Hi,
there are rules for that
in
https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0215-policy_rules.xml.
They are included by default, but not enabled.
Regards.
On Thursday, March 30, 2017 at 12:20:39 AM UTC+2, jose wrote:
>
> Hi mscrano, yes you can do that,
>
> example:
>
>
> 100
Hi,
after enable ipv6 in /boot i received other problem, the process remoted
binding in port 1514 for ipv6 and not binding to ipv4.
udp6 0 0 :::514 :::*
5243/bin/ossec-remo
udp6 0 0 :::1514 :::*
On Fri, Mar 31, 2017 at 10:36 AM, Eduardo Reichert Figueiredo
wrote:
> Hi,
> after enable ipv6 in /boot i received other problem, the process remoted
> binding in port 1514 for ipv6 and not binding to ipv4.
>
> udp6 0 0 :::514 :::*
> 5243/bin/ossec-remo
> udp6 0
I know this is old, but thank you SO much for posting the resolution. I ran
into the exact same issue when writing a decoder for a Windows log file. I
did not realize that the OSSEC logs in archive contained an added header
and it caused me a HUGE headache when writing the decoder. I tested mine