i found it useful to run a nessus-scan (web-app profile) against one of my
servers. If you reveive alerts by ossec then the log is really monitored.
Regards, T.
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group
Ok, it seems i can answer this now.
After digging through the ossec-source it was confirmed, that
ossec-logtest uses the current time as alert-time. This is absolutely
correct.
Having the sourcecode (thank ossec-devs), i had the chance to modify
ossec-logtest to fetch the date/time from the
Hi,
I ran the csyslogd through valgrind and and found that the problem is that
fstat64 requires stat64 struct but calloc on csyslogd.c:48 is allocating
stat. fstat64 is corrupting the heap.
==13788== Syscall param fstat64(buf) points to unaddressable byte(s)
==13788==at 0x2545D3:
Sethu,
Good catch!
I tried your debug code and found that on 64-bit CentOS, the sizes are the
same so the issue did not appear during earlier tests.
sizeof(struct stat) is 144
sizeof(struct stat64) is 144
However, on 32-bit Ubuntu, the sizes are different. It would explain the
resulting
while running ossec server in debug 2
2013/05/23 19:11:58 ossec-remoted: INFO: Started (pid: 8938).
2013/05/23 19:11:58 ossec-remoted: Error accessing file
'/etc/shared/ar.conf'
2013/05/23 19:11:58 ossec-remoted(4111): INFO: Maximum number of agents
allowed: '256'.
2013/05/23 19:11:58
i think i fixed it.
on ossec hids server the owner was root. changed it to ossec and
worked
On Wednesday, May 22, 2013 12:10:17 PM UTC-8, cristian wrote:
HI ,
I have a problem with active response on ossec hids 2.7 stable release
[root@ossec1 etc]#
MSSQL helpfully logs useful information to the Application event log in
Windows, so in a way, OSSEC already supports MSSQL. You can customize
various out-of-the-box OSSEC rules to generate email alerts on things such
as logon failures, backup success/failure, or job failures (for jobs to
write to
