Ossec doesn’t show any logos. What application are you seeing logos in?
On Fri, Dec 8, 2023 at 9:38 AM Satwika sree wrote:
> Hi All,
>
> Is this possible to set custom logo for each agent group? If it's possible
> what tis the process?
>
> Please help me work on this case.
>
> Regards,
> Sree.
That's not supported. Windows is an agent only platform.
On Tue, Jul 12, 2022 at 1:34 PM M Asif wrote:
>
> Hi! Geeks
>
> I am trying to install ossec in windows server. When I run exec it install in
> client/server mode. But my requirement is to install ossec agnent as
> standalone. I mean in
You can check the ossec.log on the ossec server for details.
On Tue, Jul 20, 2021 at 12:26 PM Vishal Ghaware
wrote:
>
> OSSEC analysisd: Testing rules failed. Configuration error. Exiting
>
> hense all clients disconnected from server
>
> --
>
> ---
> You received this message because you are
*ahem* _THIS_ patch.
On Mon, Feb 1, 2021 at 1:34 PM dan (ddp) wrote:
>
> I think this patch should fix the inotify problem.
> Not sure how to work on the geoip stuff, I think OpenBSD dropped the
> ports for the old library.
>
> On Sun, Jan 31, 2021 at 12:11 PM Carlos Lopez wro
I think this patch should fix the inotify problem.
Not sure how to work on the geoip stuff, I think OpenBSD dropped the
ports for the old library.
On Sun, Jan 31, 2021 at 12:11 PM Carlos Lopez wrote:
>
> Hi all,
>
>
>
> I am trying to install Ossec 3.6.0 under an OpenBSD 6.8 hosts to act as an
ucket ID: e0bfa8051f9ebad1ac54b45abee71e8d (2041454832948551309)
> ---)
>
> Windows 10 Home, version 20H2, build 19042.746
> ossec-agent-win32-3.6.0-12032.exe 1,604,775 bytes
> win32ui.exe 171,709 bytes
>
Hi!
I've seen similar crashes, but don't have a reliable windows machine
to
On Wed, Jan 13, 2021 at 6:21 AM Kedar Mendhurwar
wrote:
>
> Hi Folks,
>
> I have been trying to install ossec agent 3.6 on ubuntu 20.4 and each time I
> try starting the service, I get the error " ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'." I have
>
On Mon, Dec 28, 2020 at 9:31 AM Yana Zaeva wrote:
>
> Hi Kyriakos,
>
> Sorry for the late response. There default JSON decoder that OSSEC uses
> (which you can find the path /var/ossec/ruleset/decoders/
> 0006-json_decoders.xml) should parse all the information present in a log.
> For example,
No worries. You added some great information.
On Mon, Nov 16, 2020 at 12:48 PM Scott Wozny wrote:
>
> ACK! Sorry! Didn't see you'd already replied, Dan...
>
> What he said. :)
>
> Scott
>
>
> On Mon, Nov 16, 2020, 10:10 dan (ddp) wrote:
>>
>> On Mon,
On Mon, Nov 16, 2020 at 7:27 AM Andrew S wrote:
>
> Hi Brian,
>
> Thank you for the clarification but I don't understand why someone would
> associate our website with dailymail.co.uk ?
>
I haven't verified, but Brian mentioned dailymail being in the
referrer field. So there was (possibly) a
On Mon, Nov 9, 2020 at 7:37 AM Ziv Mansour wrote:
>
> Hey, we're trying to connect our Windows servers to OSSEC.
> It works for some of them, as for others it isn't.
>
> The error: ERROR: Incorrectly formatted message from
>
> We used the correct key, as it works on some servers.
Are each of
Hi Scott,
On Sat, Oct 17, 2020 at 6:47 PM saw...@gmail.com wrote:
>
> In testing snort 2.9 inline operation logs against OSSEC (3.6.0), I have
> found something weird.
>
>
> This “alert” event gets caught by the decoder:
>
>
> 10/17-21:23:32.374062 [**] [1:1002:0] /etc/passwd test detected
On Mon, Aug 17, 2020 at 10:42 PM Daniel Gerep wrote:
>
> Hi all,
>
> I am starting to use OSSEC so I may be doing something wrong here.
