Re: [ossec-list] Agent Duplicate Folders Message
Thank you! El jueves, 13 de octubre de 2016, 14:47:25 (UTC-3), dan (ddpbsd) escribió: > > On Thu, Oct 13, 2016 at 1:09 PM, Kernel Panic > wrote: > > Hi > > Does this still apply? > > I have this option enabled: yes along > > with the realtime=yes. > > > > From another post on the list: > >>In the past new files were not alerted in real time. I'm not sure if > >>this has changed. Any of the developers know? > > > > Was there a response to this post? I don't think it's changed, but I'm > sure I miss commits here and there. > > > > > Another question , by reading this > > > http://ossec-docs.readthedocs.io/en/latest/syntax/head_ossec_config.global.html > > > I can see that there are values that can be adjusted, for example host > > information, by default 8, how do I interpret that, there greater the > number > > more verbose? I just made some modification under /etc, created some > file > > That would be the alert level. It does not change verbosity, just the > level of the alert. > > > modified other just to test, but still have no e-mail, I'm only getting > an > > e-mail regarding a service log and nothing else, which is the parameter > to > > tell ossec to send all the issues? > > > > For the new file, you probably need a full syscheck scan for it to be > picked up. > For the modified file, if it's already in the syscheck db, you should > be alerted relatively quickly (if realtime is enabled and currently > running). > > Other than that, OSSEC should send all alerts. > > > Last question: > > 2016/10/13 11:10:35 ossec-syscheckd: INFO: Starting syscheck scan > > (forwarding database). > > 2016/10/13 11:10:35 ossec-syscheckd: INFO: Starting syscheck database > > (pre-scan). > > 2016/10/13 11:10:35 ossec-syscheckd: INFO: Initializing real time file > > monitoring (not started). > > > > Which service is not started? the doc says the package inotify should > be > > installed and I have it inotify-tools-3.13-2.el6.art.x86_64 > > > > That doesn't indicate that a service hasn't started, just that the > realtime feature hasn't started working yet. > There's a delay for realtime to start. > > > Thank you very much!! > > Regards > > > > > > > > > > El jueves, 13 de octubre de 2016, 10:32:16 (UTC-3), dan (ddpbsd) > escribió: > >> > >> On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic > wrote: > >> > > >> > Hi > >> > Let's see, shouldn't I have to configure on each tag to which > directory > >> > I > >> > want to apply it? as in check_all , directories, realtime and which > >> > directories, or are they global parameters? that's why I included > home > >> > and > >> > root on both of them. > >> > > >> > >> > >> Each option applies to the directories configured in it. > >> > >> > >> > > >> > > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin > > >> > > >> > >> This checks all of the hashes, owner, and permissions. > >> > >> > >> > check_all="yes">/root,/home,/etc > >> > > >> > >> This does realtime checks of all of the above, and should produce an > >> error because the "/root," "/home," and "/etc" directories are > >> duplicated. > >> Duplication of directories can cause issues, so it's best not to do > >> it. The way to solve this is not to duplicate these directories in the > >> second configuration by not including them in the first. > >> For example: > >> > >> check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin > >> realtime="yes">/root,/home,/etc > >> > >> Now, if you want to add "report_changes" to /etc, you'll have to > >> remove it from the above configuration. You'll end up with: > >> > >> check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin > >> /root,/home > >> >> report_changes="yes">/etc > >> > >> > > >> > Thank you very much > >> > Best Regerds > >> > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Agent Duplicate Folders Message
On Thu, Oct 13, 2016 at 1:09 PM, Kernel Panic wrote: > Hi > Does this still apply? > I have this option enabled: yes along > with the realtime=yes. > > From another post on the list: >>In the past new files were not alerted in real time. I'm not sure if >>this has changed. Any of the developers know? > Was there a response to this post? I don't think it's changed, but I'm sure I miss commits here and there. > > Another question , by reading this > http://ossec-docs.readthedocs.io/en/latest/syntax/head_ossec_config.global.html > I can see that there are values that can be adjusted, for example host > information, by default 8, how do I interpret that, there greater the number > more verbose? I just made some modification under /etc, created some file That would be the alert level. It does not change verbosity, just the level of the alert. > modified other just to test, but still have no e-mail, I'm only getting an > e-mail regarding a service log and nothing else, which is the parameter to > tell ossec to send all the