Bhaskar, Since you are looking to forward a log file which is local on
the Windows ossec client & not on the Sophos EM server, you can just use
attribute as cited below from ossec documentation. Change the
location & name as needed.
C:\Windows\app\log-%y-%m-%d.log
syslog
On Sat,
Thank you Jacob. Appreciate your help.
On Thu, Apr 5, 2018 at 7:29 AM, Jacob Mcgrath
wrote:
> I have not tested on AD controlled Windows 10 as of yet
>
> He is mine its script base and tails from the sid 530
> https://groups.google.com/forum/#!searchin/ossec-list/
Onion is on 2.8.x while my
client agent is on v 2.9.2 . Can that be an issue ?
Sorry for the duplicate threads regards this error. Please delete the other
ones.
On Thursday, March 29, 2018 at 4:56:05 PM UTC-4, dan (ddpbsd) wrote:
>
>
>
> On Thu, Mar 29, 2018, 4:44 PM Neeraj
Hi Dan i am using Ossec.
On Thursday, March 29, 2018 at 4:52:57 PM UTC-4, dan (ddpbsd) wrote:
>
>
>
> On Thu, Mar 29, 2018, 4:36 PM Neeraj Shah <neeraj...@gmail.com
> > wrote:
>
>> Hello All,
>>
>> I see some discrepancies with regards to location
Hello All,
I see some discrepancies with regards to location of agent.conf file on the
OSSEC server. As per OSSEC official
doc,
https://ossec-docs.readthedocs.io/en/latest/manual/agent/agent-configuration.html
we need to create agent.conf under "/var/ossec/etc/shared/agent.conf ".
However,
Hello All,
Need some help. I am trying out ossec with Security Onion. The ossec
server comes preinstalled in Security Onion. I am now trying the agent
piece. I installed the v2.9.2 latest version agent on one of my Windows
client pc's, did the initial config and restarted the agent. From the
Hello All,
I am trying out Ossec with Security Onion. I manually installed the ossec
windows agent (v.2.9.3) on one of my Windows client pc, did the necessary
config and restarted the service. From the Ossec server, the agent ID
shows connected. So far so good.
Now for centralized agent
Hello All,
Need some help. I am trying out ossec with Security Onion. The ossec
server comes preinstalled in Security Onion. I am now trying the agent
piece. I installed the v2.9.2 latest version agent on one of my Windows
client pc's, did the initial config and restarted the agent. From the
Hi all,
I have configured the win_audit_rcl.txt file on my Windows agent to detect
USB drive as per this URL :
https://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage-with-ossec/
. It is working as expected. I can see the message "USB Drive detected"
make it to the archive.log file
>
> Hi Dan, I went ahead created both, a local_decoder and a corresponding
> rule in local_rules.xml. I then ran the "/var/ossec/bin/ossec-logtest "
> command against my log lines, and it passed the test. The output showed
> Decoder matched and "Alert to be generated" message as shown
10 matches
Mail list logo