i am attempting to purge and start from scratch with my ossec install.
i have uninstalled previously using apt:
sudo apt remove --purge ossec-hids-server
i have then removed all files and users associated with ossec:
sudo rm -f /etc/init.d/ossec /etc/rc0.d/K20ossec /etc/rc1.d/K20ossec
/etc/rc2
This was a little unclear to me after reading the documenation and
searching around...pardon if it's been asked and answered, I simply have
not found it.
We have a single server we want to send syslog output to, however, we also
want to have different levels for some alerts. Would it be as si
Hi!
We are trying to configure more effective notifications for OSSEC for our
needs. However, something weird is happening. An hourly report of ALL
alerts is being sent to one adress in our config. Here's the email
configuration of our ossec.conf file:
yes
noreply@localhost
smtpse
Not sure if the issue was solved, but we had a similar problem, where the
issue was with our access lists. The udp logs would be sent to the OSSEC
server but no udp packets could be sent back to the client, so no reaction
was sent. Is a response packet sent by OSSEC?
Hope that helps!
Le lundi
Hi Ricardo,
in this case it's probable that the Windows agent is dropping UDP packages
from the manager due to overflow. The default UDP buffer size in Linux
is 212992 (208 KiB) but I think that in Windows it is only 8 KiB. OSSEC
resizes the buffer to 6 KiB (the maximum message length) when the de
Hello,
I am trying to restart all agents and start syscheck and rootcheck but I
can not achieve it with commands below.I use centralized agent.conf at
manager and whenever I change agent.conf file I should restart all agents
to take new agent.conf.
I have 14 agents and restarting all one bye one