Re: [ossec-list] Release schedule

Hi Dan, Perhaps i can elaborate. So we're trying to further our implementation, but cannot apply our desired "client-server" model where the config is managed in a centralized place (I.E the server) due to issue #1207. I have confirmed this is in fact the issue (no idea why this wasn't

[ossec-list] Disabling ossec use of netstat

Does anyone know of a way to disable all use of netstat by ossec agent on a single server? I have a server that has ossec agent on that netstat is using excessive CPU due to the high connections and large netstat output. I already tried disabling rootcheck in /var/ossec/etc/ossec.conf I

Re: [ossec-list] Format email output from ossec-reportd and category list

On Thu, Nov 9, 2017 at 9:27 AM, Grant Leonard wrote: > > Thank you, I will try piping output somewhere else first. > > Please note the full list does not exist there, I started there, it shows > > category > > Filter by group/category. > > Default value n/a > Allowed

[ossec-list] OSSEC installation on CoreOS

Hello, Has anyone used OSSEC on CoreOS? How is it installed? Does it make sense to use OSSEC on CoreOS? Would be interested if you can share any thoughts on htis. thanks, SET -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To

Re: [ossec-list] Format email output from ossec-reportd and category list

Thank you, I will try piping output somewhere else first. Please note the full list does not exist there, I started there, it shows category Filter by group/category. *Default value* n/a *Allowed values* Any category used is allowed. categories are then user defined, correct? I can grep for

Re: [ossec-list] Ossec and information about delete Files and Folders

On Fri, Nov 3, 2017 at 11:19 AM, L R wrote: > Hi All, > > I have problem with my ossec - on website ossec-wui I don't see any > information about delete files or folders ( on Windows machines) > > Ossec SRV is on Centos 6.7 , ossec ver is 2.9.2. > When I delete folder

Re: [ossec-list] Centralized agent.conf

On Thu, Nov 2, 2017 at 2:12 PM, Eddi Bento wrote: > Hello. > > I'm trying to set up a proof of concept for OSSEC. It's all set up and > monitoring a few computers, but I can't seem to get the agent.conf file to > push. Originally, I was told to copy the ossec.conf file on

Re: [ossec-list] Is there any way to connect to agent via ossec default socket, port 1514, 514?

On Sun, Nov 5, 2017 at 5:38 AM, wrote: > Hi everyone, > > From OSSEC Server, is there any way to connect to agent via ossec default > socket, port 1514, 514. For example i want to copy some files in > /var/ossec/queue/diff in agent to server. > > Does OSSEC support

Re: [ossec-list] Format email output from ossec-reportd and category list

On Tue, Nov 7, 2017 at 9:58 AM, Grant Leonard wrote: > > Good morning > > After the /var/ossec/bin/ossec-reportd runs, the tallies are left aligned > and when emailed the spacing is not kept from stdout to email > > Thus stdout looks like this > > Top entries for

Re: [ossec-list] Release schedule

On Wed, Nov 8, 2017 at 3:50 AM, mark van de giessen wrote: >> Welp, perhaps my system is misconfigured, i dont know. > > But.. when trying to compile following Ossec's > /docs/manual/installation/compile-ossec-mingw.html i'm getting all sorts of > errors (yes, i'm trying to

Re: [ossec-list] Custom decoder not recognized

On Wed, Nov 8, 2017 at 11:52 AM, wrote: > Hey guys! > I made a decoder for pfSense, but it is not being recognized by ossec. > > Follow the decoder with a log sample: > > > > pfsense > > > > ^\w+ \d+ \d+:\d+:\d+ pfSense |\w+ \d+ \d+:\d+:\d+ pfSense > > > > >

[ossec-list] Custom decoder not recognized

Hey guys! I made a decoder for pfSense, but it is not being recognized by ossec. Follow the decoder with a log sample: pfsense ^\w+ \d+ \d+:\d+:\d+ pfSense |\w+ \d+ \d+:\d+:\d+ pfSense pfsense ^filterlog: