Hi Tyoma,
Take a look at the granular alerting options:
http://www.ossec.net/wiki/Know_How:GranularEmail
That should do what you want.
thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Wed, Apr 7, 2010 at 12:28 PM, Tyoma Khmelnitsky
wrote:
> Hello,
>
> I currently need to have ossec send the
Hey,
You can tar/untar from another box because the user/init scripts will
be missing.
The best way is to compile on another box and create a binary install:
http://www.ossec.net/wiki/Know_How:BinaryInstall
That way you still run the install.sh to create users, set permissions for you
but it wil
Hey,
A few things:
-You have x.x.x.x/24 specified, but there is no srcip
in the logs. If you want to match
on the agent ips, use instead.
-On your first rule, change windows for
18102
So your first rule would look like:
18102
agent1|agent2
MetaFrame
Ignore events
Hi Anne,
It seems that the installer failed to run:
./register_rule.sh build
./register_rule.sh: line 131: compiled_rules.h: Input/output error
Which is inside src/analysisd.
Can you try running that manually to see why it is generating this error? What
distribution are you using?
thanks,
--
Hi all, I need a little bit help from you guys!
I have a major problem installing and running Ossec on VmWare Esx
server 4.0 supervisor host. When i try to run ./install sh its shows
the error message that the Esx linux does not have any c compiler
installed. VmWare does not have yum or any other
Hi Daniel,
That was the solution. Now I don`t receive no alerts when they log on to
each, BUT when I log in from another host using beauser I DO receive the
alert.
Thank you.
Özgür Özdemircili
http://www.acikkod.org
Code so clean you could eat off it
On Tue, Apr 6, 2010 at 8:21 PM, Daniel Cid
Damn! I found the problem. I had two data-inputs created to receive syslog
messages from the OSSEC server!
Removed one and it works perfectly now!
BTW, I'm now investigating something else: All events collected by OSSEC are
coming from 'localhost' (1 source).
Is there a way to extract the original
Hello,
I currently need to have ossec send the alert forward to a specific
email for a specific event out of the Syslog. In the ossec.conf I added
an clause with the email and the severity level, but there it
seems like there is no type of a clause to put there so it
matches just a specific
Hi All,
I hope you all can help me clear this up a bit.
I would like to monitor my citrix farm for certain events (licensing
errors mostly).
So I made a citrix_rules.xml:
windows
x.x.x.x/24
Ignore events from citrix servers
100100
9015
Citrix Gr
I tried to run the 2.4 upgrade on my server, and got the following
errors:
---
starting the upgrade:
- You already have OSSEC installed. Do you want to update it? (y/n):
y
- Do you want to update the rules? (y/n): y
2- Setting up the installation environment.
- Installation will be made a
Thanks everyone, I've got it up and running now and successfully
reporting.
The header package (SUNWhea) was the biggest issue I think. Once I
added that it was all OK, but I did have all the packages listed below
installed too - except for SUNWsprot.
On Mar 30, 8:30 am, "Denis Wijnen" wrote:
11 matches
Mail list logo