Kevin, Did you ever find a solution to this?
I'm running into the same problem on Windows machines, who seem to have a lot of listeners running at any given time. Any feedback is appreciated on how you have addressed this problem in your environment. Blake Johnson IT Security Analyst Alliant Energy On Friday, April 5, 2013 5:06:35 PM UTC-5, Kevin Kelly wrote: > > From what I can tell, both the "output:" and the "Previous output:" > sections are getting truncated in the email message which is why it never > seems to change. The last-entry is 34 lines 3096 characters long and the > state.1365197432 is 33 lines and 3007 characters long. I also note > truncation in the alerts.log as well. I assume there is a hard coded limit > in the source code somewhere? > > ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': > tcp 0 0 0.0.0.0:111 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:199 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:20031 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:32770 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:8000 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:8089 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:886 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:9999 0.0.0.0:* > LISTEN > tcp 0 0 10.1.1.218:443 0.0.0.0:* > LISTEN > tcp 0 0 10.1.1.218:80 0.0.0.0:* > LISTEN > tcp 0 0 10.1.1.234:10050 0.0.0.0:* > LISTEN > tcp 0 0 10.1.1.234:443 0.0.0.0:* > LISTEN > tcp 0 0 10.1.1.234:80 0.0.0.0:* > LISTEN > tcp 0 0 10.1.1.24 > Previous output: > ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': > tcp 0 0 0.0.0.0:111 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:199 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:20031 0.0.0.0:* > LISTEN > > -- > Kevin Kelly > Director, Network Technology > Whitman College > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
