Hi Dillon
You can use the Wazuh repositories.
To add Wazuh yum repository, create a file named /etc/yum.repos.d/wazuh.repo:
cd /etc/yum.repos.d
vi wazuh.repo
For RHEL / CentOS:
[wazuh]
name = WAZUH OSSEC Repository - www.wazuh.com
baseurl = http://ossec.wazuh.com/el/$releasever/$basearch
Please review your firewall, usually windows block the traffic
And try to restart the service manually as well
Rewards
Enviado desde mi iPhone
> El 23 sept 2015, a las 18:53, theresa mic-snare
> escribió:
>
> Hi guys,
>
>
> yesterday I wanted to install the
Hi Thair,
Your Agents configuration are with static IP, Network or set to ANY?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On June 17, 2016 at 11:27:22 AM, Tahir Hafiz (tahir.ha...@gmail.com) wrote:
ERROR: Invalid ID for the source ip
--
---
You received
Hi Kevin
A silly question
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
El 2 de junio de 2016 a las 22:45:01, Kevin Branch (
ke...@branchnetconsulting.com) escribió:
I am running an OSSEC 2.8.3 server and a Windows computer with OSSEC 2.8.3
agent.
The rule simply
Hi Robert, the same agent id?
Try this, in ossecpath/etc/internal-options.conf modify
remoted.verify_msg_id=1 to 0 in both places, agent and manager
regards
> On 02 Feb 2016, at 16:56, Robert wrote:
>
> Hi,
>
> This problem drives me crazy.
> I already followed the
Hi Sebastiano,
Yes, you can uninstall in silent mode, only need to execute
"c:\path-to-ossec-agent\uninstall.exe /S”
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
> On 29 Feb 2016, at 19:10, Sebastiano Mortellaro <bola...@gmail.com> wrote:
>
&
Hi Krzysztof
are you compiling your own windows agent from sources? or you are downloading
from any web?
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com <mailto:j...@wazuh.com>
> On Mar 29, 2016, at 4:03 PM, Krzysztof Zaklikiewicz <zakli...@gmail.com>
> wrote:
>
>
Try to add and admin user to this new Administrator group and reinstall Ossec
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
> On Mar 29, 2016, at 4:21 PM, Krzysztof Zaklikiewicz <zakli...@gmail.com>
> wrote:
>
> Hi
>
> I downloaded from http:/
Hi gershon
Try ossec- authd
http://ossec-docs.readthedocs.org/en/latest/programs/ossec-authd.html#ossec-authd
If you like ossec-authd with more options look here
http://documentation.wazuh.com/en/latest/manual_authd.html
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
Hi Adiel
http://ossec-docs.readthedocs.org/en/latest/manual/supported-systems.html
http://ossec-docs.readthedocs.org/en/latest/manual/installation/installation-requirements.html
José Luis Ruiz
> On 25 Apr 2016, at 19:03, Adiel Navarro wrote:
>
>
>
he
folder.
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
> On May 16, 2016, at 10:04 AM, James Dough <slippingdo...@gmail.com> wrote:
>
> I'm trying to build the OSSEC RPM with the most recent version, using my own
> custom preloaded vars.
>
> I'm using the default sp
Hi James,
A couple things
You should NEVER create your packages as the root user. Building RPM's as root
is dangerous, because the binary files are installed on the system before being
packaged, thus you must always build as normal user so you won't accidentally
pollute your system.
All
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On July 20, 2016 at 11:54:41 AM, eyal gershon (gershon...@gmail.com) wrote:
Hey Everyone,
I am noticing some irregular activity in some of my OSSEC agents -
*A little bit about the system - *
My Deployment is on 2000~ servers managed from dedicated ossec
Level: '0'
Description: 'Auditd: system call to the kernel'
So you need to create a child rule to match with dstuser: '0' in your
local_rules.xml
80720
0
Root command
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On July 7, 2016 at 3:
Hi Dominik
You can install Wazuh Ruleset:
http://documentation.wazuh.com/en/latest/ossec_ruleset.htm
Auditd rules and decoders are included.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On July 7, 2016 at 4:16:29 PM, Dominik (reusser...@gmail.com) wrote:
Hi Jose
You are right
Here the correct link, i forget the “l” at the end.
http://documentation.wazuh.com/en/latest/ossec_ruleset.html
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On July 7, 2016 at 5:09:07 PM, Dominik (reusser...@gmail.com) wrote:
Thanks Jose.
