Hello, i have message with character "`". But i can't write rule with such
character. \. -> For anything not working and i can't find this character
in \p -> ()*+,-.:;<=>?[]!"'#$%&|{} (punctuation characters)
Thanks for any help
--
---
You received this message because you are subscribed to
That's perfect, exactly what I needed to know! Thank you!
On Tuesday, July 11, 2017 at 3:58:37 AM UTC-4, Victor Fernandez wrote:
>
> Hi Robert,
>
> OSSEC should take these settings independently:
>
>- Configuration A will send alerts with level 8 or higher.
>- Conf
This was a little unclear to me after reading the documenation and
searching around...pardon if it's been asked and answered, I simply have
not found it.
We have a single server we want to send syslog output to, however, we also
want to have different levels for some alerts. Would it be as
I am having issues installing on Solaris 10 (i.e. Solaris 10 8/11
s10s_u10wos_17b SPARC) and am getting the error below when it tries to
finish the install.
5- Installing the system
- Running the Makefile
make: Fatal error in reader: Makefile, line 4: Unexpected end of line seen
Error 0x5.
Good to know for next time maybe. Thanks a lot.
On Monday, May 2, 2016 at 5:14:39 PM UTC+2, dan (ddpbsd) wrote:
>
> The steps to submit the PR should basically be the following:
> 1. Fork the repository on github (fork button in the top right of the
> page)
> 2. Clone your fork (git clone
Third time's the charm. Is PR #821 ok?
On Monday, May 2, 2016 at 4:15:55 PM UTC+2, dan (ddpbsd) wrote:
>
> On Mon, May 2, 2016 at 10:12 AM, Robert Micallef <rober...@gmail.com
> > wrote:
> > I'm sorry about that. I never used github before. I didn't know P and h
&g
.
On Monday, May 2, 2016 at 4:02:08 PM UTC+2, dan (ddpbsd) wrote:
>
> On Mon, May 2, 2016 at 9:57 AM, Robert Micallef <rober...@gmail.com
> > wrote:
> > Hi Dan,
> >
> > Created PR #819. I hope I chose the correct branches..
> >
>
> Thanks for submitt
Hi Dan,
Created PR #819. I hope I chose the correct branches..
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For
Couple things I noticed..
I would use a .cmd, not .bat as I seem to vaguely remember a .cmd must be
used.. it works now for me.
Next, the shared command executable must be put in the server /shared directory
and will be replicated to the correct client side folder.
Lastly, why not use "auto
No problem. Thanks to you for OSSEC. It is a lifesaver. Just had this
happen in RHEL 6 too, so as you said it could happen on other operating
systems.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop
ittwoch, 20. April 2016 09:12:29 UTC+2 schrieb Robert Micallef:
>>
>> I added custom rules to alert if space is over 90%.
>>
>> On 20 April 2016 at 02:16, Santiago Bassett <santiago...@gmail.com>
>> wrote:
>>
>>> Out of curiosity, what is the rul
ithub.com/ossec/ossec-hids/blob/a7ca63d6d074f2f6bdb49f4bc79a054c31dcafc7/etc/rules/ossec_rules.xml#L137
>
> On Mon, Apr 18, 2016 at 2:07 AM, Robert Micallef <robertm...@gmail.com>
> wrote:
>
>> I tested it on CentOS 5 and the output of df is as expected (Single line).
>&g
For anyone who encounters this issue where disk usage alerts are not
working on Redhat 5, the issue is that in RHEL5 'df -h' output is
multiline.
You can easily fix it by modifying the ossec agent conf. Modify the 'df -h'
to 'df -Pkh' and add an alias.
command
df -Pkh
df -h
Thanks Pedro. This does help and gives me a few ideas to work with.
Cheers!
Rob B.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Hey Guys,
I have been running the latest OSSEC 2.83 with a Wazuh fork upgrade. I have
performed the Wazuh auto update with the .py script. All works well, thanks
guys.
