I think this is my same issue, but I am not sure what this means? Is there
anyway you can expand a little further on how you got your alert to work?
I'm having this same issue for trying to get alerts for PowerShell
commands.
On Thursday, November 26, 2015 at 8:52:28 AM UTC-6,
Well, I updated both the server and client OSSEC HIDS to 2.8.3, but still
no luck. The PowerShell logs in archive.log are still multi-line logs, and
I am getting the same results.
On Wednesday, November 25, 2015 at 8:45:18 AM UTC-6, Phillipa Moorea wrote:
>
> Ok, I think I know what's going on
On Thu, Nov 26, 2015 at 6:44 PM, Graeme Coates
wrote:
> Hi,
>
> Am running OSSEC 2.8.3-3jessie (from the alientvault.com repo)
>
> I'm trying to test active-response rules for a Wordpress install -
> specifically to add source IPs as DROP rules in iptables where they
On Wed, Nov 25, 2015 at 2:19 PM, Daniel Bray wrote:
> On Wednesday, November 25, 2015 at 1:46:15 PM UTC-5, LostInThe Tubez wrote:
>>
>> On the OSSEC server, open /var/ossec/rules/syslog_rules.xml. Search for
>> rule 1002, right there towards the top. Note the options element,
On Fri, Nov 27, 2015 at 2:43 AM, wrote:
>
> hi ~ help~~~ Is there another alert way for OSSEC ( exclude e-mail
> )??? such as Wechat Etc :)
> Thanks~~~!!!
>
OSSEC can output in syslog, and some similar formats (CEF, Splunk). It
can also
On Mon, Nov 23, 2015 at 4:29 PM, Greg Nowicki wrote:
> Hello,
>
> Hoping someone can help me.
>
> New server install on RHEL 6 using source file ossec-hids-2.8.3.tar.gz, it
> appears the very important daemon, ossec-analysisd, does not fully start,
> thus preventing other
A little further, I changed the logformat from eventlog to eventchannel,
and now the archive.log has taken out all of the multiple lines. I still
do not have a generated alert yet even though ossec-logtest says it
generates an alert and it matches my custom rule. I set the level to level
6.