Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

Hi Victor, i validated and ipv6 feature is enable in my redhat 7.3, but ossec remoted continue is same error reported above. The file of installation is same that used in other installations (rhel6.8). Em quinta-feira, 23 de março de 2017 15:37:50 UTC-3, Victor Fernandez escreveu: > > Hi

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

Sorry Eduardo, maybe the method that I told you (enabling on the fly) does not work properly. If followed those steps to disable IPv6, better undo what you did to disable it. I have done it by editing file "/etc/sysctl.conf" and adding (to disable) or removing (to enable back) these lines:

Re: [ossec-list] cannot get policy auditing to work

On Tue, Mar 28, 2017 at 5:16 PM, Keith Goodlip wrote: > I've been trying to setup policy audit in a lab I've set up to no avail. > > My setup is 2 servers (server, client) using CentOS 7.3 and RPMs from the > atomic repository (selinux, firewalld are disabled) (ipv6 is

[ossec-list] time based exceptions

Hi Ossec-list, I am wondering if anyone else has run into this issue, I have a cron that runs at the same time every day and it always triggers the promiscuous mode rule (per expected behavior) . Is it possible to have a time based exclusion for a rule such that it will not trigger between

Re: [ossec-list] time based exceptions

Hi mscrano, yes you can do that, example: 100125 6 pm – 8:30 am Login outside business hours. policy_violation http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html#element-time Regards

Re: [ossec-list] Re: %AppData% alert on new file creation proper setup

Hi, I tested that configuration at Windows agent's ossec.conf: 300 C:\Users/Administrator/AppData/Local/Temp And I added this new rule on manager's local_fules.xml: 554 < regex>C:\\Users/\S+/AppData/Local/Temp File added to the system at Temp directory. syscheck,pci_dss_11.5, This