[ossec-list] Re: install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

Hi Eduardo, It seems that the error from "getaddrinfo" does not show which process logs it, but both remoted and authd processes are logging errors. Could you share your configuration and the command that you use to run ossec-authd? It could be very useful for us to help you. Best regards.

[ossec-list] Syslog Forward Configuration Resulting in a Failure

I am attempting to forward OSSEC logs to a SIEM via syslog. Recommended configuration in the documentation is: 192.168.4.1 The SIEM recognizes json format on port 5500 so I've configured logs to that formatted and set the configuration as: 172.27.212.243 5500 json When

[ossec-list] Re: OSSEC real-time monitoring with hidden files

Good morning, You seem to have posted this question twice, so I will just answer this one. I have this running on all my systems and it easily works without an issue. You have to make sure the right packages are installed for Realtime. Hidden files do not bother OSSEC - a hidden file is simply

[ossec-list] Re: Modify rules

One other bit of information - the "read only" error has nothing to do with OSSEC itself. It is simply a warning based on Linux saying that the file is marked without the "W" attribute. You can resolve this from "vi" by simply using a "w" upon exit. For example, after you edit the

[ossec-list] Re: Need information about Application installation via OSSEC

You could set the appropriate folders, assuming *nix system, such as /bin,/usr/bin,/sbin,/usr/sbin for realtime monitoring and new file alerts. Then if an installed package, regardless of YUM or dpkg/apt is installed, even by just copying it into place, you would still get an alert. Kat On

[ossec-list] Re: Agentless ssh monitoring fails to connect every time

Hi, Could you post the log entries? Also, an ssh -vvv output would help to see what is going on. It is clearly a connection problem, but hard to diagnose based on what you have posted. Kat On Friday, March 17, 2017 at 10:20:58 PM UTC-5, Marcin Gołębiowski wrote: > > I can't seem to make the

[ossec-list] Re: Agentless ssh monitoring fails to connect every time

Trying to debug with expect I got: *expect -d agentless/ssh_integrity_check_linux u...@server.com /directory/to/check* *expect version 5.45* *argv[0] = expect argv[1] = -d argv[2] = agentless/ssh_integrity_check_linux argv[3] = u...@server.com argv[4] = /directory/to/check* *set argc 2*

[ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) i have a problem to ossec-remoted and ossec-auth, this services cant bind ports 1514, log error below. I generated my certificated with commands "openssl genrsa -out" and "openssl req -new -x509 -key ". ##Log OSSEC.LOG