I don't know what's going on here but /proc is not a real directory and
does not take up space on the disk. It is a virtual directory, maintained
by the operating system, and the numbered directories directly within it
will frequently change as they map to processes running on the system.
On
On Mon, Nov 30, 2015 at 9:59 AM, Daniel Bray wrote:
> On Friday, November 27, 2015 at 8:16:39 AM UTC-5, dan (ddpbsd) wrote:
>>
>> And strangely enough, this works just fine for me (ignored when fed
>> through logger).
>>
>> Can you update to the latest OSSEC source from github
Thanks for the reply. Yes, I had thought of the permissions, should have
mentioned that in the original post. Here they are:
[root@ossec ossec]# ls -ld queue
dr-xr-x--- 11 root ossec 4096 Nov 3 2011 queue
[root@ossec ossec]# ls -ld queue/ossec
drwxrwx--- 2 ossec ossec 4096 Nov 23 16:11
Hi Dan! Here's a log from my archives.log file
2015 Nov 30 10:07:57 (HOSTNAME) HOSTIP->WinEvtLog 2015 Nov 30 10:07:54
WinEvtLog: Security: AUDIT_SUCCESS(4688):
Microsoft-Windows-Security-Auditing: (no user): no domain: HOSTNAME_FQDN: A
new process has been created. Subject: Security ID:
On Friday, November 27, 2015 at 8:16:39 AM UTC-5, dan (ddpbsd) wrote:
>
> And strangely enough, this works just fine for me (ignored when fed
> through logger).
>
> Can you update to the latest OSSEC source from github and try that?
>
Updated to latest github update, and issue remains. Logtest
Also, thanks for the information about the groups
On Monday, November 30, 2015 at 10:15:26 AM UTC-6, Phillipa Moorea wrote:
>
> Hi Dan! Here's a log from my archives.log file
>
> 2015 Nov 30 10:07:57 (HOSTNAME) HOSTIP->WinEvtLog 2015 Nov 30 10:07:54
> WinEvtLog: Security: AUDIT_SUCCESS(4688):
Here's another example of a log file in which I'm actually interested in:
2015 Nov 30 13:02:39 (HOSTNAME) HOSTIP->WinEvtLog 2015 Nov 30 13:02:39
WinEvtLog: Windows PowerShell: INFORMATION(500): PowerShell: (no user): no
domain: HOSTNAME_FQDN: Command "Get-Host" is Started. Details:
On Mon, Nov 30, 2015 at 11:26 AM, dan (ddp) wrote:
>
>
> Last idea at the moment:
> Copy archives.log. Open the copy in a text editor. Find an entry you
> want to test against and delete everything else.
> Delete the archives.log header from your chosen entry.
> Run that through
On 11/30/2015 12:21 PM, Daniel Bray wrote:
On Mon, Nov 30, 2015 at 11:26 AM, dan (ddp) > wrote:
Last idea at the moment:
Copy archives.log. Open the copy in a text editor. Find an entry you
want to test against and delete everything else.
If anybody knows what I am doing wrong, any help would be great. Even just
a documentation link or something or a question of clarification? I have
posted this issue in the AlienVault forums as well. I've been keeping both
forums updated.
I think a lot of people will want to monitor any
Ok, are the directories in /proc erased by the system when shutting down
the computer ?
I was watching the content of my SSD filled up on friday, and it
comfirmed it's not due to OSSEC's config.
I found that datas from my /home/antoine directory were copied to
On Mon, Nov 30, 2015 at 6:39 AM, Phillipa Moorea wrote:
> If anybody knows what I am doing wrong, any help would be great. Even just
> a documentation link or something or a question of clarification? I have
> posted this issue in the AlienVault forums as well. I've
12 matches
Mail list logo