I have simply noticed recently that I can not make use of my favorite sysmon
based correlations because I am not able to
OK, after I got fed up I refreshed the VmWare agent and restarted the
server => everything smooth atm.
Unfortunately, i have no idea which action solved the problem.
Robert
2016. február 29., hétfő 12:03:00 UTC+1 időpontban Robert a következőt írta:
>
> OK, this is insane, while the
>
> OK, this is insane, while the logs says client is connected more and more
> client shows as "Incative".
>
As you suggested i turned on debug, and could not see any duplicated
client.
Robert
> >
>
> Turn on debugging on the server (`/var/ossec/bin/oss
)
No error message, and also no error message on the server side.
tcpdump shows correct communication between the agent and the server
I am getting fed up with this :)
Any thoughts?
Robert
2016. február 3., szerda 20:57:59 UTC+1 időpontban Pedro S a következőt
írta:
>
> Hi,
>
>
ossec-remoted(1403): ERROR: Incorrectly formated message from
'192.168.8.43'.*
As i checked the client information on the server side and client side are
the same, everything looks correct.
Do you have any idea what could cause the problem?
Thanks, Robert
--
---
You received this message becau
ERROR: Incorrectly formated message
from '192.168.8.43'*.
I have no clue why this is not working. I am using 2.8.3 version (server
and agent).
As i checked the client information on the server and the client is the
same.
Are you have any idea what the hack wrong?
Thanks, Robert
--
---
You re
Hi Eero
I already tried that...few times :)
2016. február 2., kedd 18:23:57 UTC+1 időpontban Eero Volotinen a
következőt írta:
>
> Key is incorrect ? Try deleting old key and re adding agent?
> 2.2.2016 6.41 ip. "Robert" <sandb...@gmail.com > kirjoitti:
>
&g
Hi Jose,
Yes, same ID, basically this is a new agent (it uses an old server's IP,
but i deleted the old agent and created a new one).
Tried to modify remoted.verify_msg_id=1 to 0 -> restart, but nothing
changed :S
Robert
2016. február 2., kedd 18:36:58 UTC+1 időpontban jose a követke
Hi,
I have a regex on a file that I don't want notifications on, but I still
get it from time to time.
The rule is:
health_check\.json$
But the notification sends me:
...Current SHA1: 'b581747614fbc96078f4286144eb6823fd74e818'; Integrity
checksum changed for:
The decoder mentioned earlier sometimes picked the wrong thing. This so far
is working well:
ossec
'ntp-alert':\.+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+
^(\p\d\d\d\d)|(\d\d\d\d)
extra_data
--
---
You received this message because you are subscribed to the Google Groups
and rule as required.
I just wanted to put this out there in case anyone has similar problems.
Thanks,
Robert
On Wednesday, November 4, 2015 at 5:30:25 PM UTC+1, dan (ddpbsd) wrote:
>
>
> On Nov 4, 2015 11:08 AM, "Robert Micallef" <rober...@gmail.com
> > wrote
polling server every 1024 s
This I could create a decoder for but the output is so inaccurate that this
is useless.
Does anyone know how this can be done please?
Thanks,
Robert
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To u
a user I need to get an alert for that.
Thanks
Robert
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com
it's job again.
The OSSEC Log Rotation routine must have some limitations on file size.
Thanks for all your help.
Robert
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: Wednesday, September 16, 2015 12:36 PM
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Farnsworth, Robert
Sent: Tuesday, September 15, 2015 4:16 PM
To: ossec-list@googlegroups.com
Subject: RE: FW: [ossec-list] Re: Log Rotation issues
No that is not what I did I will do that now
@googlegroups.com
Subject: Re: FW: [ossec-list] Re: Log Rotation issues
On Wed, Sep 16, 2015 at 8:50 AM, Farnsworth, Robert <robert.farnswo...@hpe.com>
wrote:
> The only error I see from analysisd is the read error's. One of them is the
> Ossec Manager.
