Hello,
I have three OSSEC servers running on three seperate machines (one for each
individual network). I was wondering how I can point those servers to my
Splunk server. The Splunk app appers to have the functionality to select by
Server Name. This would then give me the ability to manage
On 08/17/2012 15:32, dan (ddp) wrote:
On Fri, Aug 17, 2012 at 2:52 AM, bw bw.mail.li...@gmail.com wrote:
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got the
On Fri, Aug 17, 2012 at 5:29 PM, Shaka Lewis shaka.le...@gmail.com wrote:
I get the below errors after restarting ossec. This is version 2.6
running on a Linux machine
2012/08/17 16:55:21 ossec-logcollector: socketerr (not available).
2012/08/17 16:55:21 ossec-logcollector(1224): ERROR:
I ran the ls command and the file does exist. I just started recently
having problems. The system runs usaully about 30 minutes to an hour
then analysisd dies.
On Sun, Aug 19, 2012 at 7:49 PM, JB jjoob...@gmail.com wrote:
Looks like the Unix sockets do not work at all.
Was OSSEC running OK
This is the error log in the ossec.log file when i restarted this morning
ossec-logcollector(1950): INFO: Analyzing file:
'/var/ossec/logs/alerts/alerts.log'.
2012/08/20 09:29:30 ossec-logcollector: INFO: Started (pid: 10978).
2012/08/20 09:29:50 ossec-logcollector: socketerr (not available).
On Mon, Aug 20, 2012 at 9:38 AM, Shaka Lewis shaka.le...@gmail.com wrote:
This is the error log in the ossec.log file when i restarted this morning
ossec-logcollector(1950): INFO: Analyzing file:
'/var/ossec/logs/alerts/alerts.log'.
2012/08/20 09:29:30 ossec-logcollector: INFO: Started (pid:
Windows 2003
Faulting application ossec-agent.exe, version 0.0.0.0, faulting module
ossec-agent.exe, version 0.0.0.0, fault address 0x00030b6f.
ossec.log
2012/08/20 09:25:30 ossec-agent(1905): INFO: No file configured to
monitor.
2012/08/20 09:25:30 ossec-execd(1350): INFO: Active response
Check that your config file is existent and that it is readable, also if
yit exists paste it here.
On Mon, Aug 20, 2012 at 4:27 PM, Michael Barrett
michael_barr...@mgic.comwrote:
Windows 2003
Faulting application ossec-agent.exe, version 0.0.0.0, faulting module
ossec-agent.exe, version
!-- OSSEC Win32 Agent Configuration.
- This file is compost of 3 main sections:
-- Client config - Settings to connect to the OSSEC server.
-- Localfile - Files/Event logs to monitor.
-- syscheck - System file/Registry entries to monitor.
--
!-- READ ME FIRST. If
looks like i fixed it. apparently there was no rids directory once I
created it agent starts
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | (
10 matches
Mail list logo