>
> I have OSSEC installed as a server in my Linux VM and the Agent in my Windows
> Server 2012 VM.
>
> My server has the default configuration plus this:
>
>
On Thu, Aug 13, 2020 at 6:22 AM Kyriakos Stavridis
wrote:
>
> Hello dan, thank you for your response.
>
> My goal is to enable OSSEC to parse utf-8. Isn't there any option that would
> allow me to do that?
>
Not currently.
> I would really like to contribute to OSSEC and a
On Fri, Aug 7, 2020 at 5:23 AM Kyriakos Stavridis
wrote:
>
> Hello everyone,
>
> When I install an agent on a machine, considering I live in Greece, I usually
> face the problem that windows logs contain some Greek characters and OSSEC
> server doesn't seem to be able to parse them.
>
> The
On Thu, Jul 30, 2020 at 8:43 AM Kyriakos Stavridis
wrote:
>
> Hello everyone,
>
> When devices are configured to send remote syslog to OSSEC on port 514 (let's
> say a security product), are these syslog logs saved somewhere? even if they
> don't trigger an alert? As any other normal syslog
On Sat, Jul 11, 2020 at 9:51 PM Jeff Dyke wrote:
>
> my bad Dan, i thought i remembered somewhere that it was only getting
> critical updates. Thanks for the people's time that gets put into it! Sorry
> for the confusion, on my part.
>
No worries, there isn't a lot going o
On Mon, Jul 13, 2020 at 10:11 AM lê danh wrote:
>
> Hello everyone, I want to use ossec to be able to track progress on a windows
> computer, follow the instructions from here
> (http://santi-bassett.blogspot.com/2015/08/how-to-monitor
> -running-processes-with-ossec.html).
>
> I did it
On Wed, Jul 8, 2020 at 8:45 PM Jeff Dyke wrote:
>
> As Dan alluded to, I use a local postfix null mailer on my lan that sends to
> a postfix relay from a single/failover point that then sends to gmail.
>
> Dan. I have a question for you, perhaps i should start a new thread, b
On Wed, Jul 8, 2020 at 2:53 PM Mm Dd wrote:
>
> Hello all,
>
> First, nice to meet you all, and congratulations for the fantastic product
> you have developed and released to the public.
>
> My question is if it is possible to carry out an unattended OSSEC agent
> deployment using
On Tue, Jul 7, 2020 at 4:29 AM lê danh wrote:
>
> I am a new user, I just have ossec installed and I want to try its email
> feature. I have configured the email address in ossec.conf as follows:
>
>
>
> yes
> conme...@gmail.com
> alt4.gmail-smtp-in.l.google.com.
>
sendmail and secureserver,
but I don't know how to set up either of those things.
>
>
> On Wednesday, June 17, 2020 at 5:53:42 PM UTC+5:30, dan (ddpbsd) wrote:
>>
>> On Tue, Jun 16, 2020 at 7:21 AM siddharth jha wrote:
>> >
>> > Hi,
>> >
>> >
clogging up the
usual log files. But that's just a guess.
> Thanks,
>
> Scott
>
> On Wed, Jun 17, 2020 at 1:37 PM Scott Wozny wrote:
>>
>> Thanks for the reply, Dan. I'll probably roll my own logrotate script and
>> use the one from the Atomic repo 3.3.0 install a
On Wed, Jun 17, 2020 at 1:31 PM Scott Wozny wrote:
>
> Hi Dan,
>
> Very interesting! Feels kind of Rube Goldberg-y but I fully understand the
> reasoning and it makes perfect sense in the context of what's trying to be
> accomplished here. I very much appreciate the explana
o the OSSEC server.
I don't know enough about OSSEM to help with that though.
>
> Thank you again for your attention .
>
> On Wednesday, June 17, 2020 at 6:19:29 AM UTC-7, dan (ddpbsd) wrote:
>>
>> On Wed, Jun 17, 2020 at 9:15 AM Rashad Mogsi wrote:
>> >
>> &g
On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity wrote:
>
> Would someone know if the following is possible?