>
> Here is a sample.
>
> 2
Subject: Re: FW: [ossec-list] Re: Log Rotation issues
On Tue, Sep 15, 2015 at 4:00 PM, Farnsworth, Robert <robert.farnswo...@hpe.com>
wrote:
> If I did that correctly here's what I received in ossec.log
>
> 2015/09/15 15:57:30 ossec-analysisd: RootcheckInit completed.
> 2015/09
2:16 PM
To: ossec-list@googlegroups.com
Subject: Re: FW: [ossec-list] Re: Log Rotation issues
On Tue, Sep 15, 2015 at 1:53 PM, Farnsworth, Robert
<robert.farnswo...@hpe.com<mailto:robert.farnswo...@hpe.com>> wrote:
> Plenty of inodes left.
>
Awesome. Looking at it furt
)
Sent: Tuesday, September 15, 2015 1:52 PM
To: ossec-list@googlegroups.com
Subject: Re: FW: [ossec-list] Re: Log Rotation issues
On Tue, Sep 15, 2015 at 1:24 PM, Farnsworth, Robert <robert.farnswo...@hpe.com>
wrote:
> The archives are generally empty. Although I have had a few
Re: FW: [ossec-list] Re: Log Rotation issues
On Tue, Sep 15, 2015 at 12:39 PM, Farnsworth, Robert
<robert.farnswo...@hpe.com<mailto:robert.farnswo...@hpe.com>> wrote:
> OSSEC and OS version below.
>
>
>
> Results of lsattr /var/ossec/logs/alerts/alerts.log
>
>
>
ossec-monitord: INFO: Started (pid: 2484).
2015/09/15 12:10:36 ossec-monitord: INFO: (unix_domain) Maximum send buffer set
to: '124928'.
-Original Message-
From: Farnsworth, Robert
Sent: Tuesday, September 15, 2015 12:09 PM
To: ossec-list@googlegroups.com
Subject: RE: FW: [ossec-list] Re
Thanks, yes it is running, I’ll try the debug option.
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Brent Morris
Sent: Tuesday, September 15, 2015 11:22 AM
To: ossec-list
Subject: [ossec-list] Re: Log Rotation issues
Hi Robert,
Is ossec-monitord running
Morris
Sent: Tuesday, September 15, 2015 11:22 AM
To: ossec-list
Subject: [ossec-list] Re: Log Rotation issues
Hi Robert,
Is ossec-monitord running? This process takes care of the log rotations. I
would restart it with the -d option to run it in debug mode to see if it can
give you more info
[mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: Tuesday, September 15, 2015 12:07 PM
To: ossec-list@googlegroups.com
Subject: Re: FW: [ossec-list] Re: Log Rotation issues
On Tue, Sep 15, 2015 at 11:57 AM, Farnsworth, Robert
<robert.farnswo...@hpe.com> wrote:
> Ran ossec-mo
, Sep 15, 2015 at 12:15 PM, Farnsworth, Robert
<robert.farnswo...@hpe.com<mailto:robert.farnswo...@hpe.com>> wrote:
> I may have run the debug wrong the first time.
>
> This is what I get with all processes running then running
> ossec-monitord -d
>
> 2015/09/15
Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: Tuesday, September 15, 2015 3:18 PM
To: ossec-list@googlegroups.com
Subject: Re: FW: [ossec-list] Re: Log Rotation issues
On Tue, Sep 15, 2015 at 2:46 PM, Farnsworth, Robert
Nobody has had an issue like this? Any help would be appreciated.
From: Farnsworth, Robert
Sent: Monday, September 14, 2015 11:10 AM
To: ossec-list@googlegroups.com
Subject: Log Rotation issues
It is my understanding that the alerts.log file should get zero'd out after the
log rotation process
hi,all
i user tencent's Enterprise email service,and the server must Login
authentication can send mail,so how can i do?
