well so far so good!
there is one thing: when i click on any alert, it doesn't show the
payload, like a screenshot you have on your site: http://www.riunx.com/portal/modules.php?module=screenshots&file=screenshot&image=ossec2base-screenshot-3.jpg
any ideias?
./vcorreia
Vitor Correia wrote:
good news meir,
i've cleared the tables (just in case), updated ossec2base to your
latest patch, chucked resolve=0 in /etc/ossec2base.conf, started the
real time feed and alas, the correct ips are now showing (",)
i'll check back with you later for more updates.
again thank you for your time!
./vcorreia
Meir Michanie wrote:
download latest version and use -n if it is your case
http://www.riunx.com/portal/modules.php?module=tips&mode=article&artid=5
On 8/29/06, Vitor Correia <[EMAIL PROTECTED]>
wrote:
ok :)
thank you for your quick response, I'll keep posting updates on my
experiences.
take care,
./vcorreia
Meir Michanie wrote:
bigbrother or ossec or pc1 is the name of the sensor
I wanted to point out that is just a name and not necessary ossec
Thank you for using ossec2base please gives us more feedback of your
experience with it.
On 8/29/06, Vitor Correia <[EMAIL PROTECTED]
>
wrote:
thank you, i've reinstalled
it for new testing.
i have a question: in your installation instrutions (in the end) you
say that in order to run real time feeding of events this command
should be executed: /usr/local/bin/ossec2based.pl --conf
/etc/ossec2base.conf -d --sensor bigbrother
my question is: shouldn't the argument --sensor refer to the string
'ossec'? (check the default ossec2base.conf)
excellent work Meir, congratulations!
./vcorreia
Meir Michanie wrote:
I developed and I am using it in server with a lot of
remote agents.
download latest version from
http://www.riunx.com/portal/modules.php?module=tips&mode=article&artid=5
( daniel, can you upload the new version to ossec site)
On 8/29/06, Vitor Correia <[EMAIL PROTECTED]
> wrote:
Hello everyone,
Has anyone tried ossec2base in a server - client arquitecture? I'm
running a testbed with a server and some (mixed o.s.) clients and it
seems I can only see reports from the server itself (which gets logged
as being 0.0.0.0).
Installation and whatnot pointers are welcome :)
Thanks,
Vitor Correia
Systems Administrator
--
Mobbit Systems
[EMAIL PROTECTED]
| Telemóvel: + 351 916 448 025
Avenida do Forte, 8 - 1º Andar - Frente 01 - 2795-503 Carnaxide
Telefone: + 351 21 418 01 40 | Fax: + 351 21 418 01 41
[EMAIL PROTECTED] | www.mobbit.net
,-O
O(_)) for a better world
`-O
Vitor Correia
Systems Administrator
--
Mobbit Systems
[EMAIL PROTECTED]
| Telemóvel: + 351 916 448 025
Avenida do Forte, 8 - 1º Andar - Frente 01 - 2795-503 Carnaxide
Telefone: + 351 21 418 01 40 | Fax: + 351 21 418 01 41
[EMAIL PROTECTED] | www.mobbit.net
,-O
O(_)) for a better world
`-O
Vitor Correia
Systems Administrator
--
Mobbit Systems
[EMAIL PROTECTED]
| Telemóvel: + 351 916 448 025
Avenida do Forte, 8 - 1º Andar - Frente 01 - 2795-503 Carnaxide
Telefone: + 351 21 418 01 40 | Fax: + 351 21 418 01 41
[EMAIL PROTECTED] | www.mobbit.net
,-O
O(_)) for a better world
`-O
Vitor Correia
Systems Administrator
--
Mobbit Systems
[EMAIL PROTECTED] | Telemóvel: + 351 916 448 025
Avenida do Forte, 8 - 1º Andar - Frente 01 - 2795-503 Carnaxide
Telefone: + 351 21 418 01 40 | Fax: + 351 21 418 01 41
[EMAIL PROTECTED] | www.mobbit.net
,-O
O(_)) for a better world
`-O
Vitor Correia
Systems Administrator
--
Mobbit Systems
[EMAIL PROTECTED] | Telemóvel: + 351 916 448 025
Avenida do Forte, 8 - 1º Andar - Frente 01 - 2795-503 Carnaxide
Telefone: + 351 21 418 01 40 | Fax: + 351 21 418 01 41
[EMAIL PROTECTED] | www.mobbit.net
,-O
O(_)) for a better world
`-O
|
begin:vcard
fn:Vitor Correia
n:Correia;Vitor
org:Mobbit Systems
adr;quoted-printable:;;Av. do Forte, N=C2=BA 8 - Andar O1;;Linda-a-Velha;2795-503;Portugal
email;internet:[EMAIL PROTECTED]
title:Sysadmin
tel;work:+351 21 418 01 40
tel;fax:+351 21 418 01 41
tel;cell:+351 91 644 80 25
x-mozilla-html:TRUE
url:http://www.mobbit.net
version:2.1
end:vcard