>
> I have a product by the name of BitDefender which can produce a log - the log
> is in CEF format I believe. That log contains alerts that are raised by
> various endpoints
On Wed, Jun 17, 2020 at 9:15 AM Rashad Mogsi wrote:
>
> i have installed OSSEM Server on Esxi and i can't receve any logs form the
> Windows server .
> is there any configurations should i do from the OSSEM or from the windows so
> i can see the logs
>
OSSEM or OSSEC? I can't help you with
Yes there is! I believe the details are here:
https://www.ossec.net/join-us-on-slack/
On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity wrote:
>
> Is there a slack group for the OSSEC community?
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
>
syscheck db (/var/ossec/queue/syscheck/ has the
syscheck databases, they're named after the agents) to see if files in
the directories you specified are there.
> On Sunday, June 14, 2020 at 4:33:43 AM UTC+8, dan (ddpbsd) wrote:
>>
>> On Sat, Jun 13, 2020 at 7:41 AM John Goh wrote:
On Mon, Jun 15, 2020 at 3:09 PM Scott Wozny wrote:
>
> I'm trying to get off the Atomic repo for a variety of reasons, so I just did
> a 3.6.0 agent install from the tarball's script on a CentOS 7 minimal machine
> to test the process and compatibility with my build tweaks. One of the
>
On Tue, Jun 16, 2020 at 7:21 AM siddharth jha wrote:
>
> Hi,
>
> I'm new in ossec and recently install OSSEC 3.6.0 on Ubuntu 18.04.04 server
> successfully.
> also add some win. agent and i can see alerts on ossec web-ui but i'm not
> receiving any alerts on email.
> need suggestion how should
On Tue, Jun 16, 2020 at 5:35 PM Scott Wozny wrote:
>
> Just an "idle curiosity" kind of question. In a 3.6.0 server installed from
> the tarball on CentOS 7, when I run a ps, I have 2 instances of
> /var/ossec/bin/ossec-maild running, both under UID ossecm. Does anyone know
> why there are 2
On Sat, Jun 13, 2020 at 7:41 AM John Goh wrote:
>
> Hi all, I'm new to the whole idea of using IDS and OSSEC. I've been trying to
> detect certain file creation or changes in realtime but I do not see it being
> reflected in the OSSEC web interface. The OSSEC is being deployed in a local
>
On Sun, Jun 7, 2020 at 11:06 AM Arnau b s wrote:
>
> Anyone knows how to install OSSEC agent in the ubuntu server 20.04?
>
I haven't had time to create an image for 20.04 yet. Are you
experiencing issues?
Can you provide details?
> --
>
> ---
> You received this message because you are
On Tue, May 12, 2020 at 8:57 AM Dominik Vogt wrote:
>
> I'm struggling to understand how to write custom rules.
> Unfortunately the "" tag seems to be completely
> undocumented, and the book doesn't explain it either:
>
> Each rule, or grouping of rules, must be defined within a
>element.
On Sun, May 3, 2020 at 6:58 AM rpr // wrote:
>
> On Thu, 8 Aug 2019 at 13:08, dan (ddp) wrote:
> >
> > > Where can we find the most current OSSEC documentation?
> > >
> > You can browse through the github repository:
> > https://github.com/ossec/o
:
> This fixed it, thanks!
> What is the different b/w openssl and the devel option?
>
> On Tuesday, April 21, 2020 at 11:15:24 AM UTC-4, dan (ddpbsd) wrote:
>>
>> Openssl or openssl-devel?
>>
>> On Tue, Apr 21, 2020 at 10:29 AM Luke Boguslaw
>> wrot
Openssl or openssl-devel?
On Tue, Apr 21, 2020 at 10:29 AM Luke Boguslaw
wrote:
> I also had to install zlib-devel.
> But now I get this error:
> [image: image.png]
> So I install openssl, but it says it is already installed...
