Hey, thanks my friend! just more one question.
I'm trying to start the server and am receiving the error: *2012/07/24 17:21:29 agent_control(1210): ERROR: Queue '/queue/alerts/ar' not accessible: 'Connection refused'. 2012/07/24 17:21:29 agent_control(1301): ERROR: Unable to connect to active response queue.* 2012/07/24 17:26:52 ossec-testrule: INFO: Reading local decoder file. 2012/07/24 17:26:52 ossec-testrule: INFO: Started (pid: 25452). root@myserver:/var/ossec# ls -l queue/alerts/ar srw-rw---- 1 ossecr ossec 0 Jul 24 16:12 queue/alerts/ar what can be wrong ? On Tue, Jul 24, 2012 at 5:18 PM, dan (ddp) <[email protected]> wrote: > On Tue, Jul 24, 2012 at 4:15 PM, Leonardo Bacha Abrantes > <[email protected]> wrote: > > Hi people, > > > > I was using tcpdump on my server and I received a lot of messages about > > promiscuous mode. > > > > Received From: (MyServer) 192.168.120.125 ->/var/log/messages > > Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) > > mode." > > Portion of the log(s): > > Jul 24 15:04:13 myserver kernel: device eth0 entered promiscuous mode > > > > Is possible to configure ossec client to send just one email instead of > many > > ? > > > > > > Many thanks! > > > > > > > > > > The agent (client) shouldn't send any emails. You can configure the > ossec server to send out 1 email in x seconds if you'd like. Just > create a rule that ignores the alerts for a while. >
