Re: [ossec-list] Re: Agentless ssh monitoring fails to connect every time

2017-03-22 Thread dan (ddp)
On Tue, Mar 21, 2017 at 7:11 PM, Marcin Gołębiowski wrote: > Trying to debug with expect I got: > expect -d agentless/ssh_integrity_check_linux u...@server.com > /directory/to/check > expect version 5.45 > argv[0] = expect argv[1] = -d argv[2] = >

Re: [ossec-list] Syslog Forward Configuration Resulting in a Failure

2017-03-22 Thread dan (ddp)
On Tue, Mar 21, 2017 at 2:53 PM, Marc Baker wrote: > I am attempting to forward OSSEC logs to a SIEM via syslog. Recommended > configuration in the documentation is: > > > 192.168.4.1 > > > > > The SIEM recognizes json format on port 5500 so I've configured logs

Re: [ossec-list] Drop IP on all agents

2017-03-22 Thread dan (ddp)
On Wed, Mar 22, 2017 at 7:05 AM, Martin wrote: > Ok the problem was that I thought that all as stated in > the doc would execute the command everywhere (meaning on all the agents & > the server). > > But "all" means all the agents except the server. Thanks for pointing that

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-22 Thread dan (ddp)
On Tue, Mar 21, 2017 at 10:46 AM, Eduardo Reichert Figueiredo wrote: > When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) i have Is IPv6 totally disabled for your system (support for IPv6 was removed)? > a problem to ossec-remoted and ossec-auth,

Re: [ossec-list] Journald again

2017-03-22 Thread dan (ddp)
On Wed, Mar 22, 2017 at 8:20 AM, Per-Erik Persson wrote: > Is anyone working in this? Not that I'm aware of. > Or is there any way to feed the journald logs the ossecagent? > Or am I supposed to install rsyslog and forward the logs to the ossec server? > Any way to feed

[ossec-list] Journald again

2017-03-22 Thread Per-Erik Persson
Is anyone working in this? Or is there any way to feed the journald logs the ossecagent? Or am I supposed to install rsyslog and forward the logs to the ossec server? Any way to feed ossec with logevents from elasticsearch? -- --- You received this message because you are subscribed to the

[ossec-list] Re: install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-22 Thread Eduardo Reichert Figueiredo
Hi Victor, bellow my remote configurations in ossec.conf syslog 0.0.0.0/0 secure About command for run the proccess ossec-authd "/var/ossec/bin/ossec-authd -p 1514 >/dev/null 2>&1 &" but this process "exit" in seconds. I try use 1514 but dont have success. Em

[ossec-list] Re: install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-22 Thread Eduardo Reichert Figueiredo
Hi Victor, bellow my remote configurations in ossec.conf syslog 0.0.0.0/0 secure About command for run the proccess ossec-authd "/var/ossec/bin/ossec-authd -p 1514 >/dev/null 2>&1 &" but this process "exit" in seconds. I try use 1514 but dont have success. Em

Re: [ossec-list] Drop IP on all agents

2017-03-22 Thread Martin
Ok the problem was that I thought that all as stated in the doc would execute the command everywhere (meaning on all the agents & the server). But "all" means all the agents except the server. In order to execute the command on all the agents and the server, I had to duplicate the