That's perfect, exactly what I needed to know! Thank you!
On Tuesday, July 11, 2017 at 3:58:37 AM UTC-4, Victor Fernandez wrote:
>
> Hi Robert,
>
> OSSEC should take these settings independently:
>
>- Configuration A will send alerts with level 8 or higher.
>- Configuration B will send
Hi Alexis,
I'm not sure about what it is happening. Do a simple test. Set
*email_alert_level
*to 1, and configure only one custom alert:
yes
noreply@localhost
smtpserver
*email1*
*email2*
10
Generate an alert with level 10, you will receive:
-
I have the following stanzas in my config:
yes
s...@x.com
mail.X.com.
oss...@ossec.x.com
# Database section here
syscheck
Daily report: File changes
s...@x.com
m...@x.com
I am getting OSSEC Notification emails now
is there a condition where ossec blocks all incoming connections?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
Hi Sean,
Have you configured the global email options in the section?
You should have something like this:
yes
m...@test.com
mail.test.com.
he...@test.com
...
In case you want to use an email that uses SMTP authentication you will
need to
Sorry -- wrong maillinglist. :)
On Tuesday, July 11, 2017 at 11:11:09 AM UTC-7, Ian Brown wrote:
>
> I've noticed there are lots of rules that look for low reputation ip
> addresses .. Rules like this one:
>
> ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 385
> alert ip
>
I did end up doing this, user and hostname. However this isn't the
'optimal' solution as I do prefer to get alerts from the user + hostname at
other times then ignoring it every half an hour. I will look more into the
element time later on, and see if there's a way to achieve what I were
Gary...
How do you have configure the agent?
Some like this?
Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
eventchannel
Thanks, regards...
El lunes, 7 de octubre de 2013, 17:24:38 (UTC-5), Gary White escribió:
> I have edited the msauth file so
Thanks for the tip! We tested it, but it doesn't seem to be working. Here's
what the configuration looks like now:
yes
noreply@localhost
smtpserver
ossec@domain
email1
email2
email3
several, agents, name
ourservice@domain
9
Hi Robert,
OSSEC should take these settings independently:
- Configuration A will send alerts with level 8 or higher.
- Configuration B will send alerts with level 4 or higher (including
alerts sent by the former setting) belonging to these groups.
So you'll receive duplicate alerts.
Hello pRose
I think that if you modify "by hand" a file in a debian package
installation file (as ossec.conf for example) the uninstall process doesn't
completely remove the folder. Could you please try to re-do your uninstall
process and then, verify if the folder "/var/ossec" still
Hi Dan ,
Thanks for the response . I am aware of the frequency and time frame
options in the rule but it does not serve the purpose . Let me frame the
requirement in a slightly different way .
Basically , we have 50 duplicate events generated within the period of 1
sec which we want to
hey alberto,
thanks for the reply.
i can confirm that i have removed the folder AFTER doing the uninstall
process. the long single line command i have listed in my original post,
does include the command:
sudo rm -rf /var/ossec;
and after doing that i did confirm that the folder was gone.
13 matches
Mail list logo