date:20161005

RE: [ossec-list] last -10

2016-10-05 Thread Adiel Navarro

I turning logall and I see the next message in archive.log 2016 Oct 05 17:07:38 (porssng1a) 10.209.94.25->last 10 ossec: output: 'last 10': wtmp begins Fri Jul 11 15:58 -Mensaje original- De: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] En nombre de dan (ddp)

Re: [ossec-list] last -10

2016-10-05 Thread dan (ddp)

On Wed, Oct 5, 2016 at 11:44 AM, Adiel Navarro wrote: > If I understand, when I turning logall option, all the logs of all the > commands configured in the agents send yours outputs to the server, right? > > How can this affect the performance on the ossec server?

[ossec-list] Correct way to overwrite a "chained" rule

2016-10-05 Thread Christina Plummer

Hello all, My problem: Erroneous messages are causing rule 5503 (pam_unix authentication failure) to trigger even when the login was actually successful. This is not OSSEC's fault - it is due to the pam stack being configured to check both pam_unix and another module which performs AD

RE: [ossec-list] last -10

2016-10-05 Thread Adiel Navarro

If I understand, when I turning logall option, all the logs of all the commands configured in the agents send yours outputs to the server, right? How can this affect the performance on the ossec server? Just I need the last command output. -Mensaje original- De:

Re: [ossec-list] last -10

2016-10-05 Thread dan (ddp)

On Wed, Oct 5, 2016 at 10:37 AM, Adiel Navarro wrote: > No, the rule is not commented. > Meanwhile, I delete the --> sign... > Did you restart the OSSEC processes on the server? You can try turning the log_all option on and check the archives.log to make sure your

Re: [ossec-list] last -10

2016-10-05 Thread dan (ddp)

On Wed, Oct 5, 2016 at 10:59 AM, Adiel Navarro wrote: > Sure, I restarted the services on the ossec server. > > How can I turning log_all option? > > Do you have any example? > Sorry, it's "logall" not "log_all."

RE: [ossec-list] last -10

2016-10-05 Thread Adiel Navarro

Sure, I restarted the services on the ossec server. How can I turning log_all option? Do you have any example? Actually, I see that in var/ossec/logs/archives/archives.log on the server... drwxr-x--- 8 ossec ossec 4096 Oct 1 00:00 2016 -rw-r- 2 ossec ossec0 Oct 5 00:00 archives.log

RE: [ossec-list] last -10

2016-10-05 Thread Adiel Navarro

No, the rule is not commented. Meanwhile, I delete the --> sign... -Mensaje original- De: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] En nombre de dan (ddp) Enviado el: miércoles, 05 de octubre de 2016 09:25 a.m. Para: ossec-list@googlegroups.com Asunto: Re:

Re: [ossec-list] last -10

2016-10-05 Thread Aj Navarro

El miércoles, 5 de octubre de 2016, 6:26:42 (UTC-5), dan (ddpbsd) escribió: > > On Tue, Oct 4, 2016 at 6:21 PM, Aj Navarro > wrote: > > i want to monitoring the last connections on a server. > > > > I configuring last -10 command on a ossec.conf client > > > > > >

RE: [ossec-list] last -10

2016-10-05 Thread Adiel Navarro

Sure, I configured the next rule in local_rules.xml on the ossec server: 530 ossec: output: 'last -10 Last connections. --> L.I. Adiel Jesús Navarro Rosado Analista OyM Seguridad Operativa A: adiel.nava...@mail.telcel.com . Ext. 5179 : 5510101509 -Mensaje

Re: [ossec-list] last -10

2016-10-05 Thread dan (ddp)

On Tue, Oct 4, 2016 at 6:21 PM, Aj Navarro wrote: > i want to monitoring the last connections on a server. > > I configuring last -10 command on a ossec.conf client > > > full_command > last 10 > 60 > > I need that the output of this command will send to

Re: [ossec-list] syscheck can take months to report new or changed files

2016-10-05 Thread dan (ddp)

On Wed, Oct 5, 2016 at 2:30 AM, Kumar G wrote: > Hi Dan, > > What would be the syscheck db file size we have to watch for or how often we > should clear the syscheck files on ossec servers? > I've never run into any issues with it, just kind of a guess. Most of my installs

Re: [ossec-list] syscheck can take months to report new or changed files

2016-10-05 Thread Kumar G

Hi Dan, What would be the syscheck db file size we have to watch for or how often we should clear the syscheck files on ossec servers? Thanks Kumar On 3 October 2016 at 17:18, dan (ddp) wrote: > On Fri, Sep 30, 2016 at 4:40 PM, David wrote: > > > >

Re: [ossec-list] Windows Eventlogs

2016-10-05 Thread Kumar G

These were creating big log files and additional event alerts while testing, hence we reverted to the eventlog way. Thank you Victor. On 30 September 2016 at 17:33, Victor Fernandez wrote: > Hi Kumar, > > please ensure that folders "tmp" and "bookmarks" have total permissions

Re: [ossec-list] Re: OSSEC - sudo

2016-10-05 Thread Kumar G

Thank you Victor/Dan. We tried these suggestion and implemented them on the systems. Looks good now with out list On 30 September 2016 at 17:21, Victor Fernandez wrote: > Hi Kumar, > > The ossec group is intended to access shared files and write only onto > logs and queues,

RE: [ossec-list] last -10

Re: [ossec-list] last -10

[ossec-list] Correct way to overwrite a "chained" rule

RE: [ossec-list] last -10

Re: [ossec-list] last -10

Re: [ossec-list] last -10

RE: [ossec-list] last -10

RE: [ossec-list] last -10

Re: [ossec-list] last -10

RE: [ossec-list] last -10

Re: [ossec-list] last -10

Re: [ossec-list] syscheck can take months to report new or changed files

Re: [ossec-list] syscheck can take months to report new or changed files

Re: [ossec-list] Windows Eventlogs

Re: [ossec-list] Re: OSSEC - sudo

15 matches

Site Navigation

Mail list logo

Footer information