Hi,
I having ossec-execd running as (new) user ossece.
For the Latest Stable Release (2.8.1)
On agent:
# ps aux | grep ossec
ossece 21669 0.0 0.0 12564 504 ?S10:57 0:00
/opt/ossec/bin/ossec-execd
ossec21673 0.0 0.0 12888 932 ?S10:57 0:01
,
not sure what could be the problem here. Did you figure it out?
Best
On Wed, May 13, 2015 at 7:21 AM, skotthof
sebastian.kotth...@rz.uni-mannheim.de wrote:
OK, thank you.
I checked how to use CDBs now, seems this is really what I need. Really
cool!
Nevertheless, now I ran into that issue
, May 12, 2015 at 10:26:21AM -0700, Santiago Bassett wrote:
You could probably use CDB lists in the rules
On Tue, May 12, 2015 at 8:34 AM, skotthof
[1]sebastian.kotth...@rz.uni-mannheim.de wrote:
Hi,
okay thanks.
I have tested this by changing a rule for ssh login
Hi,
we tried out ossec here, realy nice software!
I wondering, if it is possible, to define rules also
for specific hosts or profiles.
For example:
On all nodes, we like to be alerted, if ssh login
fails because of wrong passwords.
On some hosts only, we like to receive alerts also
when
, May 12, 2015 at 10:05:28AM -0400, dan (ddp) wrote:
On Tue, May 12, 2015 at 6:30 AM, skotthof
sebastian.kotth...@rz.uni-mannheim.de wrote:
Hi,
we tried out ossec here, realy nice software!
I wondering, if it is possible, to define rules also
for specific hosts or profiles
) wrote:
On Tue, May 12, 2015 at 10:25 AM, skotthof
sebastian.kotth...@rz.uni-mannheim.de wrote:
Thanks for your answer.
The location option itself seems to be valid only for the localfile stuff.
This will concern the log files againn not the rules.
You're right, I think I meant hostname. I