On 2015-02-10 11:45, Jose Moreno wrote:
Hi Dan,
Thanks very much for the reply.
I'll go on trying to figure out why we need to restart ossec. Hope to
bring soon the findings
Kind regards,
Jose Moreno
I have observed this behavior in the past as well. CDB is supposed to
not require a restart
Hi Dan,
Thanks very much for the reply.
I'll go on trying to figure out why we need to restart ossec. Hope to bring
soon the findings
Kind regards,
Jose Moreno
El martes, 10 de febrero de 2015, 9:36:21 (UTC), Jose Moreno escribió:
>
> Hi,
>
> We are using CDB lists for a number of tasks, they
2015-02-10 18:42 GMT+02:00 shankey :
> HI TEAm ,
>
> Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes,
>
Yes, it can act as fim.
> then help me with the hardware requirement and installation procedure.
>
Err. Maybe you need to hire consult ..
--
Eero
--
---
You received th
HI Team,
There are arrount 500 server which need to be monitor through (Manager
OSSEC server) we would requred all system and application logs for the
audit and complaince.
base on the that can you suggest how should i go ahead.
it would be great if you can share the steps by steps process an
On 10 February 2015 at 11:44, Kevin Wilcox wrote:
> On 10 February 2015 at 11:42, shankey wrote:
>> Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, then help
>> me with the hardware requirement and installation procedure.
Sorry about the blank reply, folks, the "..." and the
On Tue, Feb 10, 2015 at 11:42 AM, shankey wrote:
> HI TEAm ,
>
> Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, then help
> me with the hardware requirement and installation procedure.
>
OSSEC's syscheck functionality provides some file integrity monitoring
capabilities:
http:
On 10 February 2015 at 11:42, shankey wrote:
> HI TEAm ,
>
> Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, then help
> me with the hardware requirement and installation procedure.
>
> Regards
> Shankey
>
> --
>
> ---
> You received this message because you are subscribed to the
HI TEAm ,
Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, then help
me with the hardware requirement and installation procedure.
Regards
Shankey
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this
On Tue, Feb 10, 2015 at 8:43 AM, alex petrov wrote:
> help me please
>
Make sure there are changes between runs? Maybe increase the frequency
(10 is very small)?
I don't really have any ideas of what to look at, and I don't have any
systems to test this on.
> понедельник, 9 февраля 2015 г., 16:
Hi there!
I'm interested about this test too. Anyone maybe profile could fit your
needs ?
http://ossec-docs.readthedocs.org/en/latest/syntax/head_agent_config.html#options
Good read
https://groups.google.com/forum/#!topic/ossec-list/KKdsgYDiiks
https://groups.google.com/forum/#!topic/ossec-list/
help me please
понедельник, 9 февраля 2015 г., 16:53:37 UTC+3 пользователь dan (ddpbsd)
написал:
>
> On Mon, Feb 9, 2015 at 8:13 AM, alex petrov > wrote:
> >
> > 530
> > ossec: output: 'for /f "tokens=3*"
> >
> > new soft install
> >
> >
> >
> >
> > full_command
On Tue, Feb 10, 2015 at 8:06 AM, narendra reddy
wrote:
> yes when I installed the agent on 10.9 series machines, I am able to import
> the key and start the ossec but server ui is not showing them.
>
But do the agents actually connect? You can use tcpdump on the manager
to see the traffic going b
On Tue, Feb 10, 2015 at 8:01 AM, dan (ddp) wrote:
>
> On Feb 10, 2015 7:57 AM, "Daniel Calvo Castro"
> wrote:
>>
>> Hi again
>>
>> These brackets are for emphasis, sorry for not to clarify this, but it
>> clearly looks like it is a regexp issue, I´m going to deal with it now
>> and I´ll post if I
yes when I installed the agent on 10.9 series machines, I am able to import
the key and start the ossec but server ui is not showing them.
