Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-03 Thread Robert Micallef
Good to know for next time maybe. Thanks a lot. On Monday, May 2, 2016 at 5:14:39 PM UTC+2, dan (ddpbsd) wrote: > > The steps to submit the PR should basically be the following: > 1. Fork the repository on github (fork button in the top right of the > page) > 2. Clone your fork (git clone

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread dan (ddp)
On Mon, May 2, 2016 at 10:49 AM, dan (ddp) wrote: > On Mon, May 2, 2016 at 10:36 AM, Robert Micallef wrote: >> Third time's the charm. Is PR #821 ok? >> > > At a glance, I don't see the df changes in it. I'll try to take a > better look in a bit. > The

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread dan (ddp)
On Mon, May 2, 2016 at 10:36 AM, Robert Micallef wrote: > Third time's the charm. Is PR #821 ok? > At a glance, I don't see the df changes in it. I'll try to take a better look in a bit. > > On Monday, May 2, 2016 at 4:15:55 PM UTC+2, dan (ddpbsd) wrote: >> >> On Mon, May

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread Robert Micallef
Third time's the charm. Is PR #821 ok? On Monday, May 2, 2016 at 4:15:55 PM UTC+2, dan (ddpbsd) wrote: > > On Mon, May 2, 2016 at 10:12 AM, Robert Micallef > wrote: > > I'm sorry about that. I never used github before. I didn't know P and h > are > > incompatible for

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread Robert Micallef
I'm sorry about that. I never used github before. I didn't know P and h are incompatible for OpenBSD. But I think the rule should still work by just modifying . So how can I fix the PR? Do I close it and try opening it again? I cannot find where to edit anything apart from the title. On

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread Robert Micallef
Hi Dan, Created PR #819. I hope I chose the correct branches.. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread dan (ddp)
On Mon, May 2, 2016 at 9:57 AM, Robert Micallef wrote: > Hi Dan, > > Created PR #819. I hope I chose the correct branches.. > Thanks for submitting that, but I left a comment in the PR. New changes should be against MASTER, and the "h" and "P" flags are incompatible

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-04-29 Thread dan (ddp)
On Fri, Apr 22, 2016 at 4:29 AM, Victor Fernandez wrote: > I think the problem is the option "-h", because it introduces arbitrary line > feeds in order to be more readable by people, but it makes more difficult to > decode. This happened in RHEL5 but it can happen at any system

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-04-22 Thread Victor Fernandez
I think the problem is the option "-h", because it introduces arbitrary line feeds in order to be more readable by people, but it makes more difficult to decode. This happened in RHEL5 but it can happen at any system with a long filesystem path. "-P" is an interesting option to preserve

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-04-20 Thread Robert Micallef
Sure. Current rule: 530 ossec: output: 'df -h': /dev/ 100% Partition usage reached 100% (disk space monitor). low_diskspace, Leave that rule for 100% (so you don't modify the original rules). In local_rules add: 530 ossec: output: 'df -h': /dev/ 9\d%

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-04-20 Thread theresa mic-snare
cool, would you mind sharing those custom rules with us? the threshold (over 90%) one is specifically appealing to me :) Am Mittwoch, 20. April 2016 09:12:29 UTC+2 schrieb Robert Micallef: > > I added custom rules to alert if space is over 90%. > > On 20 April 2016 at 02:16, Santiago Bassett

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-04-20 Thread Robert Micallef
I added custom rules to alert if space is over 90%. On 20 April 2016 at 02:16, Santiago Bassett wrote: > Out of curiosity, what is the rule supposed to trigger the alert? The one > is see by default looks for full partitions... > > >

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-04-19 Thread Santiago Bassett
Out of curiosity, what is the rule supposed to trigger the alert? The one is see by default looks for full partitions... https://github.com/ossec/ossec-hids/blob/a7ca63d6d074f2f6bdb49f4bc79a054c31dcafc7/etc/rules/ossec_rules.xml#L137 On Mon, Apr 18, 2016 at 2:07 AM, Robert Micallef

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-04-16 Thread Daniel Cid
Curious how was that not working. Can you give some details? By default, it will send each line as a separated log message and we have rules to alert if any of the entries are over 95% utilization. Have the original running here on Centos 5,6 and 7 without any issues. thanks, On Fri, Apr 15,

[ossec-list] Disk usage monitor not working in RHEL5

2016-04-15 Thread Robert Micallef
For anyone who encounters this issue where disk usage alerts are not working on Redhat 5, the issue is that in RHEL5 'df -h' output is multiline. You can easily fix it by modifying the ossec agent conf. Modify the 'df -h' to 'df -Pkh' and add an alias. command df -Pkh df -h