I think compression of elasticsearch indices is enabled by default within
ES, but to save further disk space, I've used a file system that supports
transparent compression, like btrfs or zfs.
zfs has higher memory requirements than btrfs, and both will slow down your
disk performance
Hi Vilius,
We've integrated OSSEC with our Q1Labs QRadar with limited success.
Basically, we use the native QRadar ALE Agent on Windows, and native syslog on
Linux to forward events to the Qradar SIEM; as well as forwarding category 10+
alerts from our OSSEC server to Qradar - this is mainly
Hi all,
Has anyone implemented any kind of custom check where OSSEC validates whether a
host has outbound connectivity to a specific IP or to the Internet?
This would be useful to us, as we have some hosts which should *not* have
Internet access, and we would like to have OSSEC check for this
Hi all,
I would like to forward only some of OSSEC's alerts via syslog to a commercial
SIEM device, e.g., rootcheck and syscheck events; however I only found
documentation on filtering syslog by alert level.
Would there be a creative way, using local rules perhaps, to filter only
certain
- or - something
On Thu, May 6, 2010 at 7:18 PM, Alessandro Di Giuseppe
a_di_giuse...@yahoo.com wrote:
Re: Watch for spam and or defacement
Can't a CAPTCHA be implemented to prevent spambot from posting?
That's not nearly as effective as you might think, speaking from
experience
Re: Watch for spam and or defacement
Can't a CAPTCHA be implemented to prevent spambot from posting?
On 2010-05-06, at 10:52, Jeremy Rossi jer...@jeremyrossi.com wrote:
Watch for spam and or defacement
I've found that the UI management app won't work if installed anywhere but the
default path of C:\Program Files\ossec-agent\.
When I configured the OSSEC agent during installation to D:\Program
Files\ossec-agent\ and had this issue as well; I bet you're issue is similar
because 32 bit apps on
I have the OSSEC 2.4 agent installed on Windows 2003 R2 x64 - works fine.
(OSSEC 2.3 worked as well)
From: Michael Barrett michael_barr...@mgic.com
To: ossec-list@googlegroups.com
Sent: Wed, April 21, 2010 1:52:05 PM
Subject: [ossec-list] 64 bit windows 2003
For what it's worth, I've just tried for the first time today to create ignore
rules in my OSSEC 2.4 server's local_rules.xml, and it doesn't seem to be
working for me either...
Alessandro
From: Chad Robertson chadro...@gmail.com
To: ossec-list
...
A.
From: T price t.pric...@gmail.com
To: ossec-list@googlegroups.com
Sent: Tue, March 16, 2010 7:19:48 PM
Subject: Re: [ossec-list] ossec and selinux
On Tue, Mar 16, 2010 at 2:15 PM, Alessandro Di Giuseppe
a_di_giuse...@yahoo.com wrote:
Hi Tim,
Having dabbled in SELinux configuration
Hi Tim,
Having dabbled in SELinux configuration, and running OSSEC for several months
now here is my advice:
start with OSSEC first, as it is easier to implement and IMHO provides far more
visibility, and therefore value.
SELinux requires careful testing to make sure it wont break anything.
Hi folks,
I've been using OSSEC a little while now, and there's one thing I haven't been
able to do yet is to restrict the global email setting only email above a
certain alert level.
Basically, I just want OSSEC to log everything, but only email alerts over a
certain level (e.g. 8).
The
Hi folks,
Just wondering if anyone has any experience/advice with using MySQL vs the
standard OSSEC flat file DBs?
I realize that using MySQL (or PostGreSQL) allows for certain possibilities
such as reporting and analysis with other tools; but those aside, are there any
other performance,
Hi folks,
Recently, I started using OSSEC agents on Windows 2003 Server in conjunction
with Trend Micro OfficeScan 10 SP1, and I was hoping that OSSEC would fire an
alert when Trend Micro detects a virus.
I have done a couple of tests over the last day or two, and downloading the
EICAR test
Hi folks,
I followed the OSSEC-WUI install guide
(http://www.ossec.net/wiki/index.php/OSSECWUI:Install) to the letter, and
triple-checked my work... but I still cannot get OSSEC-WUI to work.
Running OSSEC-1.6 with OSSEC-WUI-0.3; OSSEC is installed within the Apache
chroot. This is on top of
Hi folks,
I've read several threads about this on the mailing list, but I think my
situation is slightly different...
I followed the OSSEC-WUI install guide
(http://www.ossec.net/wiki/index.php/OSSECWUI:Install) to the letter, and
triple-checked my work... but I still cannot get OSSEC-WUI to
16 matches
Mail list logo