2015/09/09 18:04:50 os_sendmail(1764): WARN: Mail from not accepted by
server
2015/09/09 18:04:50 ossec-maild(1223): ERROR: Error Sending email to
183.57.48.39 (smtp
:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: HOSTNAME$ Source
Workstation: HOSTNAME Error Code: 0xc064
!-- 100055 Filter out HOSTNAME --
rule id=100055 level=0
if_sid18153/if_sid
match HOSTNAME /match
descriptionEvents ignored/description
/rule
Thanks
Robert
--
---
You
Rotation Failing
On Jul 22, 2015 7:50 AM, Farnsworth, Robert
robert.farnswo...@hp.commailto:robert.farnswo...@hp.com wrote:
Yes, ossec-monitord is running ossec31115 1 0 Jul21 ?
00:01:17 /var/ossec/bin/ossec-monitord
I think monitord runs as ossecm. Maybe try changing the owner
.log.sum
-rw-r-. 2 ossec ossec 3597332480 Jul 22 11:30 ossec-alerts-22.log
Thanks
Robert
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr
% /opt
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: Wednesday, July 22, 2015 7:42 AM
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] OSSEC Log Rotation Failing
On Jul 22, 2015 7:38 AM, Farnsworth, Robert
robert.farnswo
descriptionEvents ignored/description
/rule
Thanks
Robert
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options
Hi Andy,
Not sure if this interests you but just so you know Analogi also works
perfectly with OSSEC v2.8.1.
Once again thanks for providing such a nice interface. Helps a lot.
Thanks,
Robert
On 31 January 2013 at 15:48, Robert Micallef robertm...@gmail.com wrote:
Hi Andy,
It could have
Thanks for the reply. I created a pull request. I hope I chose the right
options. I chose Stable as base and master to compare.
What are notify_time and time_reconnect currently used for then? Wouldn't
the agents automatically try to reconnect in case of a problem?
--
---
You received this
to mark an agent as disconnected.
Can anyone help?
Thanks,
Robert
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com
Hello,
I'm having a little problem getting the client/agent running on CentOS7.
It installed and is running fine on another CentOS7 box as ossec-server.
I got it installed using these 3 files:
inotify-tools-3.14-8.el7.x86_64.rpm
ossec-hids-2.8.1-47.el7.art.x86_64.rpm
McKennon
On Monday, November 3, 2014 4:11:14 PM UTC-5, Robert Mckennon wrote:
Hello,
I'm having a little problem getting the client/agent running on CentOS7.
It installed and is running fine on another CentOS7 box as ossec-server.
I got it installed using these 3 files:
inotify-tools
go easy.
Thanks
Robert
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https
with the export CC. If you
do get a lot of errors reply here with the full log again.
On Oct 3, 2014, at 10:45 AM, dan (ddp) ddp...@gmail.com wrote:
On Fri, Oct 3, 2014 at 10:23 AM, Farnsworth, Robert
robert.farnswo...@hp.com wrote:
Using built-in specs.
Target: ia64-hp-hpux11.31
Thanks very much, I've added the rule. Appreciate the assistance!
On Sat, Oct 4, 2014 at 9:30 AM, Michael Starks ossec-l...@michaelstarks.com
wrote:
On 10/04/2014 05:30 AM, Jan Andrasko wrote:
Rob,
issue with your rule was that this string is not part of url. It is
usually in place of
Team, trying to install ossec 2.8.1 on HP-UX getting the following install
error any suggestions? The error is at the bottom.
HP-UX xx B.11.31 U ia64 1044109236 unlimited-user license
5- Installing the system
- Running the Makefile
*** Making zlib (by Jean-loup Gailly and Mark Adler) ***
@googlegroups.com
Subject: Re: [ossec-list] install error on HP-UX
On Fri, Oct 3, 2014 at 10:13 AM, Farnsworth, Robert robert.farnswo...@hp.com
wrote:
Team, trying to install ossec 2.8.1 on HP-UX getting the following install
error any suggestions? The error is at the bottom.
