On Thu, Oct 20, 2016 at 5:19 PM, Adiel Navarro <[email protected]> wrote: > No Dan... > > I have installed opensshd in a Windows and try to connect to Solaris server, > when the ossec agent is installed. > > Anyway, OSSEC have AR scripts for Windows? >
I think so. > > > > -----Mensaje original----- > De: [email protected] [mailto:[email protected]] En > nombre de dan (ddp) > Enviado el: jueves, 20 de octubre de 2016 05:47 a.m. > Para: [email protected] > Asunto: Re: [ossec-list] Active response > > On Wed, Oct 19, 2016 at 5:00 PM, Adiel Navarro > <[email protected]> wrote: >> Its necessary to monitor /var/log/messages to catch the “illegal user” >> message and the AR script begin to run? >> >> >> > > If you're running SSH on Windows, will there even be a /var/log/messages? > We don't have support for SSH on Windows because no one added decoders and > rules for it. > You can do that. Or I can do that. Or anyone else can do that. But it has to > be done if OSSEC is to support it out of the box. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