On Tuesday, 10 February 2015 17:54:15 UTC+5:30, narendra reddy wrote:
>
>
> Hi Team,
>
> I have configured Ossec-hids-2.7 on one of my AWS instance which has
On Feb 10, 2015 7:57 AM, "Daniel Calvo Castro" <
daniel.ca...@kernelsecurity.es> wrote:
>
> Hi again
>
> These brackets are for emphasis, sorry for not to clarify this, but it
> clearly looks like it is a regexp issue, I´m going to deal with it now
> and I´ll post if I´m able to solve it. May be so
Hi again
These brackets are for emphasis, sorry for not to clarify this, but it
clearly looks like it is a regexp issue, I´m going to deal with it now
and I´ll post if I´m able to solve it. May be some other people are
dealing with this, any help would really appreciated. It is a ticket
opened on
On Tue, Feb 10, 2015 at 7:09 AM, narendra reddy
wrote:
>
> Hi Team,
>
> I have configured Ossec-hids-2.7 on one of my AWS instance which has 10.5
> series ip, I am able to add 25+ agents from 10.5 series and tried adding
> 10.9 series agents however I am unable to see them on gui and not even
> ge
On Mon, Feb 9, 2015 at 4:23 PM, Daniel Calvo Castro
wrote:
> Just today I´ve been experiencing same issues trying to get OSSIM + OSSEC
> working with an asterisk box, I´ve followed this link [1], and trying to
> enumerate users I´m able to correlate and fire mails correctly with OSSIM,
> but UI al
Hi Team,
I have configured Ossec-hids-2.7 on one of my AWS instance which has 10.5
series ip, I am able to add 25+ agents from 10.5 series and tried adding
10.9 series agents however I am unable to see them on gui and not even
getting mails from 10.9 series.
I am able to ping or ssh to 10.9 serie
On Tue, Feb 10, 2015 at 7:00 AM, Ricardo Perre wrote:
> Hello,
>
> Is it possible to define a profile based on "name" filtered by regex?
> In documentation we have:
>
>
>
>
> /var/log/my.log
> syslog
>
>
>
>
>
> /var/log/my.log2
> syslog
>
>
On Mon, Feb 9, 2015 at 3:42 PM, Ricardo Galossi wrote:
> Hi Dan,
> I installed ossec as "local". Yeah, the AR configuration is default. The
> daemon ossec-execd is running normally and the firewall is enable. I made
> testes with both versions of ossec 2.7 and 2.8.1 within the same VPS.
> However,
On Tue, Feb 10, 2015 at 4:36 AM, Jose Moreno wrote:
> Hi,
>
> We are using CDB lists for a number of tasks, they work fine but when a list
> is updated, just running ossec-makelists won't male ossec-analysisd to take
> the new information in account, we need to restart OSSEC..
>
> Is that the expe
On Mon, Feb 9, 2015 at 5:13 PM, Glen Leeder wrote:
> Thanks Dan,
>
> I've changed my rsyslog format to IP addresses instead of hosts and all is
> good.
>
I can't be sure, but it seems like you're confused. The log message:
Feb 9 19:19:53 myhostname gleeder: OSSEC-TESTER-RULE
does not contain a s
On Tue, 10 Feb 2015, Mehul gajjar wrote:
Installed and configured OSSEC 2.8.1 with 4 Agents. work fine. I need to
know how to enabled OSSEC for central logging system. so Agent logs store
on servers.
I have configured logall but no luck.
you have a hammer, so everything looks like a nail.
Os
Hello,
Is it possible to define a profile based on "name" filtered by regex?
In documentation we have:
/var/log/my.log
syslog
/var/log/my.log2
syslog
C:\myapp\my.log
syslog
Can i use something like this?
Hi,
Installed and configured OSSEC 2.8.1 with 4 Agents. work fine. I need to
know how to enabled OSSEC for central logging system. so Agent logs store
on servers.
I have configured logall but no luck.
--
---
You received this message because you are subscribed to the Google Groups
"ossec
Hi,
We are using CDB lists for a number of tasks, they work fine but when a
list is updated, just running ossec-makelists won't male ossec-analysisd to
take the new information in account, we need to restart OSSEC..
Is that the expected behaviour or is there a way to use a CDB list as a
dynami
27 matches
Mail list logo