issues? > For the new file, you probably need a full syscheck scan for it to be picked up. For the modified file, if it's already in the syscheck db, you should be alerted relatively quickly (if realtime is enabled and currently running). Other than that, OSSEC should send all alerts. > Last question: > 2016/10/13 11:10:35 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > 2016/10/13 11:10:35 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > 2016/10/13 11:10:35 ossec-syscheckd: INFO: Initializing real time file > monitoring (not started). > > Which service is not started? the doc says the package inotify should be > installed and I have it inotify-tools-3.13-2.el6.art.x86_64 > That doesn't indicate that a service hasn't started, just that the realtime feature hasn't started working yet. There's a delay for realtime to start. > Thank you very much!! > Regards > > > > > El jueves, 13 de octubre de 2016, 10:32:16 (UTC-3), dan (ddpbsd) escribió: >> >> On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic wrote: >> > >> > Hi >> > Let's see, shouldn't I have to configure on each tag to which directory >> > I >> > want to apply it? as in check_all , directories, realtime and which >> > directories, or are they global parameters? that's why I included home >> > and >> > root on both of them. >> > >> >> >> Each option applies to the directories configured in it. >> >> > > > >> > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin >> > >> >> This checks all of the hashes, owner, and permissions. >> >> > > > check_all="yes">/root,/home,/etc >> > >> >> This does realtime checks of all of the above, and should produce an >> error because the "/root," "/home," and "/etc" directories are >> duplicated. >> Duplication of directories can cause issues, so it's best not to do >> it. The way to solve this is not to duplicate these directories in the >> second configuration by not including them in the first. >> For example: >> >> /bin,/sbin,/usr/bin,/usr/sbin >> /root,/home,/etc >> >> Now, if you want to add "report_changes" to /etc, you'll have to >> remove it from the above configuration. You'll end up with: >> >> /bin,/sbin,/usr/bin,/usr/sbin >> /root,/home >> > report_changes="yes">/etc >> >> > >> > Thank you very much >> > Best Regerds >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Agent Duplicate Folders Message
Hi Does this still apply? I have this option enabled: yes along with the realtime=yes. >From another post on the list: >In the past new files were not alerted in real time. I'm not sure if >this has changed. Any of the developers know? Another question , by reading this http://ossec-docs.readthedocs.io/en/latest/syntax/head_ossec_config.global.html I can see that there are values that can be adjusted, for example host information, by default 8, how do I interpret that, there greater the number more verbose? I just made some modification under /etc, created some file modified other just to test, but still have no e-mail, I'm only getting an e-mail regarding a service log and nothing else, which is the parameter to tell ossec to send all the issues? Last question: 2016/10/13 11:10:35 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2016/10/13 11:10:35 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2016/10/13 11:10:35 ossec-syscheckd: INFO: Initializing real time file monitoring (not started). Which service is not started? the doc says the package inotify should be installed and I have it inotify-tools-3.13-2.el6.art.x86_64 Thank you very much!! Regards El jueves, 13 de octubre de 2016, 10:32:16 (UTC-3), dan (ddpbsd) escribió: > > On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic > wrote: > > > > Hi > > Let's see, shouldn't I have to configure on each tag to which directory > I > > want to apply it? as in check_all , directories, realtime and which > > directories, or are they global parameters? that's why I included home > and > > root on both of them. > > > > > Each option applies to the directories configured in it. > > > > > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin > > > > > This checks all of the hashes, owner, and permissions. > > > check_all="yes">/root,/home,/etc > > > > This does realtime checks of all of the above, and should produce an > error because the "/root," "/home," and "/etc" directories are > duplicated. > Duplication of directories can cause issues, so it's best not to do > it. The way to solve this is not to duplicate these directories in the > second configuration by not including them in the first. > For example: > > /bin,/sbin,/usr/bin,/usr/sbin > /root,/home,/etc > > Now, if you want to add "report_changes" to /etc, you'll have to > remove it from the above configuration. You'll end up with: > > /bin,/sbin,/usr/bin,/usr/sbin > /root,/home > report_changes="yes">/etc > > > > > Thank you very much > > Best Regerds > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Agent Duplicate Folders Message
