Re: [ossec-list] Re: Do CDB lists require ossec to be restarted?

2015-02-10 Thread Michael Starks
On 2015-02-10 11:45, Jose Moreno wrote: Hi Dan, Thanks very much for the reply. I'll go on trying to figure out why we need to restart ossec. Hope to bring soon the findings Kind regards, Jose Moreno I have observed this behavior in the past as well. CDB is supposed to not require a restart

[ossec-list] Re: Do CDB lists require ossec to be restarted?

2015-02-10 Thread Jose Moreno
Hi Dan, Thanks very much for the reply. I'll go on trying to figure out why we need to restart ossec. Hope to bring soon the findings Kind regards, Jose Moreno El martes, 10 de febrero de 2015, 9:36:21 (UTC), Jose Moreno escribió: > > Hi, > > We are using CDB lists for a number of tasks, they

Re: [ossec-list] Can use OSSEC for FIM solution ,

2015-02-10 Thread Eero Volotinen
2015-02-10 18:42 GMT+02:00 shankey : > HI TEAm , > > Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, > Yes, it can act as fim. > then help me with the hardware requirement and installation procedure. > Err. Maybe you need to hire consult .. -- Eero -- --- You received th

Re: [ossec-list] Can use OSSEC for FIM solution ,

2015-02-10 Thread shankey
HI Team, There are arrount 500 server which need to be monitor through (Manager OSSEC server) we would requred all system and application logs for the audit and complaince. base on the that can you suggest how should i go ahead. it would be great if you can share the steps by steps process an

Re: [ossec-list] Can use OSSEC for FIM solution ,

2015-02-10 Thread Kevin Wilcox
On 10 February 2015 at 11:44, Kevin Wilcox wrote: > On 10 February 2015 at 11:42, shankey wrote: >> Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, then help >> me with the hardware requirement and installation procedure. Sorry about the blank reply, folks, the "..." and the

Re: [ossec-list] Can use OSSEC for FIM solution ,

2015-02-10 Thread dan (ddp)
On Tue, Feb 10, 2015 at 11:42 AM, shankey wrote: > HI TEAm , > > Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, then help > me with the hardware requirement and installation procedure. > OSSEC's syscheck functionality provides some file integrity monitoring capabilities: http:

Re: [ossec-list] Can use OSSEC for FIM solution ,

2015-02-10 Thread Kevin Wilcox
On 10 February 2015 at 11:42, shankey wrote: > HI TEAm , > > Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, then help > me with the hardware requirement and installation procedure. > > Regards > Shankey > > -- > > --- > You received this message because you are subscribed to the

[ossec-list] Can use OSSEC for FIM solution ,

2015-02-10 Thread shankey
HI TEAm , Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, then help me with the hardware requirement and installation procedure. Regards Shankey -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this

Re: [ossec-list] check_diff

2015-02-10 Thread dan (ddp)
On Tue, Feb 10, 2015 at 8:43 AM, alex petrov wrote: > help me please > Make sure there are changes between runs? Maybe increase the frequency (10 is very small)? I don't really have any ideas of what to look at, and I don't have any systems to test this on. > понедельник, 9 февраля 2015 г., 16:

Re: [ossec-list] OSSEC profile by regex

2015-02-10 Thread Rodrigo Montoro(Sp0oKeR)
Hi there! I'm interested about this test too. Anyone maybe profile could fit your needs ? http://ossec-docs.readthedocs.org/en/latest/syntax/head_agent_config.html#options Good read https://groups.google.com/forum/#!topic/ossec-list/KKdsgYDiiks https://groups.google.com/forum/#!topic/ossec-list/

Re: [ossec-list] check_diff

2015-02-10 Thread alex petrov
help me please понедельник, 9 февраля 2015 г., 16:53:37 UTC+3 пользователь dan (ddpbsd) написал: > > On Mon, Feb 9, 2015 at 8:13 AM, alex petrov > wrote: > > > > 530 > > ossec: output: 'for /f "tokens=3*" > > > > new soft install > > > > > > > > > > full_command

Re: [ossec-list] Re: Unable to add agents from different netblocks

2015-02-10 Thread dan (ddp)
On Tue, Feb 10, 2015 at 8:06 AM, narendra reddy wrote: > yes when I installed the agent on 10.9 series machines, I am able to import > the key and start the ossec but server ui is not showing them. > But do the agents actually connect? You can use tcpdump on the manager to see the traffic going b

Re: [ossec-list] Asterisk rules for Ubuntu

2015-02-10 Thread dan (ddp)
On Tue, Feb 10, 2015 at 8:01 AM, dan (ddp) wrote: > > On Feb 10, 2015 7:57 AM, "Daniel Calvo Castro" > wrote: >> >> Hi again >> >> These brackets are for emphasis, sorry for not to clarify this, but it >> clearly looks like it is a regexp issue, I´m going to deal with it now >> and I´ll post if I

[ossec-list] Re: Unable to add agents from different netblocks

2015-02-10 Thread narendra reddy
yes when I installed the agent on 10.9 series machines, I am able to import the key and start the ossec but server ui is not showing them. On Tuesday, 10 February 2015 17:54:15 UTC+5:30, narendra reddy wrote: > > > Hi Team, > > I have configured Ossec-hids-2.7 on one of my AWS instance which has

