[ossec-list] Re: Cannot get Syslog from Cisco Devices

Help me to configure my router with ossec manager On Wednesday, March 25, 2015 at 3:17:17 AM UTC+7, Nhen Panha wrote: Hello sir! Today, I would like to ask you the problem between configuration Ossec and Cisco devices. In cisco router and switch I config: logging on logging host

[ossec-list] send eventlog to ossec

Hello everybody, I try to configure OSSEC Agent on machine with Windows 2012 in order to sending some events to OSSEC server (2.8.1). In the ossec_config section in the agent is: localfile locationSecurity/location log_formateventlog/log_format /localfile I want to send events with

Re: [ossec-list] Re: Cannot get Syslog from Cisco Devices

2015-03-24 23:31 GMT+02:00 Nhen Panha panhan...@gmail.com: Help me to configure my router with ossec manager Do you really understand how cisco logging works? logging trap XXX sets the log level of cisco to syslog.

[ossec-list] Re: Trying to create a application whitelist for Windows

Nevermind - I am going to try this.. and adapt it for Windows Audit process logs. http://blog.rootshell.be/2014/02/10/tracking-processesmalwares-using-ossec/ On Tuesday, March 24, 2015 at 10:55:47 AM UTC-7, Brent Morris wrote: I'd like to create an application white list from Windows audit

[ossec-list] sending eventlogs to ossec

Hello everybody, I try to configure OSSEC Agent on machine with Windows 2012 in order to sending some events to OSSEC server (2.8.1). In the ossec_config section in the agent is: localfile locationSecurity/location log_formateventlog/log_format /localfile I want to send events with

Re: [ossec-list] Cannot get Syslog from Cisco Devices

Try following settings on cisco (asa) logging enable logging trap notifications -- Eero 2015-03-24 22:09 GMT+02:00 Nhen Panha panhan...@gmail.com: Hello sir! Today, I would like to ask you the problem between configuration Ossec and Cisco devices. In cisco router and switch I config:

[ossec-list] eventlogs to ossec

Hello everybody, I try to configure OSSEC Agent on machine with Windows 2012 in order to sending some events to OSSEC server (2.8.1). In the ossec_config section in the agent is: localfile locationSecurity/location log_formateventlog/log_format /localfile I want to send events with

[ossec-list] Re: Cannot get Syslog from Cisco Devices

I use Cisco router On Wednesday, March 25, 2015 at 3:17:17 AM UTC+7, Nhen Panha wrote: Hello sir! Today, I would like to ask you the problem between configuration Ossec and Cisco devices. In cisco router and switch I config: logging on logging host IP_OF_MY_OSSEC_SERVER logging trap

[ossec-list] Cannot get Syslog from Cisco Devices

Hello sir! Today, I would like to ask you the problem between configuration Ossec and Cisco devices. In cisco router and switch I config: logging on logging host IP_OF_MY_OSSEC_SERVER logging trap alerts logging facility local7 In the Ossec manager: in the file ossec.conf, I add

[ossec-list] event log

*eventchannel* -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit

[ossec-list] Trying to create a application whitelist for Windows

I'd like to create an application white list from Windows audit logs. I have some systems that are fairly static in nature. They only do one thing, and I want to be alerted when they deviate from this behavior. An example use case could be a Windows Embedded POS (no cheeky acronym intended).