Re: [ossec-list] Re: Report output

Thu, 22 Dec 2011 05:48:40 -0800 

On Thu, Dec 22, 2011 at 4:50 AM, alsdks <[email protected]> wrote:
> Hi Jorge,
>
>
> So I guess there in no way to modify this on a live system .You need
> to recompile and install ossec?
>

You can modify it by replacing the binaries with the new ones. You'll
probably only need to replace ossec-reportd, and that can be compiled
on your dev system.

>
> Thank you
> BR
>
> On Dec 20, 7:28 pm, Jorge Armando Medina <[email protected]>
> wrote:
>> On 12/20/2011 09:07 AM, alsdks wrote:
>>
>> > Hello,
>>
>> Hello,
>>
>>
>>
>> > Is there a way to have reportd to not "cutt" long paths , it seems to
>> > have a max character limitation.
>>
>> I was working on this last week, I had to modify the source code for
>> monitord, I think the file is: src/shared/report_op.c.
>>
>> You can test the attached patch for 2.6, I hope it works for you.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> > For example output of  "zcat logs/alerts/2011/Dec/*.gz | bin/ossec-
>> > reportd -n "Month Summary" 2>" is showing like :
>>
>> > Top entries for 'Filenames':
>> > ------------------------------------------------
>> > /etc/utmp                                       |17      |
>> > /etc/opt/resmon/log/registrar.log               |9       |
>> > /etc/opt/resmon/log/registrar.log.old           |6       |
>> > /etc/security/lastlog                           |6       |
>> > /opt/ossec/etc/ossec.conf                       |6       |
>> > /var/ossec/etc/ossec.conf                       |6       |
>> > HKEY_LOCAL_MACHINE\Security\SAM\Domains\Acco..  |6       |
>> > HKEY_LOCAL_MACHINE\Software\Microsoft\Window..  |6       |
>> > HKEY_LOCAL_MACHINE\Software\Microsoft\Window..  |6       |
>> > HKEY_LOCAL_MACHINE\Software\Microsoft\Window..  |6       |
>> > HKEY_LOCAL_MACHINE\Software\Policies\Microso..  |6       |
>> > HKEY_LOCAL_MACHINE\Software\Policies\Microso..  |6       |
>> > HKEY_LOCAL_MACHINE\System\CurrentControlSet\..  |6       |
>> > HKEY_LOCAL_MACHINE\System\CurrentControlSet\..  |6       |
>>
>> > So from the report it is not possible to see what the full name is .
>> > In this example it could be anything under HKEY_LOCAL_MACHINE\Software
>> > \Microsoft\Window...
>>
>> > Thank you
>>
>> --
>> Jorge Armando Medina
>> Computación Gráfica de México
>> Web:http://www.e-compugraf.com
>> Tel: 55 51 40 72, Ext: 124
>> Email: [email protected]
>> GPG Key: 1024D/28E40632 2007-07-26
>> GPG Fingerprint: 59E2 0C7C F128 B550 B3A6  D3AF C574 8422 28E4 0632
>>
>>  ossec-hids-2.6-src-shared-report_op.c.patch
>> 2KViewDownload
>>
>>  signature.asc
>> < 1KViewDownload

Reply via email to