Hi Dan,
Perhaps i can elaborate.
So we're trying to further our implementation, but cannot apply our desired
"client-server" model where the config is managed in a centralized place
(I.E the server) due to issue #1207.
I have confirmed this is in fact the issue (no idea why this wasn't
Does anyone know of a way to disable all use of netstat by ossec agent on a
single server?
I have a server that has ossec agent on that netstat is using excessive CPU
due to the high connections and large netstat output.
I already tried disabling rootcheck in /var/ossec/etc/ossec.conf
I
On Thu, Nov 9, 2017 at 9:27 AM, Grant Leonard
wrote:
>
> Thank you, I will try piping output somewhere else first.
>
> Please note the full list does not exist there, I started there, it shows
>
> category
>
> Filter by group/category.
>
> Default value n/a
> Allowed
Hello,
Has anyone used OSSEC on CoreOS? How is it installed? Does it make
sense to use OSSEC on CoreOS?
Would be interested if you can share any thoughts on htis.
thanks,
SET
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To
Thank you, I will try piping output somewhere else first.
Please note the full list does not exist there, I started there, it shows
category
Filter by group/category.
*Default value* n/a
*Allowed values* Any category used is allowed.
categories are then user defined, correct? I can grep for
On Fri, Nov 3, 2017 at 11:19 AM, L R wrote:
> Hi All,
>
> I have problem with my ossec - on website ossec-wui I don't see any
> information about delete files or folders ( on Windows machines)
>
> Ossec SRV is on Centos 6.7 , ossec ver is 2.9.2.
> When I delete folder
On Thu, Nov 2, 2017 at 2:12 PM, Eddi Bento wrote:
> Hello.
>
> I'm trying to set up a proof of concept for OSSEC. It's all set up and
> monitoring a few computers, but I can't seem to get the agent.conf file to
> push. Originally, I was told to copy the ossec.conf file on
On Sun, Nov 5, 2017 at 5:38 AM, wrote:
> Hi everyone,
>
> From OSSEC Server, is there any way to connect to agent via ossec default
> socket, port 1514, 514. For example i want to copy some files in
> /var/ossec/queue/diff in agent to server.
>
> Does OSSEC support
On Tue, Nov 7, 2017 at 9:58 AM, Grant Leonard
wrote:
>
> Good morning
>
> After the /var/ossec/bin/ossec-reportd runs, the tallies are left aligned
> and when emailed the spacing is not kept from stdout to email
>
> Thus stdout looks like this
>
> Top entries for
On Wed, Nov 8, 2017 at 3:50 AM, mark van de giessen wrote:
>> Welp, perhaps my system is misconfigured, i dont know.
>
> But.. when trying to compile following Ossec's
> /docs/manual/installation/compile-ossec-mingw.html i'm getting all sorts of
> errors (yes, i'm trying to
On Wed, Nov 8, 2017 at 11:52 AM, wrote:
> Hey guys!
> I made a decoder for pfSense, but it is not being recognized by ossec.
>
> Follow the decoder with a log sample:
>
>
>
> pfsense
>
>
>
> ^\w+ \d+ \d+:\d+:\d+ pfSense |\w+ \d+ \d+:\d+:\d+ pfSense
>
>
>
>
>
Hey guys!
I made a decoder for pfSense, but it is not being recognized by ossec.
Follow the decoder with a log sample:
pfsense
^\w+ \d+ \d+:\d+:\d+ pfSense |\w+ \d+ \d+:\d+:\d+ pfSense
pfsense
^filterlog:
12 matches
Mail list logo