Hi Igor,
It's not possible in a windows package to set the Server IP and Key with
command line.
Which version is your Ossec Manager?
If by chance you are using wazuh, you can follow this article:
https://blog.wazuh.com/automatically-deploying-ossec-to-windows-using-wazuh-api/
i hope it
Hi Daniel,
review *archives.log* to be sure the log is how you expected. Also, check
out *alerts.log* to see the alert. Remember that *ossec-logtest* shows
alerts with level 0, but OSSEC does not or at least it should not.
Regards.
On Friday, January 27, 2017 at 8:00:19 AM UTC-8, Daniel B.
I intend to set up OSSEC and noticed there seem to be two main flavours:
regular *OSSEC* and *Wazuh* fork.
>From what I've been able to gather, the main advantages of Wazuh are:
- its ability to integrate with ELK
- an improved ruleset
- restful API
I have no interest in using ELK
Hello,
I still have some problems with my customes rules.
How to generate 3 differents alerts depending on the messages.
Here are my steps :
1) Add log file to monitor
* Edit the file etc/ossec.conf and add the following lines:
syslog
/var/log/firewall.log
2) Create a decoder
*
2016-07-24 11:43:22,707 INFO [main-EventThread ]
[.m.async.facade.Bootstrap] Became Leader!!! |TAGS|
2016-07-24 11:43:22,707 INFO [main-EventThread ]
[.m.async.facade.Bootstrap] ## Leader election:
*Server
is leader and starting* ##
Hi Guys
I am looking to create a new custom ossec rult to capture specific phrase
in a log.
I have added the required directory to the ossec.conf
monitoring.
LOG Sample:
2016-07-24 11:43:22,707 INFO [main-EventThread ]
[.m.async.facade.Bootstrap] Became Leader!!! |TAGS|
2016-07-24
Hi all!
I have a few datasources sending remote syslog to an OSSIM appliance
running Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I
would like to generate alerts or see in logs if a datasource (ossec-agents
also) lost connection or stopped logging... (eg. misconfiguration