Re: [ossec-list] ossec-logtest returns Level 0 but still getting email alerts Level 2

On Monday, November 16, 2015 at 8:28:27 AM UTC-5, Daniel Bray wrote: > > With the updated alert_by_email settings, this has stopped the email > alerts. I see it hitting the WebUI as alert level 2, but no emails are > coming in. > Unfortunately, with everything put back to the default

[ossec-list] Server runs on its own, but can't get agent to connect to server

Hi, all. I'm at my wit's end here, so I'm hoping someone can help. I've got OSSEC installed in a server/agent configuration. The server itself works; I get email notifications from changes on it. The issue is that the agents won't connect to the server. Both the agents and the server have

[ossec-list] Re: Linux - Windows registry?

Hello, I encounter the same problem as you. Creating an empty file 'hostname-> syscheck-registry' for linux agent. Even if I delete after a syscheck_update he recreated. did you find a solution? Thanks Le mercredi 4 novembre 2009 18:01:52 UTC+1, Alan Sparks a écrit : > > I have a problem

Re: [ossec-list] Re: Linux - Windows registry?

On Mon, Nov 23, 2015 at 9:37 AM, chataigne cat wrote: > > Hello, > I encounter the same problem as you. > Creating an empty file 'hostname-> syscheck-registry' for linux agent. > Even if I delete after a syscheck_update he recreated. > did you find a solution? > Thanks >

Re: [ossec-list] Server runs on its own, but can't get agent to connect to server

On Sun, Nov 22, 2015 at 11:13 PM, wrote: > Hi, all. I'm at my wit's end here, so I'm hoping someone can help. > > > I've got OSSEC installed in a server/agent configuration. The server itself > works; I get email notifications from changes on it. The issue is

Re: [ossec-list] Logtest works, but prod instance does not...

Thanks Josh. I have started a new thread below: https://groups.google.com/forum/#!topic/ossec-list/eAblb28kxA0 On Tuesday, November 17, 2015 at 7:09:00 AM UTC-5, DefensiveDepth wrote: > > Konrad, > > I apologize, but I won't get to testing this further until the weekend... > Just wanted to

[ossec-list] sysmon process creation messages decoding issues

Hello, I am having issues with decoding sysmon generated process creation logs and alerting. I am using below decoder: https://github.com/defensivedepth/Sysmon_OSSEC/blob/master/Sysmon_OSSEC-Decoders.xml I have also loaded rules below:

Re: [ossec-list] OSSEC Server Integration with SIEM

Hi, We are using HP ArcSight SIEM and looking to integrate OSSEC logs with that. Regards Vipin Hooda On Friday, November 20, 2015 at 10:40:06 PM UTC+5:30, Santiago Bassett wrote: > > What SIEM do you use? Are you looking for professional support? > > Best > > > > On Fri, Nov 20, 2015 at 8:22

[ossec-list] Public Key Authentication with Passphrase for Agentless Monitoring

This may be a stupid question, but when setting up public key auth for devices to be monitored without an agent, if you set a passphrase for the public key, when and how would this need to be entered?--only upon the initial connection from OSSEC and the device to be monitored? Would this need

[ossec-list] syslog from OSSEC Manager server to a Solarwind Server

I want to know if anyone know how to send the Ossec logs to a server that runs Solarwind. The server need to be able to capture the logs to create and send security reports. Stephen LuShing Hofstra University - Open System 125 Hofstra University McEwen Hall - Room 208 Hempstead, NY

Re: [ossec-list] ossec-logtest returns Level 0 but still getting email alerts Level 2

Hi Daniel, sorry for late response. I don't know for real what is happening with your alerts but i'll keep giving you some advices, we'll see if we can make this work. Maild read directly from alerts.log, search for "mail" flag and if it is present send the email, that means if your alerts is

[ossec-list] ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible (again)

Hello, Hoping someone can help me. New server install on RHEL 6 using source file ossec-hids-2.8.3.tar.gz, it appears the very important daemon, ossec-analysisd, does not fully start, thus preventing other processes from running. The log pasted below shows no smoking gun. Debug has been