Hi,
Is there any way to ignore folders recursevily? I.e:
I have a folder called data, Inside there are 100+ folders which
contrains other folders.
Can I recursively ignore data and all the folders inside?
Thanks.
Özgür Özdemircili
Hi,
Today I got this from one of our servers.
Received From: (E-Business) 10.xx.xx.xx-rootcheck
Rule: 513 fired (level 9) - Windows malware detected.
Portion of the log(s):
Windows Malware: Possible Malware - Svchost running outside system32.
Process: svchost.exe.
Searching the lists there
Hi Oscar,
That's a great way to work around this issue and should work fine.
Another suggestion
would be to enable alerting only for the levels 10 and above and
configure a cron script
to run daily sending the others...
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Fri, Feb 12, 2010 at
Hi Peter,
Can you paste some of the alerts you got, just to give us some
context? Your rule seems fine and it should
have worked by ignoring the rule for 900 seconds (unless we have a bug).
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Sat, Jan 30, 2010 at 12:56 PM, Peter M. Abraham
Hi Oscar,
My answers:
1-Whenever I can I install on servers+ desktops. However, I generally
go with a less noise set of rules
in the desktop (specially for FIM).
2-Single manager when possible to make it easier to manage.
3-Yes
4-I do. On my laptops I always configure OSSEC with two ip
Hello,
Thanks for your answer
All logs comes in one file called all.log and i received alert and
email for auth, snort etc ... so for me it's working
As i said before, it's matching rule 4100 and 4101 when i paste it in
logtest.
Feb 15 22:13:22 rtr-mel pf: 11 rule 153/0(match): block in on