Re: [ossec-list] OSSEC alerts on syslog

Hi All, So I am currently still troubleshooting, but noticed that the syslog-ng process was listening on 514 TCP, but also had an entry for 514 UDP, which is the protocol I've set within my ossec.conf. Could this be part of the issue? My guess is that I only want 514 udp listening. On

[ossec-list] OSSEC Agents Unable to Connect to Server

OSSEC agents this morning were working without issue and then began reporting as Disconnected. Agent logs are returning the following error: 2017/03/27 10:14:38 ossec-agent: WARN: Process locked. Waiting for permission... 2017/03/27 10:14:49 ossec-agent(4101): WARN: Waiting for server reply

[ossec-list] Can the windows agent report to Wazuh and OSSIM simultaneously?

Am I able to setup the OSSEC windows agent to report to both a Wazuh and a OSSIM server at the same time? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[ossec-list] Re: %AppData% alert on new file creation proper setup

Hello Dan, Thank you for your feedback. I have changed the frequency to 900 sec, and inspected the ossec.log. I noted that inside the log file none of the agent.conf directories where present. Any theories on why the ossec.conf syscheck content is showing up in ossec.log, and the

Re: [ossec-list] Can the windows agent report to Wazuh and OSSIM simultaneously?

On Mon, Mar 27, 2017 at 12:52 PM, Joel Fries wrote: > Am I able to setup the OSSEC windows agent to report to both a Wazuh and a > OSSIM server at the same time? > There is no support in the OSSEC agent to report to 2 destinations simultaneously. It is possible that Wazuh has

Re: [ossec-list] OSSEC alerts on syslog

On Mon, Mar 27, 2017 at 11:25 AM, wrote: > Hi All, > > So I am currently still troubleshooting, but noticed that the syslog-ng > process was listening on 514 TCP, but also had an entry for 514 UDP, which > is the protocol I've set within my ossec.conf. Could this be part

Re: [ossec-list] OSSEC Agents Unable to Connect to Server

On Mon, Mar 27, 2017 at 10:50 AM, Marc Baker wrote: > OSSEC agents this morning were working without issue and then began > reporting as Disconnected. Agent logs are returning the following error: > > 2017/03/27 10:14:38 ossec-agent: WARN: Process locked. Waiting for >

Re: [ossec-list] Re: %AppData% alert on new file creation proper setup

On Mon, Mar 27, 2017 at 4:26 AM, wrote: > Hello Dan, > > Thank you for your feedback. I have changed the frequency to 900 > sec, and inspected the ossec.log. I noted that inside the log file none of > the agent.conf directories where present. Any theories