Re: [ossec-list] Asterisk rules for Ubuntu

2015-02-10 Thread dan (ddp)
On Feb 10, 2015 7:57 AM, "Daniel Calvo Castro" < daniel.ca...@kernelsecurity.es> wrote: > > Hi again > > These brackets are for emphasis, sorry for not to clarify this, but it > clearly looks like it is a regexp issue, I´m going to deal with it now > and I´ll post if I´m able to solve it. May be so

Re: [ossec-list] Asterisk rules for Ubuntu

2015-02-10 Thread Daniel Calvo Castro
Hi again These brackets are for emphasis, sorry for not to clarify this, but it clearly looks like it is a regexp issue, I´m going to deal with it now and I´ll post if I´m able to solve it. May be some other people are dealing with this, any help would really appreciated. It is a ticket opened on

Re: [ossec-list] Fwd: Unable to add agents from different netblocks

2015-02-10 Thread dan (ddp)
On Tue, Feb 10, 2015 at 7:09 AM, narendra reddy wrote: > > Hi Team, > > I have configured Ossec-hids-2.7 on one of my AWS instance which has 10.5 > series ip, I am able to add 25+ agents from 10.5 series and tried adding > 10.9 series agents however I am unable to see them on gui and not even > ge

Re: [ossec-list] Asterisk rules for Ubuntu

2015-02-10 Thread dan (ddp)
On Mon, Feb 9, 2015 at 4:23 PM, Daniel Calvo Castro wrote: > Just today I´ve been experiencing same issues trying to get OSSIM + OSSEC > working with an asterisk box, I´ve followed this link [1], and trying to > enumerate users I´m able to correlate and fire mails correctly with OSSIM, > but UI al

[ossec-list] Fwd: Unable to add agents from different netblocks

2015-02-10 Thread narendra reddy
Hi Team, I have configured Ossec-hids-2.7 on one of my AWS instance which has 10.5 series ip, I am able to add 25+ agents from 10.5 series and tried adding 10.9 series agents however I am unable to see them on gui and not even getting mails from 10.9 series. I am able to ping or ssh to 10.9 serie

Re: [ossec-list] OSSEC profile by regex

2015-02-10 Thread dan (ddp)
On Tue, Feb 10, 2015 at 7:00 AM, Ricardo Perre wrote: > Hello, > > Is it possible to define a profile based on "name" filtered by regex? > In documentation we have: > > > > > /var/log/my.log > syslog > > > > > > /var/log/my.log2 > syslog > >

Re: [ossec-list] Ossec's active response doesn't work

2015-02-10 Thread dan (ddp)
On Mon, Feb 9, 2015 at 3:42 PM, Ricardo Galossi wrote: > Hi Dan, > I installed ossec as "local". Yeah, the AR configuration is default. The > daemon ossec-execd is running normally and the firewall is enable. I made > testes with both versions of ossec 2.7 and 2.8.1 within the same VPS. > However,

Re: [ossec-list] Do CDB lists require ossec to be restarted?

2015-02-10 Thread dan (ddp)
On Tue, Feb 10, 2015 at 4:36 AM, Jose Moreno wrote: > Hi, > > We are using CDB lists for a number of tasks, they work fine but when a list > is updated, just running ossec-makelists won't male ossec-analysisd to take > the new information in account, we need to restart OSSEC.. > > Is that the expe

Re: [ossec-list] Active response srcip changes whether response is executed

2015-02-10 Thread dan (ddp)
On Mon, Feb 9, 2015 at 5:13 PM, Glen Leeder wrote: > Thanks Dan, > > I've changed my rsyslog format to IP addresses instead of hosts and all is > good. > I can't be sure, but it seems like you're confused. The log message: Feb 9 19:19:53 myhostname gleeder: OSSEC-TESTER-RULE does not contain a s

Re: [ossec-list] Centralize Logging

2015-02-10 Thread David Lang
On Tue, 10 Feb 2015, Mehul gajjar wrote: Installed and configured OSSEC 2.8.1 with 4 Agents. work fine. I need to know how to enabled OSSEC for central logging system. so Agent logs store on servers. I have configured logall but no luck. you have a hammer, so everything looks like a nail. Os

[ossec-list] OSSEC profile by regex

2015-02-10 Thread Ricardo Perre
Hello, Is it possible to define a profile based on "name" filtered by regex? In documentation we have: /var/log/my.log syslog /var/log/my.log2 syslog C:\myapp\my.log syslog Can i use something like this?

[ossec-list] Centralize Logging

2015-02-10 Thread Mehul gajjar
Hi, Installed and configured OSSEC 2.8.1 with 4 Agents. work fine. I need to know how to enabled OSSEC for central logging system. so Agent logs store on servers. I have configured logall but no luck. -- --- You received this message because you are subscribed to the Google Groups "ossec

[ossec-list] Do CDB lists require ossec to be restarted?

2015-02-10 Thread Jose Moreno
Hi, We are using CDB lists for a number of tasks, they work fine but when a list is updated, just running ossec-makelists won't male ossec-analysisd to take the new information in account, we need to restart OSSEC.. Is that the expected behaviour or is there a way to use a CDB list as a dynami