mative.
definetly got to know ossec a bit better these last few days.
cheers,
J
On Fri, Feb 25, 2011 at 9:25 PM, Joel Brooks wrote:
> i can get the active response to fire by passing "-b 1.2.3.4 -f
> firewall-drop600 -u 000"
>
> firewall-drop600 is in the ar.con
nd
can be verified by the md5sum).
-
I will try in debug mode, and i will make sure i'm firing a rule that
is level 6 or higher.
thanks for your patience Dan.
J
On Fri, Feb 25, 2011 at 9:02 PM, dan (ddp) wrote:
> Hi Joel,
>
> On Fri, Feb 25, 2011 at 7:59 PM, Joel B
i still haven't got it working.
I've tried moving the definitions and the
sections to the agent.conf, and still no joy.
i just can't get active response to work in central management mode.
I found that executing
bin/agent_control -b 1.2.3.4 -f firewall-drop -u 000
from the manager results in
ed message --
From: dan (ddp)
Date: Thu, Feb 24, 2011 at 3:48 PM
Subject: Re: [ossec-list] active response in central management?
To: Joel Brooks
That's still within the syscheck section.
Can you send your active response configuration (in the manager's ossec.conf)?
Also detail ho
hey gang,
OK, on to a new problem with active responses...
I've got active responses working. the one i'm mainly interested
right now is the SSHD bruce force rule/response (rule id=5712).
when this rule is matched, the firewall drop command is executed, but
the active-response.log shows:
Thu F
n agent.conf
>> with active responses working, I'd greatly appreciate it!
>>
>> Thanks!
>>
>> J
>>
>> -Original Message-
>> From: "dan (ddp)"
>> Sender: ossec-list@googlegroups.com
>> Date: Wed, 23 Feb 2011 21:3
hey gang,
sorry for the quick double tap.. I was wondering if there's a way to
dump an agent's config.
since moving all my config into agent.conf on the central server, i
can't tell how a particular agent is configured... I know i can
compare the md5sum of the server and the agent using agent_con
hey gang,
I'm working on my centralized management of ossec and it seems to be
going well.
However, it seems that since i centralized and moved all the
configuration to agent.conf, my active response rules have stopped
working. (last entry in active-response.log is Feb. 21, last SSH
brute force
Hi gang,
I'm wondering if there's any tricks to getting ossec working when the
server is behind a NAT.
here's the case:
i have some linode servers that i'd like to monitor with ossec.
the ossec server is in the office behind a NATting firewall.
the ossecn agent on the linode boxes is configured
Hey,
there's an entry in the FAQ about this...
http://www.ossec.net/wiki/Know_How:BinaryInstall
J
On Feb 22, 2:38 pm, Jeremy Lee wrote:
> As luck would have it, the same engineer was assigned to the ticket I
> opened! :D
>
> *sigh*
>
> Guess I'll be trying the binary-install method.
>
> On Tue
Hi guys,
I'm just getting started with ossec. So far, it seems like a great
tool!
I need to deploy this in a centralized management configuration. I'm
reading through the docs and experimenting in a lab.
One thing i'm not clear on his what gets configured on the agents vs.
what gets configured
11 matches
Mail list logo