Which block do I must add these config. to: ,
or anything else?
Starting OSSEC: 2012/03/22 11:49:29 ossec-config(1230): ERROR: Invalid
element in the configuration: 'rootkit'.
2012/03/22 11:49:29 ossec-config(1202): ERROR: Configuration error at
'/var/ossec/etc/ossec.conf'. Exiting.
2012/03/22 11
Thanks again for the help and reply Dan.
Just for fun, I disabled the firewall, and it started working. I ended up
removing the exception, applying changes, and then recreating it and
applying changes. After that, it ended up working.
Sorry for the false alarm, and thanks!
- Mike Scott
On Wed,
We have had a very successful deployment of OSSEC so I got really gung-
ho and decided to add the final handful of servers and generate keys
for them. I generated keys for about 60 extra servers consecutively.
Since that happened and I restarted the OSSEC processes, ossec-remoted
is dying. In my
I can't think of anything else off hand. Of course check the ossec.log
to see if there's anything in there.
* The Sonicwall's IP is in the allowed list
* The OSSEC server is configured to accept syslog messages (and the
processes restarted)
* ossec-remoted is listening to the correct port (514/udp
Thanks for the reply Dan!
I turned on the logall option, and I don't see any messages from the
sonicwall in the /ossec/logs/archives/archives.log file. Looking at
netstat, I see that ossec-remoted is listening on port 514.
A firewall doesn't appear to be blocking the packets because if I run
tcpd
Hello Daniel and all,
I am using OSSEC 2.5.1 on different Linux environments for the past year
and half with OpenSIPs and Asterisk applications to ban SIP brute-forcing
attackers and of course it is doing its job very well. Thank you to all
people involved with the development of this software.
Thanks! That worked. Hopefully they can get the compiler issue fixed
in the next release.
On Mar 20, 10:50 pm, Roa Jose wrote:
> check the fix
>
> http://pastebin.com/Pg3pDtr0
> i had the same problem.
>
>
>
>
>
>
>
> On Tue, Mar 20, 2012 at 4:29 PM, albs440 wrote:
> > Hi,
>
> >> Has a fix or wo
I generally use the development code.
On Mon, Mar 19, 2012 at 8:07 PM, Phil Cox wrote:
> All,
>
> Which source do most use:
>
> http://www.ossec.net
> OR
> https://bitbucket.org/dcid/ossec-hids
>
> Or is the latter just a mirror?
>
> Thanks,
>
> Phil
2012/3/20 Félix Barbeira :
> I have a ossec server with several agents. I forward the alerts over
> level 7 to a logstash instance listening on the port 1515 in another
> server:
>
>
> x.x.x.x
> 7
> 1515
>
>
>
> In this server I filter the alert with a logstash instance and forward
> it vi
On Tue, Mar 20, 2012 at 5:44 PM, Michael Scott
wrote:
> Greetings!
>
> I'm having some difficulty trying to set up a Sonicwall to be monitored by
> OSSEC. Here's what I've done so far:
> 1. Set the Sonicwall to send syslog messages to the OSSEC server on port
> 514.
> 2. Confirmed with tcpdump tha
It's been considered. Playing with tcp is on at least one TODO list.
On Tue, Mar 20, 2012 at 9:52 PM, Jeroen C. van Gelderen
wrote:
> Hi,
>
> I was wondering if TCP transport (or UDP with ACKs and buffering) has been
> considered instead of the current UDP-based communication between agents and
>
On Wed, Mar 21, 2012 at 7:01 AM, jagruti sangani wrote:
> NOw i can got the mail alerts at every 2 seconds and other intervals
> also.but when i run on agent side then i will see the error like ERROR: No
> valid server IP found.
> 2012/03/21 15:47:25 ossec-agentd(1215): ERROR: No client configured
NOw i can got the mail alerts at every 2 seconds and other intervals
also.but when i run on agent side then i will see the error like ERROR: No
valid server IP found.
2012/03/21 15:47:25 ossec-agentd(1215): ERROR: No client configured.
Exiting.
Its shown me in osse4c.log file.Do you know what is th
On Mar 21, 2012 6:43 AM, "jagruti sangani" wrote:
>
> hello all
> I have installed the ossec as per steps given in the document.But now i
got the error in ossec.log like ossec-maild(1223): ERROR: Error Sending
email to 192.168.1.23 (smtp server).I have given my email_to as
jagruti.sang...@inextrix
hello all
I have installed the ossec as per steps given in the document.But now i got
the error in ossec.log like* ossec-maild(1223): ERROR: Error Sending email
to 192.168.1.23 (smtp server)*.I have given my email_to as
jagruti.sang...@inextrix.com and email_from is on of the gmail support.and
hello,i have written in ossec.conf like
yes
jagruti.sang...@inextrix.com
192.168.1.23
gmail-smtp-in.l.google.com
Is it correct or not?
On Wednesday, 7 March 2012 19:47:33 UTC+5:30, Daniel Cid wrote:
>
> To send the emails to a gmail address you have to use one of the MX
> hos
when i start the ossec then i will not get the mail.so what can i do and
also suggest me about smtp-server ip address is what i will wirght?i have
written at this time is my pc ipaddress like 192.168.1.23.but the error in
ossec.log display is as ossec-maild(1223): ERROR: Error Sending email to
17 matches
Mail list logo