On Fri, Aug 4, 2017 at 11:59 AM, Carlos Islas wrote:
> Hi!
>
> The manager hasn´t agent. The alerts came from the other host.
>
> root@vknxsegfim:/var/ossec/bin# ./agent_control -lc
>
> OSSEC HIDS agent_control. List of available agents:
>ID: 000, Name: vknxsegfim
On Fri, Aug 4, 2017 at 2:57 AM, Fredrik Hilmersson
wrote:
> Hello,
>
> I would like some help and pointers to create a decoder. So I ran the line
> from the access log (see below). What I would like to accomplish is to
> match: python-requests/2.2.1 However as you
Hi!
The manager hasn´t agent. The alerts came from the other host.
root@vknxsegfim:/var/ossec/bin# ./agent_control -lc
OSSEC HIDS agent_control. List of available agents:
ID: 000, Name: vknxsegfim (server), IP: 127.0.0.1, Active/Local
but i dont know why all the host appear disconnected
Hello,
I would like some help and pointers to create a decoder. So I ran the line
from the access log (see below). What I would like to accomplish is to
match: python-requests/2.2.1 However as you can see at the
moment the default decoder for rule 31101, does only store the srcip, url
and id
Hi Carlos,
The manager has his own agent, probably the alerts are from the manager it
self.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 3, 2017 at 7:57:59 PM, Carlos Islas (sparks.10008...@gmail.com)
wrote:
In adition the host send alerts to my email
Hi Carlos,
Looking your logs seems like you have a problem with Duplicated counters, i
think you have two options to fix this error:
1.- You can edit the file /var/ossec/etc/internal-options.conf check the
value *remoted.verify_msg_id* and set to 0 in both sides, manager and
agents and restart