Re: [ossec-list] Re: reportd not sending any email

2016-04-18 Thread Daniel Cid
Try this patch from here: https://bitbucket.org/dcid/ossec-hids/commits/eb98bdae15cec6ccf04190d0badbd3b0de6f84b7 As it may fix the problem. thanks, On Mon, Apr 18, 2016 at 7:16 PM, theresa mic-snare wrote: > will need to take a proper look at what's causing those

Re: [ossec-list] Re: reportd not sending any email

2016-04-18 Thread theresa mic-snare
will need to take a proper look at what's causing those segfaults tomorrow... Am Dienstag, 19. April 2016 00:11:45 UTC+2 schrieb theresa mic-snare: > > oh no!! > OSSEC segfaulted > > 2016-04-19T00:01:58.311800+02: > 00 tron kernel: ossec-monitord[20021]: segfault at 1a ip 7f68290ab8b5 > sp

Re: [ossec-list] Re: reportd not sending any email

2016-04-18 Thread theresa mic-snare
oh no!! OSSEC segfaulted 2016-04-19T00:01:58.311800+02: 00 tron kernel: ossec-monitord[20021]: segfault at 1a ip 7f68290ab8b5 sp 7fff84248bc0 error 4 in libc-2.12.so[7f6829008000+18a000] since this was 1 Minute after midnight I suspect reportd causes this this is what the OSSEC log

Re: [ossec-list] Rule 1002 continues to fire after creating local overwriting rule

2016-04-18 Thread James Stallings
This is the first rule I have attempted since inheriting the system/platform. It is worth noting however that the "no_email_alert" is > redundant in this case, because the rule level is set to zero. Yea, I was grasping at straws here. On Monday, April 18, 2016 at 12:05:54 PM UTC-4,

Re: [ossec-list] RootCheck disableing

2016-04-18 Thread joe . cosgrove
Interesting... that should be the only config that you need to update in order to disable the root check. I tried it in my lab and disabled it properly as well. On Sunday, April 17, 2016 at 4:56:15 AM UTC-4, eyal gershon wrote: > > I checked again the logs - > > 2016/04/16 18:37:27

Re: [ossec-list] Rule 1002 continues to fire after creating local overwriting rule

2016-04-18 Thread Jesus Linares
Your rule seems to work well. Could you paste here the output of logtest? On Monday, April 18, 2016 at 6:05:54 PM UTC+2, LostInThe Tubez wrote: > > Your rule triggers for me when I test it (on v2.8.3), so the problem is > likely not with your rule. It is worth noting however that the >