HP-UX xx B
Michael, I'm not sure of anything, which is why I posted :)
I'm going to try Jan's suggestion using Regex.
On Friday, October 3, 2014 10:31:32 AM UTC-4, Michael Starks wrote:
On 2014-10-02 8:08, Robert Moerman wrote:
Hello,
I've been trying to write a rule to detect CGI-based
Hello,
I've been trying to write a rule to detect CGI-based shellshock attacks via
the apache log parser, but I find the signature doesn't fire (even when I
see the string in the apache logs):
*Detect () { :; }; in url string*
rule id=12 level=13
if_sid31100/if_sid
url() {
Hi, ALL
I realize this may have been answered in the past, but really couldn't find
anything that I liked.
What is the easiest way to uninstall an OSSEC on Redhat, I installed with
install.sh version 2.8.1
Is there an uninstall script available?
Thanks
Robert
--
---
You received
I have some stale servers that remain in my list_agents -n output, any way to
refresh this list?
The servers have been remove with the manage_agent tool/command, but still
remain in the output of list_agents -n
--
---
You received this message because you are subscribed to the Google
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] list_agents -n output - stale servers
On Jul 11, 2014 10:09 AM, Farnsworth, Robert
robert.farnswo...@hp.commailto:robert.farnswo...@hp.com wrote:
I have some stale servers that remain in my list_agents -n output, any way to
refresh this list
@googlegroups.com
Subject: Re: [ossec-list] Production OSSEC Agents are not connected - false
Error
On Wed, Jul 9, 2014 at 10:34 AM, Farnsworth, Robert
robert.farnswo...@hp.commailto:robert.farnswo...@hp.com wrote:
Hi, we have an issue where we continue to get this unconnected error in OSSEC
even though we
: FW: [ossec-list] Production OSSEC Agents are not connected - false
Error
On Thu, Jul 10, 2014 at 8:23 AM, Farnsworth, Robert robert.farnswo...@hp.com
wrote:
I guess more of false positive.
This is the message that we get even though as stated we have removed
the agents from OSSEC through
- false
Error
On 2014-07-10 7:38, Farnsworth, Robert wrote:
Yes it comes from an e-mail alert. I'll check out the client.keys
Thanks, for the reply.
This must be coming from something other than OSSEC. Do you use the Atomic
version or Alien Vault?
--
---
You received this message because
time every day? Perhaps someone setup a cron
job to look at the output of 'agent_control -l' and parse the disconnected
agents into an email?
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com]
On Behalf Of Farnsworth, Robert
Sent: Thursday, July
from reoccurring?
PLEASE NOTE: There are un-connected OSSEC Agents that should be connected.
Please investigate if this is an unplanned outage.
Re-boots of Windows and Solaris servers may temporarily cause entries on this
list.
Thanks
Robert
--
---
You received this message because you
are not connected - false
Error
On Wed, Jul 9, 2014 at 10:34 AM, Farnsworth, Robert
robert.farnswo...@hp.commailto:robert.farnswo...@hp.com wrote:
Hi, we have an issue where we continue to get this unconnected error in OSSEC
even though we have removed the agents from OSSEC through the manage_agents
tool
Hello, all. Can you please assist me with a way to exclude a user account
from the following? Meaning, if user matches “automatedAccount” do not
return log information.
group name=
rule id=90 level=10
if_sid18104/if_sid
is based on 32bit.
Thank you for your help.
Best Regards
Robert
--
---
You received this message because you are subscribed to the Google
Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to ossec-list
I opened install.sh via mouseclick run on terminal.
After pressing enter for choosing default language - the terminal closes.
Same happens if i open it via exec ./install.sh
i don't know how to open it as root. Maybe you can help me ?
