[ossec-list] Re: 2.8 - Active response on Windows agents not working ?

2016-05-03 Thread Jacob Mcgrath
yes I have no life "but" since I am dropping routes on my internal network I can check the first octet.. or to checks in chain style for other subnets... ECHO "%2" | %WINDIR%\system32\findstr.exe /R "10\." >nul || ECHO Invalid IP && EXIT /B 2 On Wednesday, July 2, 2014 at 11:28:31 AM

[ossec-list] Re: 2.8 - Active response on Windows agents not working ?

2016-05-03 Thread Jacob Mcgrath
For me it was the IP checking part of the script on Windows 7 Enterprise... I commented it out for now until I have a little time to rework the checking function... I will post it later when this happens. :: Check for a valid IP ::ECHO "%2" | %WINDIR%\system32\findstr.exe /R

Re: [ossec-list] Anti replay feature

2016-05-03 Thread Zekicker
Thanks to you two !!! :) Le mardi 3 mai 2016 17:15:08 UTC+2, Santiago Bassett a écrit : > > Yes, and on the agents too. I know the agents do not run remoted but they > also use this variable to check counters. > > Santiago Bassett > @santiagobassett > > > On May 3, 2016, at 7:36 AM, dan

Re: [ossec-list] Anti replay feature

2016-05-03 Thread Santiago Bassett
Yes, and on the agents too. I know the agents do not run remoted but they also use this variable to check counters. Santiago Bassett @santiagobassett > On May 3, 2016, at 7:36 AM, dan (ddp) wrote: > >> On Tue, May 3, 2016 at 10:26 AM, Zekicker wrote: >>

Re: [ossec-list] Anti replay feature

2016-05-03 Thread dan (ddp)
On Tue, May 3, 2016 at 10:26 AM, Zekicker wrote: > Hi, > > Is it possible to disable the anti-replay feature of OSSEC ? > > I need to deploy and delete some VMs on demand. All must be automatic. > > Do you have an idea to di it simple ? > I believe you can set

[ossec-list] Anti replay feature

2016-05-03 Thread Zekicker
Hi, Is it possible to disable the anti-replay feature of OSSEC ? I need to deploy and delete some VMs on demand. All must be automatic. Do you have an idea to di it simple ? regards, -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To

[ossec-list] Re: Ossec & Windows mass deployment and server based agent config?

2016-05-03 Thread Jacob Mcgrath
Thanks peps for the info, digging into it as we speak On Thursday, April 28, 2016 at 6:57:30 AM UTC-5, Jacob Mcgrath wrote: > > I have a 200-300 workstation network and roughly 60-80 servers in either > heavy metal or virtual clusters. > > > From what I read I can use a .cvs file with hostnames

[ossec-list] Re: Ossec & Windows mass deployment and server based agent config?

2016-05-03 Thread Jesus Linares
Hi, it seems that* full command* cannot be used in the agent.conf: - command and full_command cannot be used in the agent.conf, and must be configured in each system’s ossec.conf. (Documentation

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-03 Thread Robert Micallef
Good to know for next time maybe. Thanks a lot. On Monday, May 2, 2016 at 5:14:39 PM UTC+2, dan (ddpbsd) wrote: > > The steps to submit the PR should basically be the following: > 1. Fork the repository on github (fork button in the top right of the > page) > 2. Clone your fork (git clone