I reinstalled the windows server , but the case is similar .
I have a question:
how ossec server knows the path of the file route-null.cmd existing on
windows agent in order to perform the response?
Thank you in advance
On Friday, May 22, 2015 at 1:39:25 PM UTC+2, dan (ddpbsd) wrote:
On Sun,
Another thing , I am sure now when I run the command :
/var/ossec/bin/agent_control -b xxx.xxx.xxx.xxx -f win_nullroute -u 002 it
did not work on the agent i.e when I run command
C:\route print the ip did not appear , but when on agent I run the file
route-null.cmd and write ADD
On Tue, May 26, 2015 at 4:33 AM, HMath h.i.youss...@gmail.com wrote:
I reinstalled the windows server , but the case is similar .
I have a question:
how ossec server knows the path of the file route-null.cmd existing on
windows agent in order to perform the response?
I believe the relative
On Sun, May 17, 2015 at 3:36 AM, HMath h.i.youss...@gmail.com wrote:
another point, there are some system errors in windows machine I saw them in
log file in windows ossec
Errors could be bad.
I didn't check, but are you sure all of the rule IDs you added to the
AR configuration have source
another point, there are some system errors in windows machine I saw them
in log file in windows ossec
On Saturday, May 16, 2015 at 1:06:47 PM UTC+2, HMath wrote:
yes , I was getting alerts for them in the alert.log and some of them
emailed depending on the level.
another point , there are
On Thu, May 14, 2015 at 10:59 AM, HMath h.i.youss...@gmail.com wrote:
First , sorry for my English
I am new to OSSEC
what happened is I was trying some attacks on iis on windows machine and
alerts are generated in ossec server , I have supposed that ossec will
block the attacking ip for 600
Hi all ,
I have ossec manager running on centos ,and two agents one of them is
running on windows 2008.
The active response work fine on centos agent but on windows server not
work automatically and work fine manually .
I hope to figure out the problem.
--
---
You received this message
On Thu, May 14, 2015 at 10:22 AM, HMath h.i.youss...@gmail.com wrote:
Hi all ,
I have ossec manager running on centos ,and two agents one of them is
running on windows 2008.
The active response work fine on centos agent but on windows server not work
automatically and work fine manually .
First , sorry for my English
I am new to OSSEC
what happened is I was trying some attacks on iis on windows machine and
alerts are generated in ossec server , I have supposed that ossec will
block the attacking ip for 600 seconds, but that did not happen and when I
did manually by