The virtual appliance is based on CENT OS
, 2013 at 3:29 PM, Robert Micallef robertm...@gmail.com
wrote:
Yes but all from log monitoring. But I checked just now, and it has been
running for some time now and I still can't see an alert. One thing I
noticed is that without the custom decoder and having the rule set to
match
I can't figure out why it's not working.
Thanks again.
On 27 December 2013 16:13, dan (ddp) ddp...@gmail.com wrote:
On Fri, Dec 27, 2013 at 10:00 AM, Robert Micallef robertm...@gmail.com
wrote:
Hi Dan,
Thanks for the feedback. I cannot figure out how to get the decoder to
work
, Robert Micallef robertm...@gmail.com
wrote:
Hi Dan,
Thanks for your help so far. I have tried searching before asking again
and
as far as I can see this should work.
The decoder works. I used ossec-logtest and up to phase 2, the
percentage is
taken in extra_data
decoder name
(ddp) ddp...@gmail.com wrote:
On Mon, Dec 30, 2013 at 9:34 AM, Robert Micallef robertm...@gmail.com
wrote:
Hi Dan,
Ok fixed finally.
I modified the rule to have ossec as decoder not ossec-mem.
group name=memory-usage
rule id=100080 level=0
decoded_asossec/decoded_as
in a line beneath the log. I don't know if that
makes a difference.
In ossec-logtest I input the following as a single line to test:
ossec: output: 'mem-usage': 71%
On 30 Dec 2013 19:43, dan (ddp) ddp...@gmail.com wrote:
On Mon, Dec 30, 2013 at 1:35 PM, Robert Micallef robertm...@gmail.com
wrote:
Yes
Thanks a lot Dan. That worked like a charm. It didn't cross my mind to grep
only the PID.
I used the check_diff / option and:
ps -ef | grep process-name | awk '{ print $2 }'
It is working well now. Can you also please tell me what I did wrong with
this rule?
I created a script to output the
5:11 AM, Robert Micallef robertm...@gmail.com wrote:
Thanks a lot Dan. That worked like a charm. It didn't cross my mind to
grep only the PID.
I used the check_diff / option and:
ps -ef | grep process-name | awk '{ print $2 }'
It is working well now. Can you also please tell me what
matchossec: output: 'mem-usage':7/match
descriptionHigh Memory Usage/description
/rule
According to ossec-logtest the rule should be triggered, and yet it isn't.
On 27 December 2013 14:57, dan (ddp) ddp...@gmail.com wrote:
On Fri, Dec 27, 2013 at 8:41 AM, Robert Micallef robertm...@gmail.com
wrote
.
Could someone please point me in the right direction?
Thanks,
Robert
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com
Wow no ideas? I tried separating central logging from OSSEC to see if there
was interference. Now the firewall logs to another server. The messages show in
the log but are still not parsed.
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
more useful information.
--Robert C
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https
). What am I missing?
Respectfully,
Robert
smime.p7s
Description: S/MIME cryptographic signature
Thank you for the suggestion. I'll check out ossec-logtest.
Is there a way to get OSSEC to ignore all SIDs that come from an IP range?
This is only one of a large variety of alerts produced by our vulnerability
scanner.
Thanks
--
---
You received this message because you are subscribed to
I would like to stop all email alerts generated by our vulnerability
scanning service.
I've written a rule that looks like this:
rule id=10 level=0
srcip1.1.96.0/20/srcip
descriptionVulnerability Scanner/description
/rule
I'm still getting alerts from that IP range. For example:
You're right it worked! Thanks a lot.
Although now I am getting false alerts (Disconnections) when changed to 120
seconds. I know it works 3*NOTIFY_TIME so that would be 6 minutes. I will
try 12 minutes next.
Thanks,
Robert
On Wednesday, June 19, 2013 3:46:30 PM UTC+2, dan (ddpbsd) wrote
if I have to rebuild OSSEC to perform the necessary change.
