On Wed, Apr 25, 2018 at 1:58 PM, Jacob Mcgrath
wrote:
> Do agent-less syslog's for ossec change on there delivery to the ossec
> server? These are syslogs being sen t to ossec.
>
I don't think so, but maybe I don't understand the question.
Since I'm at a computer,
Do agent-less syslog's for ossec change on there delivery to the ossec
server? These are syslogs being sen t to ossec.
On Wednesday, April 25, 2018 at 11:34:07 AM UTC-5, Jacob Mcgrath wrote:
>
> This is the log sent to ossec:
>
> Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc READ
Hi everibody…
Can the rootchek function detect pivoting in Windows Server 2008 or 2003?
I got Ossec 2.8.3 win32 agent…
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from
On Wed, Apr 25, 2018, 1:11 PM dan (ddp) wrote:
>
>
> On Wed, Apr 25, 2018, 12:37 PM Jacob Mcgrath
> wrote:
>
>> tried these with no result:
>>
>>
>> kernelmon
>> ^TS5400R33A
>>
>>
>>
>> iptables
>> ^TS5400R33A
>>
>>
>>
> The parent
On Wed, Apr 25, 2018, 12:37 PM Jacob Mcgrath
wrote:
> tried these with no result:
>
>
> kernelmon
> ^TS5400R33A
>
>
>
> iptables
> ^TS5400R33A
>
>
>
The parent decoder will always be displayed. For your decoders to really do
anything, they will need to
tried these with no result:
kernelmon
^TS5400R33A
iptables
^TS5400R33A
On Wednesday, April 25, 2018 at 11:34:07 AM UTC-5, Jacob Mcgrath wrote:
>
> This is the log sent to ossec:
>
> Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc READ 50030496 1
>
> If I run threw logtest i
This is the log sent to ossec:
Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc READ 50030496 1
If I run threw logtest i get iptables as the final decoder:
**Phase 1: Completed pre-decoding.
full event: 'Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc
READ 50030496 1'
Thanks, Josh!
субота, 14 липня 2007 р. 01:13:41 UTC+3 користувач Josh Drummond написав:
>
> Check out "alert_by_email" in your rules/ossec_rules.xml
>
> At 12:22 PM 7/13/2007, Frank Spierings wrote:
>
> >Hi people,
> >
> >I have a problem with my OSSEC server.
> >The ossec.conf is pretty default.
Hi Patrik and Dan,
I wonder if this issue may be related to the file path.
*C:\ProgramData\GlobalSCAPE\**EFT Server Enterprise/Logs* sounds to be a
directory. Could you confirm that?
The *localfile* configuration for logs supports paths or patterns to files
only. If you want to follow all the