I worry about it? or make any changes to not occur?
On Friday, April 1, 2016 at 7:33:13 AM UTC-3, Jesus Linares wrote:
>
> Hi,
>
> It is not an error. It is a log used for troubleshooting purposes. Check
> out the code:
>
P.S.: This is a duplicated topic.
There is a more detailed explanation to your problem at the other topic:
https://groups.google.com/forum/#!topic/ossec-list/eSbdMTPLG7A
Regards.
On Friday, April 1, 2016 at 3:17:24 PM UTC+2, Victor Fernandez wrote:
>
> Hi.
>
> I did the same as you: changed
Hi.
I did the same as you: changed the rule's level from 0 to 10 and added
yes
on "ossec.conf", both at server, and I had no error.
You should check the Syscheck database (tail of file at
/var/ossec/queue/syscheck) and verify that new files are on it.
Depending on whether the file appears in
Hello All,
Now I have successfully log on to the ASA with enable mode. Before I put
configuration to ossec global configuration:
ssh_asa-fwsmconfig_diff
300
username@192.168.0.1
periodic_diff
What the next stage? Where I am able to find the result of asa script?
Very sorry about the mistake with your name - hope I haven't done it
before!?
Will try out your much much appreciated suggestions for decoders over the
weekend! Very excited! :)
Thanks,
Fredrik
On Friday, April 1, 2016 at 1:18:17 PM UTC+2, Jesus Linares wrote:
>
> Hi Fredrik,
>
> here an
Hi Fredrik,
here an example of decoding allow/block events (with the option
*after_regex*):
^\w\w\w \d+ \d+:\d+:\d+ \S+
firewall
Checkpoint-test
^block|^allow
(\w+) \S+ \S+ src: (\d+.\d+.\d+.\d+); dst:
(\d+.\d+.\d+.\d+)
action,srcip,dstip
Checkpoint-test
resource:
Hi.
I remember a problem that I had with permissions in Windows: please check
that your OSSEC directory (like C:\Program Files\ossec-agent) and every
file contained in it have full permissions for "Administrators".
I hope this solves your problem.
Best regards.
On Thursday, March 31, 2016
Check out this
blog:
http://perezbox.com/2013/07/ossec-detecting-new-files-understanding-how-it-works/
Pay attention to the part: "REAL TIME VS ALERT ON NEW".
Regards,
Jesus Linares.
On Thursday, March 31, 2016 at 9:08:37 PM UTC+2, jingxu...@bettercloud.com
wrote:
>
> I followed the
Hi,
It is not an error. It is a log used for troubleshooting purposes. Check
out the
code:
https://github.com/wazuh/ossec-wazuh/blob/6c2325e5f45b25adbaccc02ac1977c75c4a56599/src/win32/win_agent.c#L307
The agent writes this log when it doest not receive a server response in
the defined