>
> On Tue, Apr 21, 2020 at 9:37 A
The installation documentation has a list of pre requisite packages that
should be installed. In this case it’s libevet-devel
On Tue, Apr 21, 2020 at 7:49 AM Luke Boguslaw wrote:
> I did a make clean, then ran install with PCRE2_SYSTEM=yes, but am getting
> this error now:
> [image: image.png]
On Sun, Apr 12, 2020 at 11:22 PM Problem Store wrote:
>
> Dear Team,
>
> I have one question, the example I have 1GB storage in OSSEC, when storage
> will be full then automatically deleted from the beginning log( old log).
> It's possible if possible how? Please share your idea.
>
Use cron to
On Mon, Apr 20, 2020 at 5:30 PM sumit soni wrote:
>
> Hi ,
> I have systems with different languages and wondering if I create a rule to
> match English logs can that rule also work for logs from other language OS
> or not .
> For .e.g if create a rule whc=ich mach with following string 3
This does not look related to this thread. Reply in-line.
On Tue, Apr 21, 2020 at 6:36 AM Mohit Gupta wrote:
>
> Hi Team,
>
> Good Morning/Afternoon/Evening.
>
> I was trying to install ossec agent on one of my machine but getting below
> error on control start up.
>
> -
>
On Mon, Apr 20, 2020 at 10:34 PM David Williams wrote:
>
> Andy,
> How about this:
> yum info pcre2-devel
> Note the "2:" pcre2-devel
> -David
>
This should be the answer right here. Use pcre2, not pcre.
>
> On 4/20/20 7:43 PM, Luke Boguslaw wrote:
> > It is telling me
On Wed, Apr 1, 2020 at 12:58 PM SHADO wrote:
>
> Hi!
>
> Did a new install on Ubuntu 18.04 LTS and ossec-Maild is hogging the CPU.
>
>
> ossecmPID 1 78 Mar31 ?07:34:06 /var/ossec/bin/ossec-maild
>
>
> PID USERPRI NI VIRT RESSHR S CPU% MEM% TIME+ Command
>
> Started ossec-execd...
> 2020/03/30 14:05:04 ossec-agentd: INFO: Using notify time: 600 and max time
> to reconnect: 1800
> 2020/03/30 14:05:04 going daemon
> Started ossec-agentd...
> Started ossec-logcollector...
> Started ossec-syscheckd...
> Completed.
>
>
>
> O
On Mon, Mar 23, 2020 at 8:35 AM Olivier Ragain
wrote:
>
> Hi
> Sorry for the delay in answering.
>
> The error I get:
> 2020/03/23 12:28:25 ossec-testrule: INFO: Reading decoder file
> etc/custom/local_decoder.xml.
> 2020/03/23 12:28:25 ossec-analysisd(2106): ERROR: Error adding decoder plugin.
On Thu, Mar 19, 2020 at 4:59 PM Leroy Tennison wrote:
>
> Running v3.3.0 on the server and v3.2.0 on the client, trying to exclude
> *.bz2 in a given directory, I tried:
>
>
>
> /path/to/.bz2$
I think this will ignore '/path/to/.bz2' and only that file.
>
>
>
> based on another post.
On Tue, Mar 24, 2020 at 7:48 AM AHMED ADEWUYI wrote:
>
> Hi,
>
> Please is there a way to reduce or manage numbers of forwarded events on the
> ossec agent to Alienvault sensor.
>
Not really. The Windows agent can filter some things out with
eventchannel, but that's about it.
> Thanks.
>
>
On Mon, Mar 16, 2020 at 12:33 PM llehirgen wrote:
>
> I use dokku in a Ubuntu 18.04 LTS machine.
> I received the following alerts concerning files hidden in a long list of
> directories:
>
> Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
> Portion of the log(s):
On Mon, Mar 16, 2020 at 8:43 AM dan (ddp) wrote:
>
> On Mon, Mar 16, 2020 at 8:16 AM Olivier Ragain
> wrote:
> >
> > Hi,
> > So now the question is, why does it not work when i use:
> > decoders configuration in the ossec.conf file ?
