Hi,
I had the same issue with Ossec 2.7 even with a server / agent fresh
install, i confirm.
Regards,
Guilhem
Le lundi 10 décembre 2012 12:00:30 UTC+1, carlopmart a écrit :
On Mon, Dec 10, 2012 at 10:49 AM, C. L. Martinez
carlo...@gmail.comjavascript:
wrote:
On Mon, Dec 10, 2012 at
Le lundi 10 décembre 2012 11:31:10 UTC+1, carlopmart a écrit :
Hi all,
I am using same active response options in one 2.6 ossec server and
in another 2.7 ossec server. In version 2.6 all works ok as I expect,
but under 2.7 it doesn't works. In both servers I have configured only
this
Hi,
My SSH server is being attacked since a few days, ossec detects it but does
not initiate an active response resulting in blocking the remote host.
Therefore, any other types of attacked result in ossec active responses, as
for an example if i try to attack myself from an external
: Invalid command name
'firewall-drop14400' provided.
But if check attack logs and error log, it does not coincides.
On server side, no errors in main ossec.log
I'm thinking in completely re installing the agent from scratch...
Regards,
Guilhem
Le dimanche 9 décembre 2012 13:19:58 UTC+1, Guilmxm
)
(Test:multiple_index)
So active response works fine but not the SSH connection attempt...
Regards,
Guilhem
Le dimanche 9 décembre 2012 13:19:58 UTC+1, Guilmxm a écrit :
Hi,
My SSH server is being attacked since a few days, ossec detects it but
does not initiate an active response resulting
Hi,
Running OSSEC 2.7 with one server and one agent (Linux Debian and Ubuntu),
my server send me emails notification for any security level even if with
the minimum set is 7 (default).
Example of events:
Received From: XX-/var/log/syslog
Rule: 1002 fired (level 2) - Unknown problem
://www.ossec.net/doc/faq/alerts.html#i-set-the-email-alert-level-to-10-why-do-i-keep-seeing-rules-with-lower-levels
On Dec 5, 2012, at 5:12 AM, Guilmxm guilhem@gmail.com javascript:
wrote:
Hi,
Running OSSEC 2.7 with one server and one agent (Linux Debian and Ubuntu),
my server send me emails