Hello.
On the ossec.log file there is the message of connection to the server and
the start of the syscheck and its forward to the server.
Only the client connection is on the server log.
The other clients, linux and windows, continue to send their events and
these messages are visible on the
Hi Dan!
I have achieved this by using profile concept
what i have done is I have used a and for
dynamic agents I have used and then I have
restarted agents and agent.conf has been updated in both machines. But I'm
confused here in one place, In agent.conf file my settings for static and
On Thu, Jun 21, 2018 at 8:32 AM, Vinay Vanama wrote:
> Hi Dan!
>
> I have achieved this by using profile concept
>
> what i have done is I have used a and for
> dynamic agents I have used and then I have
> restarted agents and agent.conf has been updated in both machines. But I'm
> confused
On Thu, Jun 21, 2018 at 3:31 AM, e.fanti e.fanti wrote:
> Hello.
> On the ossec.log file there is the message of connection to the server and
> the start of the syscheck and its forward to the server.
> Only the client connection is on the server log.
>
> The other clients, linux and windows,
On Thu, Jun 21, 2018 at 10:37 AM, wrote:
> Hi all
>
> I'm trying to connect several ossec agents to an ossec server over the
> internet and without vpn tunnels. This means, IPs get transformed because of
> NAT. This is not a problem for agent-to-server communication, since I can
> register each
Hi all
I'm trying to connect several ossec agents to an ossec server over the
internet and without vpn tunnels. This means, IPs get transformed because
of NAT. This is not a problem for agent-to-server communication, since I
can register each agent with source ip "any" and all packets go to
On Wed, Jun 20, 2018 at 8:24 PM, Mark M wrote:
>
> I'm re-visiting my OSSEC rules today because failed su - root attempts
> (level 9) no longer fire or send email. You can see 5301 fires, but not
> 5302? This was working in the past on the same server.
>
The `root` user isn't decoded in the
On Thu, Jun 21, 2018 at 2:22 PM, Vinay Vanama wrote:
> Hi Dan,
>
> Is my configuration of both agent and server looks fine ? because when I
> have added section in the agent ossec.conf then only it started
> monitoring files. So why do we need the agent.conf in OSSEC master ?
>
I don't like the
I don't see anything in my rsyslog.conf that should affect local log
format? Why might the decoder be failing?
Jun 21 12:27:37 dactyl unix_chkpwd[4723]: password check failed for user
(root)
Jun 21 12:27:37 dactyl su: pam_unix(su-l:auth): authentication failure;
logname=mmoorcro
So now how can we ensure that this is working ?
On Friday, June 22, 2018 at 12:03:42 AM UTC+5:30, dan (ddpbsd) wrote:
>
> On Thu, Jun 21, 2018 at 2:22 PM, Vinay Vanama > wrote:
> > Hi Dan,
> >
> > Is my configuration of both agent and server looks fine ? because when I
> > have added
On Thu, Jun 21, 2018 at 2:45 PM, Vinay Vanama wrote:
> So now how can we ensure that this is working ?
>
Ok, I created an agent.conf:
ix# more /var/ossec/etc/shared/agent.conf
/var/test
It got pushed to an agent. I configured that agent to use the profile:
junction# more
Hi Dan,
Is my configuration of both agent and server looks fine ? because when I
have added section in the agent ossec.conf then only it started
monitoring files. So why do we need the agent.conf in OSSEC master ?
On Thursday, June 21, 2018 at 9:39:09 PM UTC+5:30, dan (ddpbsd) wrote:
>
> On
12 matches
Mail list logo