Thanks, I missed that!
On Mon, Jun 5, 2017 at 8:00 AM, wrote:
> Hi,
> Thanks for adding my suggestion, but:
>
> On page: The Administrators group may not be present on non-English copies
> of #1137 is:
> - system("echo y|cacls * /T /G Administrators:f ");
> + system("echo
Hi!
What is the cleanest and easiest way to updates rules and signatures of
attacks and threats in ossec? I'm looking maybe for a command I could use
to automate it. When I execute bin/manage_agents -V (to obtain version), I
get this:
OSSEC HIDS v2.8.3 - Trend Micro Inc.
According to the
Thanks, it worked!
On Wednesday, June 7, 2017 at 3:39:34 PM UTC-4, dan (ddpbsd) wrote:
>
>
>
> On Jun 7, 2017 2:09 PM, "sandaway"
> wrote:
>
> I really need some help. It looks my OSSEC setup, a server and two
> clients, could not run active response properly. From
> the
On Jun 7, 2017 2:09 PM, "sandaway" wrote:
I really need some help. It looks my OSSEC setup, a server and two clients,
could not run active response properly. From the active-responses.log, the
firewall-drop.sh command runs either on server or clients, depending on the
I
Thanks that helped a lot and definitely speed it up. We went from several
hours to 4 minutes now. This includes our entire webapp
Is there a way to speed up rootcheck? That is the longest part of the scan
that takes 15 minutes now, so the whole process takes approx 20 minutes now.
But I
I really need some help. It looks my OSSEC setup, a server and two clients,
could not run active response properly. From the active-responses.log, the
firewall-drop.sh command runs either on server or clients, depending on the
I set as in the following example.
firewall-drop
Hi,
After running "/var/ossec/bin/agent_control -l " there are several
servers/agents status is showing as "Disconnected".
Process I have followed to fix this:-
/var/ossec/bin/agent_control -l | grep Disconnected
output:- ID: 1042, Name: rungps-nightly.networkfleet.com, IP: any,
Hi Fernando,
Thanks for looking in to solution. I guess you mean to say that to delete
files inside ./ossec/queue/ride in agent and corresponding from server. If
this is the case, then, it didn't worked in my case. Solution provided by
Jose is able to deal with my problem.
Regards
Prakash
On
Hi Jose,
Thanks for sharing the solution. This is working. I don't see this issue
till the time I have implemented. I'll keep you posted if I come across any
issue.
Regards
Prakash
On Tuesday, June 6, 2017 at 3:31:25 PM UTC-7, jose wrote:
>
> Hi Prakash
>
> Try set to 0 (now you should have
Hi John,
there is a way to speed up syscheck. By default *syscheck sleeps 2 seconds
each 15 files*. This avoid packet loss due to UDP. You can overwrite this
configuration in *local_internal_options.conf*:
$ nano /var/ossec/etc/local_internal_options.conf
syscheck.sleep=1
Hi John
You cannot speed the syscheck, but you can always add the option *realtime*
for your more important folders, with this option you will have the alerts
in “real time” :)
https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html?highlight=realtime
Regards
Thanks I did find it that did help,
I had two more questions not sure if I should start another thread:
I had frequency set on the agents to:
7200
I looked in the ossec.log and it never kicked off, and it has been 15 hours
since the last scan finished. I restarted the agent and it kicked off
Hi,
I am using ossec 2.8.3, but in 2.9.0 dovecot-aborted decoder was fixed,
thanks.
Regards
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Hi, This disable the RIDS counter I think that a better option is remove
the RID counter in the server and the agent.
El miércoles, 7 de junio de 2017, 0:31:25 (UTC+2), jose escribió:
>
> Hi Prakash
>
> Try set to 0 (now you should have 1) the option *remoted.verify_msg_id*
> in
Hi,
what fields do you need?.
Dec 19 17:20:08 ny dovecot: pop3-login: Aborted login (auth failed, 2
attempts in 18 secs): *user*=, method=PLAIN, *rip*=1.2.3.4, *lip*=1.2.
3.4, session=
**Phase 1: Completed pre-decoding.
full event: 'Dec 19 17:20:08 ny dovecot: pop3-login: Aborted login
15 matches
Mail list logo