I have searched various manuals and they all report a 30 minute delay until
the server declares an agent to be dead. On the other hand all the
documents I found are more than a year old.
I would appreciate any help.
Thanks a lot,
Robert
was that this might affect the current
installation. I will test as best I can before implementing this on the
live system. Thanks a lot for your answers.
Robert
On Thursday, June 6, 2013 12:53:05 AM UTC+2, Michael Starks wrote:
On 05.06.2013 11:43, Michael Starks wrote:
On 05.06.2013 08:48, dan
to make
sure that the system continues running normally after this process.
As it stands I have multiple agents reporting, custom UI, MySQL DB
connectivity, modified rules and configs. Is it possible to rebuild with
this change and then keep the system running as before?
Thanks a lot.
Robert
On Thu, Mar 14, 2013 at 11:55 AM, shai singh sha...@gmail.com wrote:
Hi,
Can anyone suggest where and how to install centos 6.3 using the
yum method or should I install it manually?
I always installed manually. I had issues with 2.6 and false alerts on
netstat, so you probably want the
-list] Newish to Ossec with question
On Mon, Mar 11, 2013 at 4:41 PM, Rhoads, Robert W.
rhoa...@ci.danville.va.us wrote:
Here is an example of an alert I would think would be emailed out given its
alert level (substitutions made to protect data):
** Alert 1363025973.366006859: mail - ids,fts
@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: Monday, March 11, 2013 4:06 PM
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] Newish to Ossec with question
On Mon, Mar 11, 2013 at 3:48 PM, Rhoads, Robert W.
rhoa...@ci.danville.va.us wrote:
Hello to everyone
Hi all. We are running ossec 2.7 and sometimes we are not sure which log
file triggered an alert. Is there a way to include the log file that the
triggered the alert in the Portion of the log(s) part of the email body,
or anywhere in the body? I looked at the docs, and also the C source a bit,
server
but didn't check the permissions for the production server since copying
everything worked.
About the time, thanks for that. I see you even left templates yourself :).
So far everything works well. Thank you very much.
Robert
On 30 January 2013 18:04, Andy andymai...@gmail.com wrote:
Hi
,
Robert Rhoads
Network Systems Engineer
rhoa...@ci.danville.va.usmailto:rhoa...@ci.danville.va.us
(434)-773-8223 opt 3
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send
. It doesn't
really make a difference, but I thought you'd want to know about it.
Thanks a lot.
Robert
On Friday, January 18, 2013 2:46:44 PM UTC+1, Andy wrote:
Thanks for the feedback!
Andy
On Thursday, January 17, 2013 1:43:24 PM UTC, Robert Micallef wrote:
Hi Andy,
I tested the GUI
Hi Andy,
Just FYI I replaced the files for the GUI with the ones we were using in
the old server and now everything works. I don't know why it didn't work
with the files downloaded from github. Anyway it is working well now.
Thanks for your work.
Robert
On Tuesday, January 29, 2013 12:01:23
Hi Andy,
I tested the GUI with wallboard mode on. It works as expected. I haven't
been able to find any problems.
Robert
On Tuesday, January 8, 2013 1:30:01 PM UTC+1, Andy wrote:
Depending on the config, when wallboard mode is enabled the page should
auto rotate to the next page every x
Hi Andy.
So far everything is ok. I don't use it much. I merely implemented it but
so far it doesn't seem to be giving issues. I fixed the detail.php link.
I will test with wallboard mode on and see if it gives problems. What
should I look for?
Thanks,
Robert
On 31 December 2012 15:46, Andy
Dear Andy,
I just tried this on our test installation for OSSEC 2,7. So far it is
working very well. Thanks for your efforts.
Regards,
Robert
On Wednesday, October 24, 2012 4:08:04 PM UTC+2, techs...@ecsc.co.uk wrote:
Version 1.3 is now out
https://github.com/ECSC/analogi/downloads
Lots
1 - 100 of 113 matches
Mail list logo