> > I see th
On Mon, Mar 16, 2020 at 8:16 AM Olivier Ragain
wrote:
>
> Hi,
> So now the question is, why does it not work when i use:
> decoders configuration in the ossec.conf file ? I
> see that it is loading the file from the logs, but it fails to log the
> decoder information itself and then ossec wont
On Fri, Mar 13, 2020 at 2:28 PM Olivier Ragain
wrote:
>
> Hi,
> I've created a custom decoder:
>
> ^sshd
>
>
>
> sshd-custom
> ^Bad protocol version
> ^\S+ from (\S+) port (\S+)$
> srcip,srcport
>
>
> When I restart the engine to load it, I end up with
On Mon, Mar 2, 2020 at 9:25 AM Kumar G wrote:
>
> Hi Team,
>
>
> Need your help on this one.
>
> We are at 3.1X version of OSSEC environment. When trying to install the
> package on Linux 8 and starting the agent we get an errorr on libssl.
>
> error while loading shared libraries: libssl.so.10:
On Wed, Mar 4, 2020 at 8:38 AM AHMED ADEWUYI wrote:
>
> Hello,
>
> I am experiencing frequent ossec agent disconnected from AlienVault server.
>
> I have removed the RIDS files on the client and server, yet isn't connecting.
>
> please what can i do to keep it up and running again.
>
> Here is
On Tue, Feb 18, 2020 at 4:44 AM Muhammed Ashique wrote:
>
> Is there any way to store all syslog logs generated from Network Device into
> different path ? . All Logs (agents,Devices) it is going to a single file
> (archive.json) but i want to segregate only syslog logs has to come different
>
On Tue, Feb 18, 2020 at 1:52 AM Schultheis Burkhard
wrote:
>
> Hi,
>
> I want to get a message, when the ruleset of iptables gets modified. But
> I see that iptables doesn't log its changes. Or am I wrong?
>
I'm not aware of a log, but I'm far from an expert.
If you're running an OSSEC agent on
On Mon, Feb 17, 2020 at 9:25 AM Burkhard Schultheis
wrote:
>
> Hi,
>
> I want to get an email from OSSEC when a port is opened or closed in the
> firewall. Therefore I changed "no_log" in firewall_rules.xml to "log".
> But the OSSEC failed to start. What's wrong? How to get the desired
> emails
led,
> /var/ossec/etc/resolv.conf is a copy of /etc/resolv.conf and
> /etc/services is the same as on the other server.
>
3.4 made some improvements for systems that disable ipv6.
https://github.com/ossec/ossec-hids/releases/tag/3.4.0
> Regards
> Burkhard
>
>
> Am 28.01.2020 um 12
On Wed, Feb 5, 2020 at 7:49 AM dan (ddp) wrote:
>
> On Fri, Jan 31, 2020 at 2:28 PM Natassia M Stelmaszek wrote:
> >
> > I performed my original installation without database support because I
> > didn’t want to complicate things. When I went to re-compile/reinstal
On Fri, Jan 31, 2020 at 2:28 PM Natassia M Stelmaszek wrote:
>
> I performed my original installation without database support because I
> didn’t want to complicate things. When I went to re-compile/reinstall with
> the database support included I kept getting the above error. I finally
>
On Mon, Jan 27, 2020 at 1:47 AM Burkhard Schultheis
wrote:
>
> We have 3 servers running OSSEC (standalone). One server runs CentOS 6,
> the two others opensuse 15.1. The configuration of OSSEC is almost
> identical on all three servers (as close as possible).
>
> The CentOS Server sends a lot of
On Thu, Jan 23, 2020 at 6:46 PM Leroy Tennison wrote:
>
> Received the following message: Trojaned version of file '/bin/grep'
> detected. Signature used: 'bash|givemer|/dev/' (Generic)." on 18.04.3 LTS.
> Downloaded the deb from Ubuntu standard repositories, extracted grep (in
> /tmp) and
On Mon, Jan 13, 2020 at 9:04 AM Schultheis Burkhard
wrote:
>
> Some weeks ago I've installed Ossec on on three servers. One is running
> CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves
> as expected, but the opensuse installations behave very different,
> although the
On Fri, Dec 20, 2019 at 12:15 PM Bruce Westbrook wrote:
>
> I'm having an issue getting a composite rule to trigger. What's really
> throwing me is that it works just fine when testing with ossec-logtest, but
> it doesn't work live.
