Re: [ossec-list] Re: reindexing logs

2016-09-28 Thread Jose Luis Ruiz
Hi Roberto, Have you applied the custom mapping? http://documentation.wazuh.com/en/latest/ossec_elk_elasticsearch.html#ossec-alerts-template If you have the custom mapping applied, and the template in Logstash, you need to wait until next day, when the next index is created with the new mapping

[ossec-list] Re: reindexing logs

2016-09-28 Thread roberto . mendonca
Hi Pedro! I am using the ossec wazuh, I have a question about indexes. I had implemented the logstash without using the file "elastic-ossec- template.json". But I saw it would be good to use it. I am wanting use some indexes and Kibana shows "Analyzed Field", like "AgentName". I put the

[ossec-list] Using active-response instead of email alerts

2016-09-28 Thread Laura Herrera
Hi guys, I need to get ossec to use a script every time that an alert is fired by any of my servers. There is an example of this in http://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-custom.html which uses a script on the server when a specific rule is fired. How can i make that generic,

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-28 Thread Laura Herrera
Hi Dan, Changing subject a bit, do you know if it's possible to have alerts in ossec calling a script instead of sending an email directly? Ta Laura On Wednesday, 28 September 2016 16:37:57 UTC+1, Laura Herrera wrote: > > Hi Dan, > > Yes, thank you, i have been trying to get this working all

[ossec-list] OSSEC 2.8.3 in SOLARIS 10 ./MAKEALL ALL failed

2016-09-28 Thread Aj Navarro
Running install.sh in SunOS 5.10 appears the next error message: 5- Installing the system - Running the Makefile ./Makeall: test: argument expected *** Error code 1 The following command caused the error: /bin/sh ./Makeall all make: Fatal error: Command failed for target `all' Error 0x5.

[ossec-list] Windows SSTP VPN rule.

2016-09-28 Thread namobuddhaonion
I'm wondering if anyone has done an OSSEC Windows SSTP VPN rule? I want to start tracking and logging them, GEO tracking would be awesome? Has anyone already done this, or could they suggest a rule? Thanks! -- --- You received this message because you are subscribed to the Google Groups

[ossec-list] What is the best way to make ossec ignore alerts caused by new packages (unatended upgrades)?

2016-09-28 Thread 'James Vernon' via ossec-list
As the title sais, is there a defined best practice for this? If unattended upgrades runs and upgrades any packages, ossec spams emails about changed files (as expected). Is there a tried and true method to make ossec aware that the packages were updated via unattended upgrades so it doesn't

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-28 Thread Laura Herrera
Hi Dan, Yes, thank you, i have been trying to get this working all day. I am running ossec on an ubuntu 14.04 server and i need to be able to email alerts of course. I saw in a separate post that ossec actually needs smtp listening on the local server, and so i decided to use postfix as a

[ossec-list] Re: How to monitor file a Powershell script is writing to

2016-09-28 Thread Brian Kellogg
Thanks Josh, I'll give it a go tonight. I now remember a previous post you mentioned this in. Thanks for reminding me! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send

[ossec-list] Re: How to monitor file a Powershell script is writing to

2016-09-28 Thread DefensiveDepth
Make sure that the file you are writing to is ASCII. I have had issues with OSSEC reading a file that PS writes to without specifically encoding it as ASCII... From my Autoruns Normalize script, this is what I am doing: #Appends the resulting message in ascii (OSSEC Windows Client does not

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-28 Thread dan (ddp)
On Sep 28, 2016 6:42 AM, "Laura Herrera" wrote: > > Hi Theresa, > > Please can i ask how did you solve this problem? > If you're having issues, you could post details and we could try to help. > Thanks a lot, > Laura > > > On Monday, 6 July 2015 18:35:50 UTC+1, theresa

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-28 Thread Laura Herrera
Hi Theresa, Please can i ask how did you solve this problem? Thanks a lot, Laura On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: > > OK, managed to fix this and face-palming myself > > i've tweaked the postfix config a bit, enabled the service and there we > go... >

Re: [ossec-list] ossec-maild Error Sending email to 127.0.0.1

2016-09-28 Thread Laura Herrera
Hi Theresa, Please could you explain how did you solve this? Might be an epic fail for you, but it might help others :) Thanks a lot Laura On Tuesday, 22 December 2015 10:53:55 UTC, theresa mic-snare wrote: > > *FACEPALM* > > problem solved.this is too embarrassing :((( > epic fail! > > Am