Thank you
On Tuesday, December 18, 2012 8:37:57 AM UTC+5:30, dan (ddpbsd) wrote:
On Mon, Dec 17, 2012 at 3:49 PM, Dhinakaran G
dhinak...@capillarytech.com javascript: wrote:
Hi all,
In web_rules.xml rule is triggering alert that are stored in the log ,
but
not reaching our
Yes, you are correct though, the segfault errors would show up when I
started the ossec agents, but the segfault error in the logs is in the
ossec server's /var/log/messages. It doesn't show up in the agent logs,
just at agent start-up.
remote
connectionsecure/connection
Turned out to be permissions on queue folder that caused the
disconnection issues. Still looking into the segfaults when restarting
agents.
~ Carrie
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com]
On Behalf Of dan (ddp)
Sent: Monday, December 17,
Is there an easy way to just fire an alert off when any event is recorded
into the event viewer from a certain user? I'm curious to see if this
possible? For example, a missed password, failed login, etc...I'm wanting
to get notified on this activity or any activity on a particular user.
Make
after i finish the all stuff:I am getting this errror.
root@capillary:/home/capillary/ossec-hids-2.7# /var/ossec/bin/ossec-control
start
Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)...
2012/12/18 23:54:05 ossec-dbd(5207): ERROR: OSSEC not compiled with support
for 'mysql'.
2012/12/18
I followed this discussion url:
https://groups.google.com/forum/#!searchin/ossec-list/ERROR:$20OSSEC$20not$20compiled$20with$20support$20for$20'mysql'/ossec-list/z6cXq1iZYTo/2aPGtkBdc4sJ
On Tuesday, December 18, 2012 11:59:40 PM UTC+5:30, Dhinakaran G wrote:
after i finish the all stuff:I am
On Dec 18, 2012 1:13 PM, Carrie Poole carrie.po...@andesaservices.com
wrote:
Turned out to be permissions on queue folder that caused the
disconnection issues. Still looking into the segfaults when restarting
agents.
~ Carrie
Which daemon is segfaulting on the agents?
-Original
On Dec 18, 2012 1:30 PM, Dhinakaran G dhinakara...@capillarytech.com
wrote:
after i finish the all stuff:I am getting this errror.
root@capillary:/home/capillary/ossec-hids-2.7#
/var/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)...
2012/12/18 23:54:05
syscheckd daemon... is crashing because it says there is no syscheck
file to monitor.there is a syscheck file, but it's in the
agent.conf, not the ossec.conf.
All of my agents have the same files (ossec.conf agent.conf), and
only a few of them do the segfault error on startup.
~ Carrie
How to recompile ?
On Wednesday, December 19, 2012 12:07:02 AM UTC+5:30, dan (ddpbsd) wrote:
On Dec 18, 2012 1:30 PM, Dhinakaran G
dhinak...@capillarytech.comjavascript:
wrote:
after i finish the all stuff:I am getting this errror.
root@capillary:/home/capillary/ossec-hids-2.7#
How to Recompile the mysql with ossec in ubuntu 10.04 server lts version 64
bit
On Tuesday, December 18, 2012 11:59:40 PM UTC+5:30, Dhinakaran G wrote:
after i finish the all stuff:I am getting this errror.
root@capillary:/home/capillary/ossec-hids-2.7#
/var/ossec/bin/ossec-control start
Does anyone have any idea about how to strip out IP addresses from outgoing
alerts, without going to a full blown email security system? There doesn't
seem to be any native options. We're on the verge of outsourcing our email
service and there's some trepidation about letting the IP addresses
On Dec 18, 2012 3:09 PM, Dhinakaran G dhinakara...@capillarytech.com
wrote:
How to recompile ?
How did you compile it the first time?
cd src
make setdb
cd ..
./install.sh
There might be a change you have to make to a Makefile because ubuntu is
odd. It's in the list archives.
On Wednesday,
On Dec 18, 2012 3:08 PM, Carrie Poole carrie.po...@andesaservices.com
wrote:
syscheckd daemon… is crashing because it says there is no syscheck file
to monitor…..there is a syscheck file, but it’s in the agent.conf, not the
ossec.conf.
All of my agents have the same files (ossec.conf
On Dec 18, 2012 3:09 PM, verrick trubl...@gmail.com wrote:
Does anyone have any idea about how to strip out IP addresses from
outgoing alerts, without going to a full blown email security system? There
doesn't seem to be any native options. We're on the verge of outsourcing
our email service and
I appreciate the reply. Any thoughts on where to do that? I've got the
source but haven't found what I'm looking for - could be staring me in the
face, but I can't see it.
Thanks again,
Ver
On Tuesday, December 18, 2012 12:27:55 PM UTC-8, dan (ddpbsd) wrote:
On Dec 18, 2012 3:09 PM,
Friends,
Apologies for the long mail, I have started sending syslog from my Cisco
ASA to my OSSEC 2.6 server, logs received okay but the issue is that the
ASA syslog message, Dec 10 2012 10:21:33 xxx-xxx-fw1 : %ASA-3-710003: TCP
access denied by ACL from x.x.x.x/35606 to external:x.x.x.x/80
17 matches
Mail list logo