Yeah, that is what I figured.
Thanks!
Mike
On Friday, August 7, 2015 at 11:40:21 AM UTC-4, Ed C wrote:
you can run this command - cmd.exe /c rmdir /S /Q
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSSEC
On Thursday, August 6, 2015 at 7:32:48 AM UTC-7, Michael Bower wrote:
On Mon, Aug 10, 2015 at 8:50 AM, Harish P hpnair...@gmail.com wrote:
Hi Team
Is there any configuration possible to specify the source port on agent
side. Now OSSEC agent uses random high port number to connect to 1514 .
Can i set the port whcih agent should be used to connect server
I
On Fri, Aug 7, 2015 at 11:30 AM, Ed C ed.sj.95...@gmail.com wrote:
I'm seeing an issue on Windows and Mac clients where the client is unable to
send logs after the network adapter changes. If I'm on wireless and then
connect to VPN the client logs say the agent is unable to communicate with
On Mon, Aug 10, 2015 at 8:48 AM, Harish P hpnair...@gmail.com wrote:
Hi Team
I have one server in DMZ whcih connect to a OSSEC master server in private
network. FW ports are opened and no restriction to port 1514
As per the Agent logs it is showing that the agent is connected to OSSEC
On Sun, Aug 9, 2015 at 12:29 PM, theresa mic-snare
rockprinz...@gmail.com wrote:
such a shame that WUI is no longer supported/developed.
i understand that they rather focus on improving OSSEC than work on a web
tool that displays the alerts.
i understand that ELK (especially logstash and
On Mon, Aug 10, 2015 at 11:06 AM, Brian Buchanan
briandbucha...@gmail.com wrote:
Hello, I am getting this error and all it gives me is this hash: --MARK--:
a SIEM platform of any kind is a correlation tool for comparing and
contrasting logs from disparate device types
As you have seen, 3 different folks provided 3 different answers and that
will likely be true when talking with any professionals.
for 200 devices, you will need a decent size server,
Hello, I am getting this error and all it gives me is this hash: --MARK--:
p'yxitw]t2v9Q0xq^Lx9v_JY,lZxWG[_$sZ+[+ynab=Qj26;h.1*(TJ%4QT8ENXZoq,igu9U9ie(@@!Aq)lQGcyTazv($(']R+RfXuZADlmiEEIVscfYS(lbl+)Gp$^okAtqVAQGMl,PE)7_'%HtH-E!9@[/cijDC$Gk@#W-8H_Uud=1*#_727LF[F(,,J$#qn-]HN(XComerRoRxQ6'rl#Z?
Is there any error message in ossec.log?
I would suggest to edit /var/ossec/etc/internal_options and set
remoted.verify_msg_id=0 (in case there is a problem with the counters,
specially since possibly packets are being lost)
On Mon, Aug 10, 2015 at 5:38 AM, Harish P hpnair...@gmail.com wrote:
Thank you.How many servers are need for launch Lightweight ? One for Snort and
another for OSSEC and another for Lightweight ?After it, I must install OSSEC
on Windows clients for forward logs?
On Sunday, August 9, 2015 11:14 PM, Daniil Svetlov
svetlov.dan...@gmail.com wrote:
hi all,
as you may have noticed I've been playing around with the rootcheck module,
e.g for the CIS checks.
what i've noticed is that the CIS (audit) checks are not really updated
unless I do a complete restart of ossec (ossec-control restart).
neither a syscheck_update -u local nor a
I am using 2.8.1
On Monday, August 10, 2015 at 11:15:50 AM UTC-4, dan (ddpbsd) wrote:
On Mon, Aug 10, 2015 at 11:06 AM, Brian Buchanan
briandb...@gmail.com javascript: wrote:
Hello, I am getting this error and all it gives me is this hash:
--MARK--:
good idea.
do you want me to run strace with any specific options?
Am Montag, 10. August 2015 20:28:20 UTC+2 schrieb Santiago Bassett:
Haven't seen that before. Try running rootcheck_control with strace to
debug that segfault
Best
On Mon, Aug 10, 2015 at 9:54 AM, theresa mic-snare
Haven't seen that before. Try running rootcheck_control with strace to
debug that segfault
Best
On Mon, Aug 10, 2015 at 9:54 AM, theresa mic-snare rockprinz...@gmail.com
wrote:
hi all,
as you may have noticed I've been playing around with the rootcheck
module, e.g for the CIS checks.
what
On Wed, Aug 5, 2015 at 3:44 AM, horst knete baduncl...@hotmail.de wrote:
Hi,
i wanted to ask quickly where the (I mean in term of ossec folder path) the
information of the last keep alive of the agents is stored.
background:
i set up an ossec failover cluster with shared network volumes
Hi Theresa,
did the process crash already? We need it to crash :-)
On Mon, Aug 10, 2015 at 2:03 PM, theresa mic-snare rockprinz...@gmail.com
wrote:
Hi Santi,
I've now run rootcheck_control with strace, but I'm not quite sure what to
make of it
strace -C bin/rootcheck_control -L -i
Hi Any help on this? please
On Friday, August 7, 2015 at 2:34:25 PM UTC+5:30, Harish P wrote:
I am using OSSEC 2.8.1 in our environment. We have around 300+ servers.
Except few servers in DMZ rest all servers are working fine
Issue :- Servers in DMZ getting disconnected in every 30-40
Hi Team
I have one server in DMZ whcih connect to a OSSEC master server in private
network. FW ports are opened and no restriction to port 1514
As per the Agent logs it is showing that the agent is connected to OSSEC
servers. But the OSSEC server shows the agent as disconnected .
I tried
Hi Team
Is there any configuration possible to specify the source port on agent
side. Now OSSEC agent uses random high port number to connect to 1514 .
Can i set the port whcih agent should be used to connect server
Regards
Harish P
--
---
You received this message because you are
Thank you Santiago! It is working now.
Kind Regards
Swati
On Saturday, 8 August 2015 18:32:44 UTC+1, Santiago Bassett wrote:
Hi,
try using this configuration:
localfile
locationSecurity/location
log_formateventchannel/log_format
queryEvent/System[EventID=4624]/query
20 matches
Mail list logo
