Hi dan,
I´ve finally solved the issue, there was an regexp issue in ossim
plugin for ossec ( ossec-single-line.cfg ), so now ossim is correctly
parsing srcip and dstip in UI.
Kind Regards
2015-02-10 14:07 GMT+01:00 dan (ddp) ddp...@gmail.com:
On Tue, Feb 10, 2015 at 8:01 AM, dan (ddp)
On Feb 10, 2015 7:57 AM, Daniel Calvo Castro
daniel.ca...@kernelsecurity.es wrote:
Hi again
These brackets are for emphasis, sorry for not to clarify this, but it
clearly looks like it is a regexp issue, I´m going to deal with it now
and I´ll post if I´m able to solve it. May be some other
On Tue, Feb 10, 2015 at 8:01 AM, dan (ddp) ddp...@gmail.com wrote:
On Feb 10, 2015 7:57 AM, Daniel Calvo Castro
daniel.ca...@kernelsecurity.es wrote:
Hi again
These brackets are for emphasis, sorry for not to clarify this, but it
clearly looks like it is a regexp issue, I´m going to deal
Hi again
These brackets are for emphasis, sorry for not to clarify this, but it
clearly looks like it is a regexp issue, I´m going to deal with it now
and I´ll post if I´m able to solve it. May be some other people are
dealing with this, any help would really appreciated. It is a ticket
opened on
On Mon, Feb 9, 2015 at 4:23 PM, Daniel Calvo Castro
daniel.ca...@kernelsecurity.es wrote:
Just today I´ve been experiencing same issues trying to get OSSIM + OSSEC
working with an asterisk box, I´ve followed this link [1], and trying to
enumerate users I´m able to correlate and fire mails
Could be.
I don’t know if I have to write to the dev mailing list to have it fixed in the
next release.
I’m running my modified version on 3 asterisk instances and I’m very happy with
the results.
Regards,
Simon Gillet
Le 9 févr. 2015 à 14:08, dan (ddp) ddp...@gmail.com a écrit :
On Sun,
Just today I´ve been experiencing same issues trying to get OSSIM + OSSEC
working with an asterisk box, I´ve followed this link [1], and trying to
enumerate users I´m able to correlate and fire mails correctly with OSSIM,
but UI always show $SRCIP 0.0.0.0 so seems useless to configure
post-actions
On Mon, Feb 9, 2015 at 2:10 PM, Security secur...@gillet-bouillon.eu wrote:
Could be.
I don't know if I have to write to the dev mailing list to have it fixed in
the next release.
I'm running my modified version on 3 asterisk instances and I'm very happy
with the results.
Your best option
On Sun, Feb 8, 2015 at 5:26 PM, Security secur...@gillet-bouillon.eu wrote:
Hello,
I think the Asterisk rules could be wrong. Or at least for Ubuntu.
OSSEC always failed blocking brute force attempt on Asterisk.
A standart log entry for brute force attempt looks like:
Dec 17 22:37:25 new