What about the evaluation using a specific attacks. Are there any rules
available online for some kind of attacks like DOS or SQL injection. Is
there any one has evualuated OSSEC against some attacks and get alerts that
explain that there is an attack detected. Right now, we get only alerts
with level numbers without any information about attack name or type.
On Monday, August 20, 2012 8:28:36 AM UTC-7, Michael Barrett wrote:
>
>
> looks like i fixed it. apparently there was no rids directory once I
> created it agent starts
> *____________________________________________*
> *Michael Barrett* <javascript:>* *| *Information Security Analyst - Lead*|
> *Mortgage Guaranty Insurance Corporation* <http://www.mgic.com/>
> 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7
> 1.888.601.4440 | * [email protected]
>
> This message is intended for use only by the person(s) addressed above and
> may contain privileged and confidential information. Disclosure or use of
> this message by any other person is strictly prohibited. If this message is
> received in error, please notify the sender immediately and delete this
> message.
>
>
>
> From: Frank Stefan Sundberg Solli <[email protected] <javascript:>> To:
> [email protected] <javascript:> Date: 08/20/2012 09:44 AM Subject:
> Re:
> [ossec-list] ossec service stops immediately after start Sent by:
> [email protected] <javascript:>
> ------------------------------
>
>
>
> Check that your config file is existent and that it is readable, also if
> yit exists paste it here.
>
> On Mon, Aug 20, 2012 at 4:27 PM, Michael Barrett <*
> [email protected]* <javascript:>> wrote:
>
>
>
> Windows 2003
>
> Faulting application ossec-agent.exe, version 0.0.0.0, faulting module
> ossec-agent.exe, version 0.0.0.0, fault address 0x00030b6f.
>
>
>
> ossec.log
>
> 2012/08/20 09:25:30 ossec-agent(1905): INFO: No file configured to monitor.
>
> 2012/08/20 09:25:30 ossec-execd(1350): INFO: Active response disabled.
> Exiting.
>
> 2012/08/20 09:25:30 ossec-agent(1410): INFO: Reading authentication keys
> file.
>
>
> fresh install
>
>
>
> anyone have any ideas what do check?
>
> same config files works on hundreds of other systems
>
> *
> ____________________________________________* *
> **Michael Barrett* <javascript:>* *| *Information Security Analyst - Lead*|
> *Mortgage Guaranty Insurance Corporation* <http://www.mgic.com/>
> 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( *1.414.347.6271* | 7 *
> 1.888.601.4440* | * [email protected]
>
> This message is intended for use only by the person(s) addressed above and
> may contain privileged and confidential information. Disclosure or use of
> this message by any other person is strictly prohibited. If this message is
> received in error, please notify the sender immediately and delete this
> message.
>
>
>
> --
> MVH/With regards
>
> Frank
> --
> Name: Frank Stefan Sundberg Solli
> E-mail: *[email protected]* <javascript:>
> Web: *http://0x41.me* <http://0x41.me/>
> GPG: 684119F4
>
>
>
