Re: [ossec-list] Problem with ossec's syslog options and ossec-remoted process

On Tue, May 1, 2012 at 7:10 AM, carlopmart carlopm...@gmail.com wrote: On 05/01/2012 02:14 AM, dan (ddp) wrote: On Apr 30, 2012 4:11 PM, carlopmart carlopm...@gmail.com mailto:carlopm...@gmail.com wrote:     Hi all,      I have several problems with ossec-remoted process and ossec's

Re: [ossec-list] JBOSS Decoder and Rules

Le 01/05/2012 00:48, Tom Bartos a écrit : I was able to configure a decoder for the JBOSS single line record entries but the Java Exceptions are variable content and variable number of lines... I had the same issues... My only solution has been to use a syslog log4j appender so that jboss

Re: [ossec-list] Comma in registry hive names

Thanks Scott. I'll give it a try! Michael On Tuesday, May 1, 2012 4:22:47 PM UTC-7, Scott VR wrote: I'd try escaping the comma with a backslash. (or perhaps a double backslash?) -- ScottVR On May 1, 2012, at 5:45 PM, Michael mkleinpa...@gmail.com wrote: So, I'm getting OSSEC

[ossec-list] Re: msauth_rules.xml file, is this for Microsoft Windows rules?

Will increasing the log alert level from 1 to 7 in the /var/ossec/etc/ ossec.conf file reduce the number of alerts level 7 to zero alerts? On Apr 30, 2:56 pm, dan (ddp) ddp...@gmail.com wrote: Modifying the default rules directly isn't encouraged. Your changes will be overwritten on an

Re: [ossec-list] Re: msauth_rules.xml file, is this for Microsoft Windows rules?

Probably not. Some rules, like 1002, always send email. On May 2, 2012 1:37 PM, A-Dubbs arlendelcasti...@gmail.com wrote: Will increasing the log alert level from 1 to 7 in the /var/ossec/etc/ ossec.conf file reduce the number of alerts level 7 to zero alerts? On Apr 30, 2:56 pm, dan (ddp)

[ossec-list] Re: msauth_rules.xml file, is this for Microsoft Windows rules?

Will it at least significantly reduce the amount of alerts in the alerts.log file? I just want to verify I am modifying the correct settings for reducing alerts. On May 2, 1:38 pm, dan (ddp) ddp...@gmail.com wrote: Probably not. Some rules, like 1002, always send email. On May 2, 2012 1:37 PM,

[ossec-list] Re: Ossec 2.6 Compile errors on Mac Os 10.7.3

anyone?

[ossec-list] OSSEC Doesn't Forget !

After I delete an agent - either using manage_agents or manually editing client.keys, the entry persists in OSSEC WUI. I have even tried deleting all of client.keys, all queue and rids entries and starting again - these ghost entries still remain I've searched high and low, but still can't

Re: [ossec-list] OSSEC Doesn't Forget !

The web-ui looks inside /var/ossec/queue for information on agents, so you have to remove from there as well.. thanks, -- Daniel B. Cid http://dcid.me On Wed, May 2, 2012 at 8:56 PM, dan (ddp) ddp...@gmail.com wrote: Do the deleted agents show up in the ossec output (like the list_agents

RE: [ossec-list] OSSEC Doesn't Forget !

Hi Dan They show up in list_agents -a Cheers Andy From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of dan (ddp) Sent: Thursday, 3 May 2012 11:56 a.m. To: ossec-list@googlegroups.com Subject: Re: [ossec-list] OSSEC Doesn't Forget ! Do the

RE: [ossec-list] OSSEC Doesn't Forget !

Hi Again Dan ...just found it - your suggestion was spot on I removed the offending entries from queue/agent-info and now all tickety-boo Andy From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Andy Cockroft (andic) Sent: Thursday, 3 May 2012