > > Hi, > > > > I am getting this alert form all the hosts