On Tue, Mar 21, 2017 at 7:11 PM, Marcin Gołębiowski
wrote:
> Trying to debug with expect I got:
> expect -d agentless/ssh_integrity_check_linux u...@server.com
> /directory/to/check
> expect version 5.45
> argv[0] = expect argv[1] = -d argv[2] =
>
On Tue, Mar 21, 2017 at 2:53 PM, Marc Baker wrote:
> I am attempting to forward OSSEC logs to a SIEM via syslog. Recommended
> configuration in the documentation is:
>
>
> 192.168.4.1
>
>
>
>
> The SIEM recognizes json format on port 5500 so I've configured logs
On Wed, Mar 22, 2017 at 7:05 AM, Martin wrote:
> Ok the problem was that I thought that all as stated in
> the doc would execute the command everywhere (meaning on all the agents &
> the server).
>
> But "all" means all the agents except the server.
Thanks for pointing that
On Tue, Mar 21, 2017 at 10:46 AM, Eduardo Reichert Figueiredo
wrote:
> When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) i have
Is IPv6 totally disabled for your system (support for IPv6 was removed)?
> a problem to ossec-remoted and ossec-auth,
On Wed, Mar 22, 2017 at 8:20 AM, Per-Erik Persson wrote:
> Is anyone working in this?
Not that I'm aware of.
> Or is there any way to feed the journald logs the ossecagent?
> Or am I supposed to install rsyslog and forward the logs to the ossec server?
> Any way to feed
Is anyone working in this?
Or is there any way to feed the journald logs the ossecagent?
Or am I supposed to install rsyslog and forward the logs to the ossec server?
Any way to feed ossec with logevents from elasticsearch?
--
---
You received this message because you are subscribed to the
Hi Victor, bellow my remote configurations in ossec.conf
syslog
0.0.0.0/0
secure
About command for run the proccess ossec-authd "/var/ossec/bin/ossec-authd
-p 1514 >/dev/null 2>&1 &" but this process "exit" in seconds.
I try use 1514 but dont have success.
Em
Hi Victor, bellow my remote configurations in ossec.conf
syslog
0.0.0.0/0
secure
About command for run the proccess ossec-authd "/var/ossec/bin/ossec-authd
-p 1514 >/dev/null 2>&1 &" but this process "exit" in seconds.
I try use 1514 but dont have success.
Em
Ok the problem was that I thought that all as stated
in the doc would execute the command everywhere (meaning on all the agents
& the server).
But "all" means all the agents except the server.
In order to execute the command on all the agents and the server, I had to
duplicate the