Thank you very much for your clarification, now it's much more clear to me!!! Regards El jueves, 13 de octubre de 2016, 10:32:16 (UTC-3), dan (ddpbsd) escribió: > > On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic > wrote: > > > > Hi > > Let's see, shouldn't I have to configure on each tag to which directory > I > > want to apply it? as in check_all , directories, realtime and which > > directories, or are they global parameters? that's why I included home > and > > root on both of them. > > > > > Each option applies to the directories configured in it. > > > > > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin > > > > > This checks all of the hashes, owner, and permissions. > > > check_all="yes">/root,/home,/etc > > > > This does realtime checks of all of the above, and should produce an > error because the "/root," "/home," and "/etc" directories are > duplicated. > Duplication of directories can cause issues, so it's best not to do > it. The way to solve this is not to duplicate these directories in the > second configuration by not including them in the first. > For example: > > /bin,/sbin,/usr/bin,/usr/sbin > /root,/home,/etc > > Now, if you want to add "report_changes" to /etc, you'll have to > remove it from the above configuration. You'll end up with: > > /bin,/sbin,/usr/bin,/usr/sbin > /root,/home > report_changes="yes">/etc > > > > > Thank you very much > > Best Regerds > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Agent Duplicate Folders Message
On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic wrote: > > Hi > Let's see, shouldn't I have to configure on each tag to which directory I > want to apply it? as in check_all , directories, realtime and which > directories, or are they global parameters? that's why I included home and > root on both of them. > Each option applies to the directories configured in it. > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin > This checks all of the hashes, owner, and permissions. > /root,/home,/etc > This does realtime checks of all of the above, and should produce an error because the "/root," "/home," and "/etc" directories are duplicated. Duplication of directories can cause issues, so it's best not to do it. The way to solve this is not to duplicate these directories in the second configuration by not including them in the first. For example: /bin,/sbin,/usr/bin,/usr/sbin /root,/home,/etc Now, if you want to add "report_changes" to /etc, you'll have to remove it from the above configuration. You'll end up with: /bin,/sbin,/usr/bin,/usr/sbin /root,/home /etc > > Thank you very much > Best Regerds > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Agent Duplicate Folders Message
Hi Let's see, shouldn't I have to configure on each tag to which directory I want to apply it? as in check_all , directories, realtime and which directories, or are they global parameters? that's why I included home and root on both of them. /root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin /root,/home,/etc Thank you very much Best Regerds El miércoles, 12 de octubre de 2016, 20:19:08 (UTC-3), dan (ddpbsd) escribió: > > On Oct 12, 2016 4:49 PM, "Kernel Panic" > > wrote: > > > > Hi there guys, > > > > When starting the agent I've get this info: > > > > Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using > notify time: 600 and max time to reconnect: 1800 > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/root'. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/etc'. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/bin'. > > > > 2016/10/12 15:43:11 ossec-syscheckd: INFO: Monitoring directory: ''. > > > > This is what I configured: > > > > > > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin > > check_all="yes">/root,/home,/etc > > You have "/root" in both of the above entries. > > > > > > > Why do you have all of these empty entries? They're not checking anything, > I'm actually a little surprised they didn't cause more problems. > > > > > > > > > > > > > Where is that data duplicated? I noticed that under the shared directory > there is an agent.conf which contains > > > > > > /etc,/usr/bin,/usr/sbin > > /bin,/sbin > > > > Is that configuration file taken into account? If I remove it it's > created once again. > > > > Yes, that file also provides configuration. It's provided by the OSSEC > server. > > > Thank you for your time and support > > Regards > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Agent Duplicate Folders Message
