[ossec-list] Re: ISS 7 + 404/200 error decoders/rules..

windows-date-format true ^\d+.\d+.\d+.\d+ GET |^\d+.\d+.\d+.\d+ POST (\S+ \S*) \.* (\d+.\d+.\d+.\d+) \S*\.* (\d\d\d) \S+ \S+ \S+ url,srcip,id On Thursday, May 26, 2016 at 3:33:30 PM UTC-5, Jacob Mcgrath wrote: > > > > Looking to take these logs from two seperate server

[ossec-list] Re: ossec local logfile ignored

The script will write each line as the bash script as the check fails. This log is deleted if first creation is older than 7 days( since the record would remain in Ossec archive). I thought it may be already accessed by the script as it runs every 3-5 mins but do not think this is the cause (

[ossec-list] Re: ossec local logfile ignored

on restart end of log On Friday, June 10, 2016 at 11:12:02 AM UTC-5, Jacob Mcgrath wrote: > > ANy have a issue like this The Ossec server says its not available and > ignores it. But it is thereweird ? > > root@alamo:/home/mis/admin-tools/logs# tail \ ping-domain.log > System Check

[ossec-list] Re: ossec local logfile ignored

Hi Jacob. When does that message appear? I mean, does it happen on OSSEC start, or after a while? Can you see a message like the following, when OSSEC starts? ossec-logcollector(1950): INFO: Analyzing file: > '/home/mis/admin-tools/logs/ping-domain.log` ossec-logcollector(1950): ERROR: Could

[ossec-list] ossec local logfile ignored

ANy have a issue like this The Ossec server says its not available and ignores it. But it is thereweird ? root@alamo:/home/mis/admin-tools/logs# tail \ ping-domain.log System Check Domain Cluster - A appears to be down 06092016 09:50:01 System Check Domain Cluster - A

[ossec-list] Re: OSSEC consultant required

Hi Tahir, Wazuh can help you with your project. Wazuh provides professional services, such as, health-checks, tuning, deployment and configuration and annual support. You can find more information at Wazuh's website: www.wazuh.com Best regards, Alberto On Friday, June 10, 2016 at 6:29:18 AM

[ossec-list] OSSEC consultant required

We are looking for an OSSEC specialist/consultant to do a review of our environment - this would be just to make sure that everything is tuned and optimised correctly. And if needed then offer advice for ways of improving our implementation of OSSEC in our environment. This would be just a

[ossec-list] Re: Ossec - ping servers with alert on failure

np On Thursday, June 2, 2016 at 6:48:13 AM UTC-5, Jacob Mcgrath wrote: > > Was wondering on the best route/option to accomplish this? > > > (similar to the USB storage detection) > > Was thinking about a batch or bash that would ping servers from a list to > a file. That every so many minute

Re: [ossec-list] Re: Ossec - ping servers with alert on failure

On Fri, Jun 10, 2016 at 7:48 AM, Jacob Mcgrath wrote: > ok ok I see what you are talking about > Yeah, sorry for not being more clear. The decoded_as field is only populated with the parent decoder, not children. > On Thursday, June 2, 2016 at 6:48:13 AM UTC-5,

[ossec-list] Re: Ossec - ping servers with alert on failure

ok ok I see what you are talking about On Thursday, June 2, 2016 at 6:48:13 AM UTC-5, Jacob Mcgrath wrote: > > Was wondering on the best route/option to accomplish this? > > > (similar to the USB storage detection) > > Was thinking about a batch or bash that would ping servers from a list to

[ossec-list] Re: Syslog Server Help

Hi, Thanks for the advices David and Santiago. I am checking these possibilities to achieve my goal. I think I will need to come back at a later point hoping for your help again. :) Once again, Thank you! Bhuvanesh On Friday, May 6, 2016 at 1:49:36 PM UTC+5:30, Bhuvanesh Bhuvanachandran