Re: [ossec-list] Re: custom decoder kernelmon syslog-ng

On Wed, Apr 25, 2018 at 1:58 PM, Jacob Mcgrath wrote: > Do agent-less syslog's for ossec change on there delivery to the ossec > server? These are syslogs being sen t to ossec. > I don't think so, but maybe I don't understand the question. Since I'm at a computer,

[ossec-list] Re: custom decoder kernelmon syslog-ng

Do agent-less syslog's for ossec change on there delivery to the ossec server? These are syslogs being sen t to ossec. On Wednesday, April 25, 2018 at 11:34:07 AM UTC-5, Jacob Mcgrath wrote: > > This is the log sent to ossec: > > Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc READ

[ossec-list] Pivoting in Windws Server

Hi everibody… Can the rootchek function detect pivoting in Windows Server 2008 or 2003? I got Ossec 2.8.3 win32 agent… -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from

Re: [ossec-list] Re: custom decoder kernelmon syslog-ng

On Wed, Apr 25, 2018, 1:11 PM dan (ddp) wrote: > > > On Wed, Apr 25, 2018, 12:37 PM Jacob Mcgrath > wrote: > >> tried these with no result: >> >> >> kernelmon >> ^TS5400R33A >> >> >> >> iptables >> ^TS5400R33A >> >> >> > The parent

Re: [ossec-list] Re: custom decoder kernelmon syslog-ng

On Wed, Apr 25, 2018, 12:37 PM Jacob Mcgrath wrote: > tried these with no result: > > > kernelmon > ^TS5400R33A > > > > iptables > ^TS5400R33A > > > The parent decoder will always be displayed. For your decoders to really do anything, they will need to

[ossec-list] Re: custom decoder kernelmon syslog-ng

tried these with no result: kernelmon ^TS5400R33A iptables ^TS5400R33A On Wednesday, April 25, 2018 at 11:34:07 AM UTC-5, Jacob Mcgrath wrote: > > This is the log sent to ossec: > > Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc READ 50030496 1 > > If I run threw logtest i

[ossec-list] custom decoder kernelmon syslog-ng

This is the log sent to ossec: Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc READ 50030496 1 If I run threw logtest i get iptables as the final decoder: **Phase 1: Completed pre-decoding. full event: 'Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc READ 50030496 1'

Re: [ossec-list] Ossec Problem: email_alert_level not being honored. Alert level 3 received in mail.

Thanks, Josh! субота, 14 липня 2007 р. 01:13:41 UTC+3 користувач Josh Drummond написав: > > Check out "alert_by_email" in your rules/ossec_rules.xml > > At 12:22 PM 7/13/2007, Frank Spierings wrote: > > >Hi people, > > > >I have a problem with my OSSEC server. > >The ossec.conf is pretty default.

Re: [ossec-list] ossec-logcollector(1103): ERROR [(9)-(Bad file descriptor)]. Can't get my OSSEC agent to monitor my Windows logs.

Hi Patrik and Dan, I wonder if this issue may be related to the file path. *C:\ProgramData\GlobalSCAPE\**EFT Server Enterprise/Logs* sounds to be a directory. Could you confirm that? The *localfile* configuration for logs supports paths or patterns to files only. If you want to follow all the