>
> Here are the two rules in question:
>
>
> 18101
>
On Wed, Jan 8, 2020 at 4:29 PM agsossec wrote:
>
> Hello,
> We am setting up a test OSSEC server and agent -- both on AWS Linux
> On both we
>
> ran, sudo wget https://www.atomicorp.com/installers/atomic && sudo chmod +x
> atomic && sudo ./atomic
> saved a copy of the agent config --
On Mon, Jan 6, 2020 at 6:09 AM Pierre Gremaud wrote:
>
> I'm trying to decode syslog messages sent by pfsence
>
> The log received in archives.log is the following :
>
> 2020 Jan 05 22:02:05 LAN-HIDS->192.168.85.40 Jan 5 21:02:05 php-fpm[338]:
> /index.php: webConfigurator authentication error
On Tue, Dec 31, 2019 at 2:16 PM Natassia M Stelmaszek wrote:
> Dan,
>
> I'm sorry that I didn't respond sooner but I had to devote time to other
> projects.
>
> So it looks like I was right, this is a defective (or perhaps deficient
> would be more accurate) pack
>
> Natassia
>
>
> On Mon, Dec 2, 2019 at 1:27 PM dan (ddp) wrote:
>>
>>
>>
>> On Mon, Dec 2, 2019 at 3:56 PM Natassia S wrote:
>>>
>>> Everything came out of 3.3.0.tar.gz
>>>
>>> I compared the contents and the same di
On Thu, Dec 5, 2019 at 6:05 AM Kyriakos Stavridis
wrote:
>
> Hello everyone,
>
> Let's say I have a firewall that I want to configure to send it's logs to my
> OSSEC server.
>
> I know that I can simply configure my firewall to send logs to my OSSEC
> server's IP and the ossec server like this:
Newer versions of ossec support pcre2. That should work.
On Fri, Dec 20, 2019 at 2:22 PM Diego S wrote:
> Hi all!
>
> I was wondering the best way to represent a digit between a range and if
> it is possible to indicate that a digit is going to be repeated a given
> number of times.
>
> For
r.
>
The 2.8.3 Makefile would probably add more issues.
> Natassia
>
> On Mon, Dec 2, 2019 at 12:33 PM dan (ddp) wrote:
>
>>
>>
>> On Mon, Dec 2, 2019 at 3:07 PM Natassia M Stelmaszek
>> wrote:
>>
>>> Bad Installation Package???
>>>
On Mon, Dec 2, 2019 at 3:07 PM Natassia M Stelmaszek wrote:
> Bad Installation Package???
>
> I'm trying to build a new machine that includes OSSEC 3.3.0. When I run
> the install.sh, use default responses for a local installation, it gives me
> the following error.
>
> sudo ./install.sh
>
>
>
On Thu, Nov 7, 2019 at 11:16 AM bill evergreen wrote:
>
> Hello list,
>
> does Ossec alert if there are processes running without a binary on disk?
>
> Thank's a lot for any feedback
>
I don't think there's any rules for this.
> Bill
>
> --
>
> ---
> You received this message because you are
On Tue, Nov 12, 2019 at 7:56 PM Mike wrote:
>
> Related to this, do you accept Pull Requests to add additional timestamp
> formats to your pre-decoding? I forked and added a simple change to
> cleanevent.c which has made my parsing much easier for a non-standard syslog
> time format.
>
Yes,
On Fri, Nov 8, 2019 at 2:47 PM Mike wrote:
>
> I believe I have found the issues using strace to find out what ossec-remoted
> was doing. I found:
>
> 1. Not sure why, but on the Virtual Appliance the "ossec" group did not have
> write permissions to /var/ossec/logs so ossec-remoted (which runs
On Thu, Oct 24, 2019 at 12:08 AM 'Vicente Munoz' via ossec-list
wrote:
>
> Hello everyone,
>
>
>
> Just wondering if someone has had some luck with this, we been trying to
> install OSSEC 2.9.0 on Solaris 10 with little luck to this point, after
> making sure the required packages are installed
see if the messages make it to the archives.log file.
