I turning logall and I see the next message in archive.log
2016 Oct 05 17:07:38 (porssng1a) 10.209.94.25->last 10 ossec: output: 'last 10':
wtmp begins Fri Jul 11 15:58
-Mensaje original-
De: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] En nombre
de dan (ddp)
On Wed, Oct 5, 2016 at 11:44 AM, Adiel Navarro
wrote:
> If I understand, when I turning logall option, all the logs of all the
> commands configured in the agents send yours outputs to the server, right?
>
> How can this affect the performance on the ossec server?
Hello all,
My problem:
Erroneous messages are causing rule 5503 (pam_unix authentication failure)
to trigger even when the login was actually successful. This is not
OSSEC's fault - it is due to the pam stack being configured to check both
pam_unix and another module which performs AD
If I understand, when I turning logall option, all the logs of all the commands
configured in the agents send yours outputs to the server, right?
How can this affect the performance on the ossec server?
Just I need the last command output.
-Mensaje original-
De:
On Wed, Oct 5, 2016 at 10:37 AM, Adiel Navarro
wrote:
> No, the rule is not commented.
> Meanwhile, I delete the --> sign...
>
Did you restart the OSSEC processes on the server?
You can try turning the log_all option on and check the archives.log
to make sure your
On Wed, Oct 5, 2016 at 10:59 AM, Adiel Navarro
wrote:
> Sure, I restarted the services on the ossec server.
>
> How can I turning log_all option?
>
> Do you have any example?
>
Sorry, it's "logall" not "log_all."
Sure, I restarted the services on the ossec server.
How can I turning log_all option?
Do you have any example?
Actually, I see that in var/ossec/logs/archives/archives.log on the server...
drwxr-x--- 8 ossec ossec 4096 Oct 1 00:00 2016
-rw-r- 2 ossec ossec0 Oct 5 00:00 archives.log
No, the rule is not commented.
Meanwhile, I delete the --> sign...
-Mensaje original-
De: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] En nombre
de dan (ddp)
Enviado el: miércoles, 05 de octubre de 2016 09:25 a.m.
Para: ossec-list@googlegroups.com
Asunto: Re:
El miércoles, 5 de octubre de 2016, 6:26:42 (UTC-5), dan (ddpbsd) escribió:
>
> On Tue, Oct 4, 2016 at 6:21 PM, Aj Navarro > wrote:
> > i want to monitoring the last connections on a server.
> >
> > I configuring last -10 command on a ossec.conf client
> >
> >
> >
Sure,
I configured the next rule in local_rules.xml on the ossec server:
530
ossec: output: 'last -10
Last connections.
-->
L.I. Adiel Jesús Navarro Rosado
Analista OyM Seguridad Operativa
A: adiel.nava...@mail.telcel.com
. Ext. 5179
: 5510101509
-Mensaje
On Tue, Oct 4, 2016 at 6:21 PM, Aj Navarro wrote:
> i want to monitoring the last connections on a server.
>
> I configuring last -10 command on a ossec.conf client
>
>
> full_command
> last 10
> 60
>
> I need that the output of this command will send to
On Wed, Oct 5, 2016 at 2:30 AM, Kumar G wrote:
> Hi Dan,
>
> What would be the syscheck db file size we have to watch for or how often we
> should clear the syscheck files on ossec servers?
>
I've never run into any issues with it, just kind of a guess.
Most of my installs
Hi Dan,
What would be the syscheck db file size we have to watch for or how often
we should clear the syscheck files on ossec servers?
Thanks
Kumar
On 3 October 2016 at 17:18, dan (ddp) wrote:
> On Fri, Sep 30, 2016 at 4:40 PM, David wrote:
> >
> >
These were creating big log files and additional event alerts while
testing, hence we reverted to the eventlog way. Thank you Victor.
On 30 September 2016 at 17:33, Victor Fernandez wrote:
> Hi Kumar,
>
> please ensure that folders "tmp" and "bookmarks" have total permissions
Thank you Victor/Dan. We tried these suggestion and implemented them on the
systems. Looks good now with out list
On 30 September 2016 at 17:21, Victor Fernandez wrote:
> Hi Kumar,
>
> The ossec group is intended to access shared files and write only onto
> logs and queues,
15 matches
Mail list logo