Hi Is this much better now? is realtime a global option ( realtime to all ) or do I have to tell on which directories I want the realtime monitoring? /root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin /root,/home,/etc /root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin Thank you very much for your patience. Regards El miércoles, 12 de octubre de 2016, 20:19:08 (UTC-3), dan (ddpbsd) escribió: > > On Oct 12, 2016 4:49 PM, "Kernel Panic" > > wrote: > > > > Hi there guys, > > > > When starting the agent I've get this info: > > > > Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using > notify time: 600 and max time to reconnect: 1800 > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/root'. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/etc'. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/bin'. > > > > 2016/10/12 15:43:11 ossec-syscheckd: INFO: Monitoring directory: ''. > > > > This is what I configured: > > > > > > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin > > check_all="yes">/root,/home,/etc > > You have "/root" in both of the above entries. > > > > > > > Why do you have all of these empty entries? They're not checking anything, > I'm actually a little surprised they didn't cause more problems. > > > > > > > > > > > > > Where is that data duplicated? I noticed that under the shared directory > there is an agent.conf which contains > > > > > > /etc,/usr/bin,/usr/sbin > > /bin,/sbin > > > > Is that configuration file taken into account? If I remove it it's > created once again. > > > > Yes, that file also provides configuration. It's provided by the OSSEC > server. > > > Thank you for your time and support > > Regards > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Agent Duplicate Folders Message
I'm confused check_all=yes is equal to saying yes to check_sum check_size check_owner check_group check_perm BUT for report_changes? do I have to configure report_changes individually? Thanks Regards El miércoles, 12 de octubre de 2016, 20:19:08 (UTC-3), dan (ddpbsd) escribió: > > On Oct 12, 2016 4:49 PM, "Kernel Panic" > > wrote: > > > > Hi there guys, > > > > When starting the agent I've get this info: > > > > Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using > notify time: 600 and max time to reconnect: 1800 > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/root'. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/etc'. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/bin'. > > > > 2016/10/12 15:43:11 ossec-syscheckd: INFO: Monitoring directory: ''. > > > > This is what I configured: > > > > > > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin > > check_all="yes">/root,/home,/etc > > You have "/root" in both of the above entries. > > > > > > > Why do you have all of these empty entries? They're not checking anything, > I'm actually a little surprised they didn't cause more problems. > > > > > > > > > > > > > Where is that data duplicated? I noticed that under the shared directory > there is an agent.conf which contains > > > > > > /etc,/usr/bin,/usr/sbin > > /bin,/sbin > > > > Is that configuration file taken into account? If I remove it it's > created once again. > > > > Yes, that file also provides configuration. It's provided by the OSSEC > server. > > > Thank you for your time and support > > Regards > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Agent Duplicate Folders Message
Hi Ok, so , are those global variables ? I thought I had to specify for every tag to which directory I wan it to apply that configuration, that's why I included root and home on both, realtime and check_all. /root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin /root,/home,/etc So, do I have to include the directories right? make sense, my bad. Thank you very much Best Regards El miércoles, 12 de octubre de 2016, 20:19:08 (UTC-3), dan (ddpbsd) escribió: > > On Oct 12, 2016 4:49 PM, "Kernel Panic" > > wrote: > > > > Hi there guys, > > > > When starting the agent I've get this info: > > > > Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using > notify time: 600 and max time to reconnect: 1800 > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/root'. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: ''. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/etc'. > > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory > given: '/bin'. > > > > 2016/10/12 15:43:11 ossec-syscheckd: INFO: Monitoring directory: ''. > > > > This is what I configured: > > > > > > check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin > > check_all="yes">/root,/home,/etc > > You have "/root" in both of the above entries. > > > > > > > Why do you have all of these empty entries? They're not checking anything, > I'm actually a little surprised they didn't cause more problems. > > > > > > > > > > > > > Where is that data duplicated? I noticed that under the shared directory > there is an agent.conf which contains > > > > > > /etc,/usr/bin,/usr/sbin > > /bin,/sbin > > > > Is that configuration file taken into account? If I remove it it's > created once again. > > > > Yes, that file also provides configuration. It's provided by the OSSEC > server. > > > Thank you for your time and support > > Regards > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.