> On Tuesday, October 15, 2019 at 8:34:52 AM UTC-4, Nate wrote:
>>
>> Hi Dan,
>>
>> Yes I restarted the OSSEC service with a: service OSSEC restart
>>
>> Right now the iptables are wide open due to this issu
On Mon, Oct 14, 2019 at 3:03 PM Nate wrote:
>
> Hi,
>
> I've never seen this before but I setup our ASA 5516 to send syslog events to
> our OSSEC server to detect SHUN events.
>
> ossec.conf
>
>syslog
>10.10.2.2
>514
>
>
>
> 0
> 9
>
>
>
> local_rules.xml
>
>
>
On Fri, Oct 11, 2019 at 8:56 AM Prashanthi Soundarajan
wrote:
>
>
>
> On Friday, October 11, 2019 at 6:23:37 PM UTC+5:30, Prashanthi Soundarajan
> wrote:
>>
>>
>>
>>>
>>> Do the new files you create show up in your syscheck database file?
>>> (/var/ossec/queue/syscheck/syscheck.db for the OSSEC
On Mon, Oct 14, 2019 at 9:54 AM Diego S wrote:
>
> Hi!
>
> i tried with a updated version and im still getting the same error :S
>
That's Wazuh. I don't know enough about their project to help.
>
>
> El sáb., 12 oct. 2019 a las 9:12, dan (ddp) () escribió:
>>
>
On Fri, Oct 11, 2019 at 2:03 PM Diego S wrote:
> Im using 2.0 version.
>
2.0 is ancient. Not much I can do to help with that.
> Im not able to find the syntax error.
>
> Thanks!
>
> El vie., 11 oct. 2019 a las 14:51, dan (ddp) ()
> escribió:
>
>> On Fri, Oct 1
On Fri, Oct 11, 2019 at 1:41 PM Diego S wrote:
>
> Thnaks you very much for your response.
> Let me know if am i wrong. The decoder will be like this:
>
>
> ^\d+\s\w\w\w\w\w,
>
>
>
> Brocade-format
> ^\d\d\d\d/\d\d/\d\d-\d\d:\d\d:\d\d \(\S+\),
> \[\S+\], \S+, \S+, /S+)/\S+(/\w+/\S+),
>
I'm sure it can be cleaned up a lot
On Fri, Oct 11, 2019 at 12:06 PM dan (ddp) wrote:
>
> On Fri, Oct 11, 2019 at 11:49 AM Diego S wrote:
> >
> > Hi everyone!
> >
> > I wondering if we already have on ossec a custom decoder acording to this
> > kind of log
On Fri, Oct 11, 2019 at 11:49 AM Diego S wrote:
>
> Hi everyone!
>
> I wondering if we already have on ossec a custom decoder acording to this
> kind of log to get the red values.
>
> 1022 AUDIT, 2019/07/26-18:02:33 (UYT), [SEC-3020], INFO, SECURITY,
>
On Fri, Oct 11, 2019 at 7:53 AM Prashanthi Soundarajan
wrote:
>
>
>
>>
>> All the samples are from the alerts you say you are getting emails
>> for. The important alerts to look for are the ones you're not getting
>> emails for.
>> Assuming those exist in the alerts.log file, check your smtp
On Thu, Oct 10, 2019 at 5:10 AM Kyriakos Stavridis
wrote:
>
> Hey guys,
>
> Can I have an active response only activated for a specific agent? (active
> reponse's location is on ossec server)
>
> Example:
> I have agent1 and agent2, I have 2 active responses AR1 and AR2. I want AR1
> to be
On Thu, Oct 10, 2019 at 9:24 AM Prashanthi Soundarajan
wrote:
>
>
> Yes, I able see the alerts which I mentioned (" Level 2 - Unknown problem
> somewhere in the system","Level 8 - Log file size reduced","Level 7 -
> Integrity checksum changed."," Level 13 - Non standard syslog message") in
>
; Level 13 - Non standard syslog message"
>
> I am not getting alerts for new file creation/Deletion/Modification
>
Are these alerts getting triggered (check /var/ossec/logs/alerts/alerts.log)?
