[ossec-list] Re: Rule 510 is triggering events but logtest is not showing any rules that should be triggered

Hi Jesus, Thanks for the reply. I have noticed when I activate this rule, it blocks all events and does not alert on the first event. Also note, I am trying to use the ID field from my decoder to match against. I can't just use a static match as the ID continuously changes so I'd need the ID

Re: [ossec-list] File deletion ,Integrity checksum and sending mail fails.

On Wed, Apr 12, 2017 at 6:28 AM, wrote: > Hi, > > I do not receive file deletion alert in latest 2.9.0 version, > Also any changes made to the file are not reported before. > I haven't tested this, but I'll give it a shot. > Also maild demon fails sending the mail.

Re: [ossec-list] on ubuntu compile windows 64bit error

windows 2012 r2 error 问题签名: 问题事件名称:APPCRASH 应用程序名:win32ui.exe 应用程序版本:0.0.0.0 应用程序时间戳:58ef28a9 故障模块名称:StackHash_bc03 故障模块版本:6.3.9600.17415 故障模块时间戳:5450559e 异常代码:c374 异常偏移:PCH_B7_FROM_ntdll+0x000911FA OS 版本:6.3.9600.2.0.0.272.7

Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

On Mon, Apr 10, 2017 at 2:46 PM, Anoop Perayil wrote: > I am running OSSEC on a Security Onion build Ubuntu 14.04.5 LTS. > The issue started after I added in more disk since I ran out of space in / > I really wish SO would partition their system properly. Big /, nothing

Re: [ossec-list] How soon does an agent disconnect appear

On Wed, Apr 12, 2017 at 4:01 PM, Nikki S wrote: > How long does it take for the agent to appear as 'disconnected'? I read on > another thread that the 'keep alive' needs to fail three times. I could not > find where we set the frequency of the agent check in. > I think

Re: [ossec-list] OSSEC upgrade from 2.8.3 to 2.9 RC5 DBD error

On Mon, Apr 10, 2017 at 2:34 PM, Dayne Jordan wrote: > DISREGARD - major faux pas on my part from previous... its' alert not alerts > table.(singular) > > Alert table does exist, however the column "level" does not, i will create > it manually. > > MariaDB [ossec]> describe

Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

On Mon, Apr 10, 2017 at 2:34 PM, Felix Martel wrote: > Perhaps this is way off base, but have you added an agent for localhost ? In > my context of a new install, a ton of issues went away after I added an > agent for the localhost (name=localhost, IP=127.0.0.1). Didn't

Re: [ossec-list] Is it possible to trigger an active response on a rule with a severity level of 0?

On Wed, Apr 12, 2017 at 1:40 PM, Rob Williams wrote: > Essentially, I want to trigger an active response for a rule that I created > that has a severity level of 0. I created this rule because I did not want > to be alerted on the default rule and only wanted to be

[ossec-list] OSSEC Agent not works

Hello! I installed OSSEC server and client on 2 hosts whoever agent showed as "Never connected". There is no firewall between these hosts and if I use netcat to connect to server It log shows that message is not properly formated. Output of tcpdump: 00:58:11.619862 IP 10.2.2.3.43453 >

Re: [ossec-list] on ubuntu compile windows 64bit error

On Thu, Apr 13, 2017 at 5:14 AM, weisst wrote: > Dear all > > i try compile windows 64bit on Ubuntu 16.10, and i install depend > > sudo apt-get install build-essential -y > sudo apt-get install nsis nsis-common -y > sudo apt-get install mingw-w64 mingw-w64-common

[ossec-list] Re: File deletion ,Integrity checksum and sending mail fails.

Hi, Dan thanks for the reply. Yes i am using hostname for smtp server. In previous version we do not have to do such things for email. On Wednesday, April 12, 2017 at 8:24:15 PM UTC+5:30, siddhe...@suvidhaa.com wrote: > > Hi, > > I do not receive file deletion alert in latest 2.9.0 version, >

[ossec-list] on ubuntu compile windows 64bit error

Dear all i try compile windows 64bit on Ubuntu 16.10, and i install depend sudo apt-get install build-essential -y sudo apt-get install nsis nsis-common -y sudo apt-get install mingw-w64 mingw-w64-common mingw-w64-x86-64-dev -y i find mingw use *x86_64-w64-mingw32-gcc* replace