Re: [ossec-list] Windows Defender Decoder ?

2016-05-02 Thread joe . cosgrove
Rob, Just a tip If you have virtual box or VMware, throw a Manager on their and use it to test your rules and decoders. You can just paste the log into ossec-logtest. It will sure save you a lot of heartache when troubleshooting. Hope that helps On Monday, April 25, 2016 at 10:13:13 AM

[ossec-list] Re: Monitoring defacement on highly dynamic websites with OSSEC

2016-05-02 Thread joe . cosgrove
Tahir, There are two scans which run, depending on the size of your environment this can take some time (in your case 30 min). 1) rootcheck 2) syscheck This configuration is located in your ossec.conf: 79200 If you have changed the frequency or forced the scan and noticed it is

[ossec-list] Re: ossec users and group should be in system groups

2016-05-02 Thread joe . cosgrove
The website http://documentation.wazuh.com/en/latest/about.html should be able to answer most of your questions. Its has instructions on the installation processes. On Tuesday, April 26, 2016 at 3:19:43 PM UTC-4, Dennis Golden wrote: > > Over the past several years, I have submitted diff's for

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread dan (ddp)
On Mon, May 2, 2016 at 10:49 AM, dan (ddp) wrote: > On Mon, May 2, 2016 at 10:36 AM, Robert Micallef wrote: >> Third time's the charm. Is PR #821 ok? >> > > At a glance, I don't see the df changes in it. I'll try to take a > better look in a bit. > The

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread dan (ddp)
On Mon, May 2, 2016 at 10:36 AM, Robert Micallef wrote: > Third time's the charm. Is PR #821 ok? > At a glance, I don't see the df changes in it. I'll try to take a better look in a bit. > > On Monday, May 2, 2016 at 4:15:55 PM UTC+2, dan (ddpbsd) wrote: >> >> On Mon, May

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread Robert Micallef
Third time's the charm. Is PR #821 ok? On Monday, May 2, 2016 at 4:15:55 PM UTC+2, dan (ddpbsd) wrote: > > On Mon, May 2, 2016 at 10:12 AM, Robert Micallef > wrote: > > I'm sorry about that. I never used github before. I didn't know P and h > are > > incompatible for

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread Robert Micallef
I'm sorry about that. I never used github before. I didn't know P and h are incompatible for OpenBSD. But I think the rule should still work by just modifying . So how can I fix the PR? Do I close it and try opening it again? I cannot find where to edit anything apart from the title. On

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread Robert Micallef
Hi Dan, Created PR #819. I hope I chose the correct branches.. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For

Re: [ossec-list] Disk usage monitor not working in RHEL5

2016-05-02 Thread dan (ddp)
On Mon, May 2, 2016 at 9:57 AM, Robert Micallef wrote: > Hi Dan, > > Created PR #819. I hope I chose the correct branches.. > Thanks for submitting that, but I left a comment in the PR. New changes should be against MASTER, and the "h" and "P" flags are incompatible