On Thu, Mar 14, 2013 at 4:41 AM, S Pratap Singh <[email protected]> wrote: > Hi Dan, > > Things are working fine now. But I have another problem, now I am getting > most of the alert for FTP activity excluding file upload and download alert. > The rule which you have given works fine but when I restart Ossec I am > getting the following error : > > 2013/03/14 12:38:18 ossec-analysisd: Invalid decoder name: 'pure-transfer'.
Does the decoder pure-transfer exist? It isn't getting loaded. > 2013/03/14 12:38:18 ossec-analysisd(1220): ERROR: Error loading the rules: > 'local_rules.xml'. > 2013/03/14 12:38:21 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' > not accessible: 'Connection refused'. > 2013/03/14 12:38:21 ossec-remoted(1211): ERROR: Unable to access queue: > '/queue/ossec/queue'. Giving up.. > > So there is two problem I am facing currently : > 1 Not getting alert for upload and download since this is getting logged > into another file and not into syslog file. > 2 facing the issue with restart of ossec server. > > Thanks for your input and help so far. > > On Thu, Mar 14, 2013 at 2:58 AM, dan (ddp) <[email protected]> wrote: >> >> On Wed, Mar 13, 2013 at 7:43 AM, S Pratap Singh <[email protected]> >> wrote: >> > All fixed but I am not getting alert to my mail box for FTP activity as >> > other alerts. >> > >> >> Are you getting other alerts in your email? >> Do you have access to the maillogs? If so, check to see if the mail is >> being rejected or something. >> If not, use tcpdump or something similar to watch mail traffic to see >> if OSSEC even attempts to send the message. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > > > -- > Regards, > Pratap Singh > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
