Hi Roberto,
Have you applied the custom mapping?
http://documentation.wazuh.com/en/latest/ossec_elk_elasticsearch.html#ossec-alerts-template
If you have the custom mapping applied, and the template in Logstash, you
need to wait until next day, when the next index is created with the new
mapping
Hi Pedro!
I am using the ossec wazuh, I have a question about indexes.
I had implemented the logstash without using the file "elastic-ossec-
template.json". But I saw it would be good to use it. I am wanting use some
indexes and Kibana shows "Analyzed Field", like "AgentName".
I put the
Hi guys,
I need to get ossec to use a script every time that an alert is fired by
any of my servers.
There is an example of this
in http://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-custom.html
which uses a script on the server when a specific rule is fired.
How can i make that generic,
Hi Dan,
Changing subject a bit, do you know if it's possible to have alerts in
ossec calling a script instead of sending an email directly?
Ta
Laura
On Wednesday, 28 September 2016 16:37:57 UTC+1, Laura Herrera wrote:
>
> Hi Dan,
>
> Yes, thank you, i have been trying to get this working all
Running install.sh in SunOS 5.10 appears the next error message:
5- Installing the system
- Running the Makefile
./Makeall: test: argument expected
*** Error code 1
The following command caused the error:
/bin/sh ./Makeall all
make: Fatal error: Command failed for target `all'
Error 0x5.
I'm wondering if anyone has done an OSSEC Windows SSTP VPN rule?
I want to start tracking and logging them, GEO tracking would be awesome?
Has anyone already done this, or could they suggest a rule?
Thanks!
--
---
You received this message because you are subscribed to the Google Groups
As the title sais, is there a defined best practice for this?
If unattended upgrades runs and upgrades any packages, ossec spams emails
about changed files (as expected). Is there a tried and true method to make
ossec aware that the packages were updated via unattended upgrades so it
doesn't
Hi Dan,
Yes, thank you, i have been trying to get this working all day.
I am running ossec on an ubuntu 14.04 server and i need to be able to email
alerts of course.
I saw in a separate post that ossec actually needs smtp listening on the
local server, and so i decided to use postfix as a
Thanks Josh, I'll give it a go tonight.
I now remember a previous post you mentioned this in. Thanks for reminding
me!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send
Make sure that the file you are writing to is ASCII. I have had issues with
OSSEC reading a file that PS writes to without specifically encoding it as
ASCII... From my Autoruns Normalize script, this is what I am doing:
#Appends the resulting message in ascii (OSSEC Windows Client does not
On Sep 28, 2016 6:42 AM, "Laura Herrera" wrote:
>
> Hi Theresa,
>
> Please can i ask how did you solve this problem?
>
If you're having issues, you could post details and we could try to help.
> Thanks a lot,
> Laura
>
>
> On Monday, 6 July 2015 18:35:50 UTC+1, theresa
Hi Theresa,
Please can i ask how did you solve this problem?
Thanks a lot,
Laura
On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote:
>
> OK, managed to fix this and face-palming myself
>
> i've tweaked the postfix config a bit, enabled the service and there we
> go...
>
Hi Theresa,
Please could you explain how did you solve this?
Might be an epic fail for you, but it might help others :)
Thanks a lot
Laura
On Tuesday, 22 December 2015 10:53:55 UTC, theresa mic-snare wrote:
>
> *FACEPALM*
>
> problem solved.this is too embarrassing :(((
> epic fail!
>
> Am
13 matches
Mail list logo