I installed
it helps.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On January 27, 2017 at 1:11:04 AM, Igor Gatis (i...@esfera5.com.br) wrote:
I need to make OSSEC install fully automatic. Installation can be easily
done with /S flag to make it silent (
https://chocolatey.org/packages
echo "### 4. Deleting intemediate index: $src_index"
delete_index $src_index
fi
else
echo "### Index $src_index doest not exist. Skipping."
fi
# Update date.
d=$(date -I -d "$d + 1 day"
.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On September 29, 2016 at 12:55:19 PM, Dustin Church (church...@gmail.com)
wrote:
Victor,
I currently have 78 servers that will be recreated nightly using a single
image. I understand that I can install OSSEC to a secondary
Hi Ka-Hing
When do you run the command nc -u 10.0.129.94 1514, this command is from
the agent container or the main server?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 26, 2016 at 7:14:50 PM, Ka-Hing Cheung (kah...@gmail.com) wrote:
nc -u 10.0.129.94
Hi Ka-Hing
Thanks for sharing!
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 26, 2016 at 9:44:23 PM, Ka-Hing Cheung (kah...@gmail.com) wrote:
> Figured out the problem. It's a docker bug:
> https://github.com/docker/docker/issues/7540
>
> On Fr
Did you try to add a new key to the agent already?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 26, 2016 at 9:19:52 PM, Ka-Hing Cheung (kah...@gmail.com) wrote:
> From the agent container
>
> On Friday, August 26, 2016 at 6:16:23 PM UTC-7, j
Hi Ka-hing
First of all we need to know which command you use to run the container in
order to know which ports are you mapping.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 26, 2016 at 5:11:03 PM, Ka-Hing Cheung (kah...@gmail.com) wrote:
> I have os
and template.
After that, probably you will need to reindex all your index to apply the
new template.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On September 28, 2016 at 3:26:38 PM,
roberto.mendo...@phoebustecnologia.com.br (
roberto.mendo
Hi Roberto, nice news :)
Please feel free to send pull request to Wazuh and Ossec with your
improvements and new rules, the Ossec community will appreciate.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On September 30, 2016 at 9:00:32 AM,
roberto.mendo
Hi Sean,
What rpm are you using? wazuh-manager-1.1.1-3 or ossec-hids-2.8.3-3?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On December 12, 2016 at 5:25:41 PM, Sean Roe (sean...@gmail.com) wrote:
Hi all,
I have installed the ossec server using the Wazuh rpms
egards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On March 29, 2017 at 6:17:37 PM, mscr...@ieee.org (mscr...@ieee.org) wrote:
Hi Ossec-list,
I am wondering if anyone else has run into this issue, I have a cron that
runs at the same time every day and it always triggers the promiscuous mod
Hi, can you verify if the port it’s open?
[root@wazuh-manager /]# netstat -tuna | grep 514
udp0 0 0.0.0.0:514 0.0.0.0:*
The symantec ip is allowed in ossec.conf right?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On March 14, 2017 at 12:44
Hello,
The last stable version is 2.9.0, the downloads page is not updated.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On April 21, 2017 at 4:41:09 PM, Lukáš Jirkovský (l.jirkov...@gmail.com)
wrote:
Hello,
just a quick question – what is the current stable
not receiving alerts, enable logall in
ossec.conf yes and take a look in the file
“/var/ossec/logs/archives/archives.log”, if the logs are in this file, but
not in your alerts, probably the decoders or rules have something wrong.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
Hi Carlos,
Take a look from the log file /var/ossec/logs/ossec.log, this is the main
log file for managers and agents.
You can do something like *cat /var/ossec/logs/ossec.log | grep ERROR, *to
verify if you have errors in some point.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j
egards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 3, 2017 at 7:48:10 PM, Carlos Islas (sparks.10008...@gmail.com)
wrote:
017/08/03 08:27:40 <http://airmail.calendar/2017-08-03 08:27:40 GMT+2>
ossec-remoted(1403):
ERROR: Incorrectly formated
Hi Carlos,
The manager has his own agent, probably the alerts are from the manager it
self.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 3, 2017 at 7:57:59 PM, Carlos Islas (sparks.10008...@gmail.com)
wrote:
In adition the host send alerts to my email
Hi Prakash
Try set to 0 (now you should have 1) the option *remoted.verify_msg_id* in
/var/ossec/etc/internal_options.conf in the manager and agent and restart
both.
*remoted.verify_msg_id=0*
i hope it helps.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On June 6
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On June 7, 2017 at 10:15:19 AM, John Kondur (kongfra...@gmail.com) wrote:
Thanks I did find it that did help,
I had two more questions not sure if I should start another thread:
I had frequency set on the agents to:
7200
I looked
35 matches
Mail list logo