On 05/01/2012 02:14 AM, dan (ddp) wrote:
On Apr 30, 2012 4:11 PM, carlopmart carlopm...@gmail.com
mailto:carlopm...@gmail.com wrote:
Hi all,
I have several problems with ossec-remoted process and ossec's
syslog remote options. My ossec server is configured to receive syslog
messages
Can you use wildcards in the rootkit check files (win_malware_rcl.txt,
win_audit_rcl.txt, etc)? Let's say you want to search one of the following
*:\Users\*\My*\
*:\Documents and Settings\*
*:Users\*\Documents\*
I know you need not specify the root file system, you can do \Documents and
So, I'm getting OSSEC running for the company I work for. So far so
good up to the point of monitoring the registry. All the basic ones
are fine, but we have some entries our developers are using commas in
the reg entry names. Basically the registry entry looks like this:
I'd try escaping the comma with a backslash. (or perhaps a double backslash?)
--
ScottVR
On May 1, 2012, at 5:45 PM, Michael mkleinpa...@gmail.com wrote:
So, I'm getting OSSEC running for the company I work for. So far so
good up to the point of monitoring the registry. All the basic ones
yes you are right about Apple!
anyway, i have another problem.
i have installed ossec server on my mac. Now i would like that ossec
sends me alert via mail
but i don't have a mailserver.
I tried to follow the active-response tutorial but i did't get any
results.
any idea? have i to mandatory