Hi,
I'm passing log files from Domain Controllers via the OSSEC agent, and
trying to refine the decoders for logon events. As standard, the event
logs the User as SYSTEM, as this is what raises the event. The event logs
contain the User Name and Client IP. I've added a new decoder to
OK, in further digging, it doesn't work. It seemed to work under
ossec-logtest, but no alerts were firing in the real world.
The issue I'm having is the multiple attempts alerts are firing if 10
logins fail, regardless of the user, because they all show as the SYSTEM
user.
Thanks
On
On Tue, Nov 6, 2012 at 8:17 AM, Chris H chris.hemb...@gmail.com wrote:
OK, in further digging, it doesn't work. It seemed to work under
ossec-logtest, but no alerts were firing in the real world.
The issue I'm having is the multiple attempts alerts are firing if 10 logins
fail, regardless of
On Tue, Nov 6, 2012 at 6:13 AM, Chris H chris.hemb...@gmail.com wrote:
Hi,
I'm passing log files from Domain Controllers via the OSSEC agent, and
trying to refine the decoders for logon events. As standard, the event logs
the User as SYSTEM, as this is what raises the event. The event logs
On Tuesday, November 6, 2012 2:25:42 PM UTC, dan (ddpbsd) wrote:
On Tue, Nov 6, 2012 at 8:17 AM, Chris H chris@gmail.com javascript:
wrote:
OK, in further digging, it doesn't work. It seemed to work under
ossec-logtest, but no alerts were firing in the real world.
The issue
On Tuesday, November 6, 2012 2:25:43 PM UTC, dan (ddpbsd) wrote:
On Tue, Nov 6, 2012 at 6:13 AM, Chris H chris@gmail.com javascript:
wrote:
Hi,
I'm passing log files from Domain Controllers via the OSSEC agent, and
trying to refine the decoders for logon events. As standard,
On Tue, Nov 6, 2012 at 11:19 AM, Chris H chris.hemb...@gmail.com wrote:
On Tuesday, November 6, 2012 2:25:42 PM UTC, dan (ddpbsd) wrote:
On Tue, Nov 6, 2012 at 8:17 AM, Chris H chris@gmail.com wrote:
OK, in further digging, it doesn't work. It seemed to work under
ossec-logtest, but
On Tue, Nov 6, 2012 at 11:39 AM, Chris H chris.hemb...@gmail.com wrote:
On Tuesday, November 6, 2012 2:25:43 PM UTC, dan (ddpbsd) wrote:
On Tue, Nov 6, 2012 at 6:13 AM, Chris H chris@gmail.com wrote:
Hi,
I'm passing log files from Domain Controllers via the OSSEC agent, and
trying
On Tuesday, November 6, 2012 4:58:24 PM UTC, dan (ddpbsd) wrote:
On Tue, Nov 6, 2012 at 11:19 AM, Chris H chris@gmail.comjavascript:
wrote:
On Tuesday, November 6, 2012 2:25:42 PM UTC, dan (ddpbsd) wrote:
On Tue, Nov 6, 2012 at 8:17 AM, Chris H chris@gmail.com wrote:
This is a stretch being that this appears to be dead, but any luck with it?
I'm attempting to do the something very similar. Wish to disregard failed
logons of a specific user.
On Thursday, February 2, 2012 10:57:52 AM UTC-5, Jeremy Schultz wrote:
I knew I was missing something simple,
10 matches
Mail list logo