Re: [ossec-list] mariadb monitoring?

Link to the MariaDB audit plugin format: https://mariadb.com/kb/en/mariadb/about-the-mariadb-audit-plugin/#audit-log-format syslog format: [timestamp][syslog_host][syslog_ident]:[syslog_info][serverhost],[username],[host],

Re: [ossec-list] Disable the ossec-agent for OS updates.

Hi, If you want to disable syscheck component for specific folders, you could push an setting for syscheck block using agent.conf centralized configuration. For example, you could ignore something like: */etc/* Reference here

Re: [ossec-list] Re: Rule 510 is triggering events but logtest is not showing any rules that should be triggered

I don't know what is happening. Both, *regex* and *match *look in the *full_log *field. So it should work with regex (escaping reserved characters) and match. It looks like the full_log doesn't contain that information, only the filename. Anyway, if you are using Wazuh 2.0, the "title" and

Re: [ossec-list] OSSEC slack alerts for agents v2.9.0

Thanks everyone for the feedback and support. It all made sense and your comment did guide me to resolve it, wasn't any harder then updating the section and add agent ID, e.g.: ossec-slack server,AGENT.ID 7 Den tisdag 23 maj 2017 kl.

Re: [ossec-list] OSSEC slack alerts for agents v2.9.0

Thanks everyone for the feedback and support. It all made sense and your comment did guide me to resolve it, wasn't any harder then updating the section and add agent ID, e.g.: ossec-slack local,AGENT.ID 7 Have a nice day and, Kind regards Fredrik Den tisdag