Re: [ossec-list] Does Ossec support MariaDB?

2015-09-22 Thread dan (ddp)
On Sat, Sep 19, 2015 at 10:42 AM, Kai Chung Lau wrote: > I know Ossec supports PostgreSql and Mysql, but since MariaDb is the drop-in > replacement for Mysql, can Ossec also work with Mariadb? > > I have tried recompiling Ossec but it doesn't work. > [root@ju src]# make

Re: [ossec-list] ossec-remoted not running

2015-09-22 Thread dan (ddp)
On Tue, Sep 22, 2015 at 4:56 AM, Matt Hickie wrote: > Running into an issue with ossec-remoted not running. Setup had been > working for over a couple of months and now the remoted process just seems > to die. This is running on AWS linux > > Enabled debug with gdb. > >

Re: [ossec-list] Merge EventChannel fix into 2.8?

2015-09-22 Thread dan (ddp)
Never mind, I think I found it. If anyone wants to test this out before I look into what else needs to be done for a release, I'd really appreciate it: https://github.com/ddpbsd/ossec-hids/tree/283 I guess I should see if my fix for hybrid mode was in 2.8.2 or just pre-2.9... On Tue, Sep 22,

Re: [ossec-list] File Edits on Agent Not Being Sent to Server

2015-09-22 Thread dan (ddp)
On Mon, Sep 21, 2015 at 10:30 AM, James DeLeon wrote: > Hello, > > > I have a single OSSEC Server and a single agent set up currently. I receive > e-mail alerts when the agent is reset, and I see things like the following > in alerts.log on the server: > > > ** Alert

Re: [ossec-list] Merge EventChannel fix into 2.8?

2015-09-22 Thread dan (ddp)
On Mon, Sep 21, 2015 at 6:09 PM, Brent Morris wrote: > (I'm assuming it is fixed in 2.9) - sure! Compile and post the 2.9 client > binaries on ossec.net with checksums, etc. > > Or would this create other issues? > The issue is finding the time to do a complete release.

[ossec-list] ossec-remoted not running

2015-09-22 Thread Matt Hickie
Running into an issue with ossec-remoted not running. Setup had been working for over a couple of months and now the remoted process just seems to die. This is running on AWS linux Enabled debug with gdb. /var/ossec/bin/ossec-control enable debug /var/ossec/bin/ossec-control restart ran

[ossec-list] How to Query OSSEC for certain events (Hunting Techniques)

2015-09-22 Thread namobuddhaonion
Hello Group! I'm using the Logstash / Kibana (as well as the OSSEC basic web interface). In Kibana I use a table view to sort OSSEC events by number and this helps zero in on suspicious events. While the basic web interface is fairly featureless I found that going to the search screen and