Hi Eduardo,
It seems that the error from "getaddrinfo" does not show which process logs
it, but both remoted and authd processes are logging errors.
Could you share your configuration and the command that you use to
run ossec-authd? It could be very useful for us to help you.
Best regards.
I am attempting to forward OSSEC logs to a SIEM via syslog. Recommended
configuration in the documentation is:
192.168.4.1
The SIEM recognizes json format on port 5500 so I've configured logs to
that formatted and set the configuration as:
172.27.212.243
5500
json
When
Good morning,
You seem to have posted this question twice, so I will just answer this
one. I have this running on all my systems and it easily works without an
issue. You have to make sure the right packages are installed for Realtime.
Hidden files do not bother OSSEC - a hidden file is simply
One other bit of information - the "read only" error has nothing to do with
OSSEC itself. It is simply a warning based on Linux saying that the file is
marked without the "W" attribute. You can resolve this from "vi" by simply
using a "w" upon exit. For example, after you edit the
You could set the appropriate folders, assuming *nix system, such as
/bin,/usr/bin,/sbin,/usr/sbin for realtime monitoring and new file alerts.
Then if an installed package, regardless of YUM or dpkg/apt is installed,
even by just copying it into place, you would still get an alert.
Kat
On
Hi,
Could you post the log entries? Also, an ssh -vvv output would help to see
what is going on. It is clearly a connection problem, but hard to diagnose
based on what you have posted.
Kat
On Friday, March 17, 2017 at 10:20:58 PM UTC-5, Marcin Gołębiowski wrote:
>
> I can't seem to make the
Trying to debug with expect I got:
*expect -d agentless/ssh_integrity_check_linux u...@server.com
/directory/to/check*
*expect version 5.45*
*argv[0] = expect argv[1] = -d argv[2] =
agentless/ssh_integrity_check_linux argv[3] = u...@server.com argv[4] =
/directory/to/check*
*set argc 2*
When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) i have
a problem to ossec-remoted and ossec-auth, this services cant bind ports
1514, log error below.
I generated my certificated with commands "openssl genrsa -out" and
"openssl req -new -x509 -key ".
##Log OSSEC.LOG