[ossec-list] OSSEC into Splunk - Amazon EC2

Hello, I have three OSSEC servers running on three seperate machines (one for each individual network). I was wondering how I can point those servers to my Splunk server. The Splunk app appers to have the functionality to select by Server Name. This would then give me the ability to manage

Re: [ossec-list] Incorrectly formated message errors.

On 08/17/2012 15:32, dan (ddp) wrote: On Fri, Aug 17, 2012 at 2:52 AM, bw bw.mail.li...@gmail.com wrote: Does it work if you don't have it listening to 2 different networks? No. And when I say no, I mean I stopped everything and started only the master and the 192.168. agent and I got the

Re: [ossec-list] socketerr messages after restarting ossec, errors occur after the starting the rootcheck scan

On Fri, Aug 17, 2012 at 5:29 PM, Shaka Lewis shaka.le...@gmail.com wrote: I get the below errors after restarting ossec. This is version 2.6 running on a Linux machine 2012/08/17 16:55:21 ossec-logcollector: socketerr (not available). 2012/08/17 16:55:21 ossec-logcollector(1224): ERROR:

Re: [ossec-list] Re: socketerr messages after restarting ossec, errors occur after the starting the rootcheck scan

I ran the ls command and the file does exist. I just started recently having problems. The system runs usaully about 30 minutes to an hour then analysisd dies. On Sun, Aug 19, 2012 at 7:49 PM, JB jjoob...@gmail.com wrote: Looks like the Unix sockets do not work at all. Was OSSEC running OK

Re: [ossec-list] socketerr messages after restarting ossec, errors occur after the starting the rootcheck scan

This is the error log in the ossec.log file when i restarted this morning ossec-logcollector(1950): INFO: Analyzing file: '/var/ossec/logs/alerts/alerts.log'. 2012/08/20 09:29:30 ossec-logcollector: INFO: Started (pid: 10978). 2012/08/20 09:29:50 ossec-logcollector: socketerr (not available).

Re: [ossec-list] socketerr messages after restarting ossec, errors occur after the starting the rootcheck scan

On Mon, Aug 20, 2012 at 9:38 AM, Shaka Lewis shaka.le...@gmail.com wrote: This is the error log in the ossec.log file when i restarted this morning ossec-logcollector(1950): INFO: Analyzing file: '/var/ossec/logs/alerts/alerts.log'. 2012/08/20 09:29:30 ossec-logcollector: INFO: Started (pid:

[ossec-list] ossec service stops immediately after start

Windows 2003 Faulting application ossec-agent.exe, version 0.0.0.0, faulting module ossec-agent.exe, version 0.0.0.0, fault address 0x00030b6f. ossec.log 2012/08/20 09:25:30 ossec-agent(1905): INFO: No file configured to monitor. 2012/08/20 09:25:30 ossec-execd(1350): INFO: Active response

Re: [ossec-list] ossec service stops immediately after start

Check that your config file is existent and that it is readable, also if yit exists paste it here. On Mon, Aug 20, 2012 at 4:27 PM, Michael Barrett michael_barr...@mgic.comwrote: Windows 2003 Faulting application ossec-agent.exe, version 0.0.0.0, faulting module ossec-agent.exe, version

Re: [ossec-list] ossec service stops immediately after start

!-- OSSEC Win32 Agent Configuration. - This file is compost of 3 main sections: -- Client config - Settings to connect to the OSSEC server. -- Localfile - Files/Event logs to monitor. -- syscheck - System file/Registry entries to monitor. -- !-- READ ME FIRST. If

Re: [ossec-list] ossec service stops immediately after start

looks like i fixed it. apparently there was no rids directory once I created it agent starts Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | (