Has there been any further thought on this issue? I am in the same boat.
On Wednesday, September 14, 2016 at 12:43:56 AM UTC-5, Vilius wrote:
>
> Jesus,
>
> when question is should I send alert into the void or into archive, there
> are cases when archiving is a better option.
>
> Vilius
>
> On
What version of Linux are you running? Kernel support for the real time
feature wasn't added until 2.6, which means RHEL 4.x doesn't support it.
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com]
On Behalf Of Brad Hazledine
Sent: Monday, April 19,
Greetings,
I tried to setup a Windows Agent with only files and no registry entries
listed in ossec.conf. When I do this, the agent refuses to start.
If I put just one registry entry in the config file, it starts.
Is this a bug or by design?
Thank you,
Kirk Frankovich
--
Confidentiality
the agent_control command a few
times.
Is there any debugging I can turn on to see what is actually happening when I
issue the command?
Thank you,
Kirk
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com] On
Behalf Of ddp...@gmail.com
Sent: Thursday
I filed a report on the uservoice site, but I wanted to post this to the
mailing list to see if anyone else has seen this or knows of this.
This morning I deployed OSSEC live for the first time. I installed the
server and connected two agents.
Once everything was up and communicating, I ran
initiate a scan.
My question is:
Is there a delay between issuing the command and the agent actually
starting a scan or should this occur immediately? Why would I be seeing
such behavior?
Thank you.
Kirk Frankovich
Systems Administrator
847.427.5223 - Direct
847.489.4717 - Cell
From: Kirk Frankovich
Sent: Tuesday, November 17, 2009 8:58 AM
To: 'ossec-list@googlegroups.com'
Subject: Agent Control From OSSEC Server
Greetings,
I have a quick question with regards to controlling an agent from the
master server.
When I run the following command ./agent_control -r
restart for that matter) before starting realtime monitoring?
Thank you very much.
Kirk Frankovich
Systems Administrator
847.427.5223 - Direct
847.489.4717 - Cell
kfrankov...@fortdearborn.com
Fort Dearborn Company
1530 Morse Ave
Elk Grove Village, IL 60007
--
Confidentiality
information in both the subject and body so that I can
process it correctly.
Could someone please let me know if this is possible and if so, where
can I find the config?
Thank you very much!
Kirk Frankovich
Systems Administrator
847.427.5223 - Direct
847.489.4717 - Cell
kfrankov...@fortdearborn.com
?
This is a fresh install on OSSEC 2.1.1 on CentOS 5.3 32bit.
Thank you.
Kirk Frankovich
Systems Administrator
847.427.5223 - Direct
847.489.4717 - Cell
kfrankov...@fortdearborn.com
Fort Dearborn Company
1530 Morse Ave
Elk Grove Village, IL 60007
--
Confidentiality Notice: This e
Is there a document on using the real-time integrity checking? I cannot
find how to enable it.
Thank you very much.
Kirk Frankovich
Systems Administrator
847.427.5223 - Direct
847.489.4717 - Cell
kfrankov...@fortdearborn.com
Fort Dearborn Company
1530 Morse Ave
Elk Grove Village, IL 60007
install on OSSEC 2.1.1 on CentOS 5.3 32bit.
Thank you.
Kirk Frankovich
Systems Administrator
847.427.5223 - Direct
847.489.4717 - Cell
kfrankov...@fortdearborn.com
Fort Dearborn Company
1530 Morse Ave
Elk Grove Village, IL 60007
-Original Message-
From: ossec-list@googlegroups.com
Michael,
Thank you very much. One more quick question for you. Which global
option is that? I am not finding it in the config or in the online
guide.
I would like to have OSSEC alert anytime it finds a file that has
changed.
Thank you.
Kirk Frankovich
Systems Administrator
847.427.5223
I am just curious why there is a separate check for file changed a second time?
What happens when it changes again and again? Is there a rule for that?
Thank you.
Kirk Frankovich
Systems Administrator
847.427.5223 - Direct
847.489.4717 - Cell
kfrankov...@fortdearborn.com
Fort Dearborn
I moved the rule to the local_rules.xml file and have renumbered it
appropriately. And I restarted ossec. Here is what I added to the
local_rules.xml file:
group name=authentication_failures,
rule id=100031 level=10 frequency=1 timeframe=240
if_matched_sid18130/if_matched_sid
Forgive me, but I'm new to ossec. I'm trying to construct a composite
rule to alert me on 3 or more invalid login attempts via TermServ. I
am seeing rule 18130 come through in my WUI, but when I try to create a
composite rule, it never is triggered. Here is what I'm placing at the
end of
(first use in this function)
make[1]: *** [net] Error 1
make[1]: Leaving directory `/home/usr/local/ossec-hids-1.4/src/os_net'
Error Making os_net
make: *** [all] Error 1
Error 0x5.
Building error. Unable to finish the installation.
--
Dr C S Kirk
--
http://www.fastmail.fm - Access all
17 matches
Mail list logo