> On Thursday, October 10, 2019 at 6:17:54 PM UTC+5:30, dan (ddpbsd) wrote:
>
On Thu, Oct 10, 2019 at 7:02 AM Prashanthi Soundarajan
wrote:
>
>
>
> On Thursday, October 10, 2019 at 3:57:41 PM UTC+5:30, Prashanthi Soundarajan
> wrote:
>>
>> ossec.conf
>> ___
>>
>>
>>
>> yes
>> my email
>> 127.0.0.1
>> ossecm@fcappiee
>> yes
>>
>>
>>
>>
On Tue, Oct 8, 2019 at 11:42 AM Jerry Lowry wrote:
>
> Dan,
> Well my test system has been running since last Thursday without any database
> problems. I install MariaDB 13.4. Still not getting email to work but will
> continue to check on that.
> So, If the Mysql database
On Thu, Oct 3, 2019 at 12:09 PM Jerry Lowry wrote:
>
> Dan,
> trying to add the agent I get this:
> ***
> * OSSEC HIDS v3.3.0 Agent manager. *
> * The following options are available: *
>
&
s. I usually use the
local mail server to relay the emails.
> thanks
>
> On Wed, Oct 2, 2019 at 10:08 AM Jerry Lowry wrote:
>>
>> Dan,
>> I have noticed that when the application is started and there are errors
>> like :
>> 2019/10/02 10:03:15 o
On Wed, Oct 2, 2019 at 1:06 PM Jerry Lowry wrote:
>
> Dan,
> I have noticed that when the application is started and there are errors like
> :
> 2019/10/02 10:03:15 ossec-maild(1235): ERROR: Invalid value for element
> 'format': sms.
I think I removed this fairly recently.
On Tue, Oct 1, 2019 at 1:13 PM Jerry Lowry wrote:
>
> List,
>
> I just installed a test VM running Centos 7 and installed ossec 3.3.0. Ran
> through the script and took all the default questions except for the email.
> When I try to start ossec these are the errors I get in the log:
>
On Fri, Sep 27, 2019 at 12:32 PM Jerry Lowry wrote:
>
> Dan,
> I changed the timeout variable to 8 hrs and restarted the database and ossec.
> I got the same error about 6 hours of running. Mysql reported communication
> error with the ossec user at 12 hours running. So, I do
On Fri, Sep 27, 2019 at 11:51 AM llehirgen wrote:
>
>
>
> On Friday, September 27, 2019 at 4:51:20 PM UTC+2, dan (ddpbsd) wrote:
>>
>>
>> Is ssmtp listening on 127.0.0.1 port 25?
>>
>
> I honestly do not know what port is ssmtp listening on.
> I use
On Fri, Sep 27, 2019 at 10:45 AM llehirgen wrote:
>
> I am testing OSSEC HIDS in a Virtual machine on Ubuntu 18.04 server.
> First of all I installed and configured ssmtp as follows:
>
>
> root=my...@gmail.com
> mailhub=smtp.gmail.com:587
> rewriteDomain=gmail.com
> hostname=localhost
>
On Wed, Sep 25, 2019 at 8:56 PM Jerry Lowry wrote:
>
> I understand completely, I am not real happy about it either, and I used to
> work there in support!
>
> But that is what your docs say to use, so I did.
>
> I was going to install MariaDB and give that a shot as well.
>
> thanks,
>
> jerry
but I can verify later. I didn’t realize openbsd
still has mysql, so I guess I can try with the official one too (although
I’m not sure how I feel about installing oracle software ;)).
> jerry
>
> On Wed, Sep 25, 2019 at 12:40 PM dan (ddp) wrote:
>
>>
>>
>> On Wed, Se
file into the /var/ossec directory so it should be
> doing dns translation. I still get "Mail from not accepted by server"
> errors, postfix is also configured to accept email from any of the subnets
> defined.
>
Check your postfix logs for errors.
> jerry
>
> On Wed,
1 - 100 of 5926 matches
Mail list logo