The server I'm using for testing went down, as soon as I get it back I'm
gonna review it.
Thank you very much for your help, relly appreciated
Regards
El viernes, 14 de octubre de 2016, 10:26:53 (UTC-3), dan (ddpbsd) escribió:
>
> On Fri, Oct 14, 2016 at 8:55 AM, Kernel Panic
On Fri, Oct 14, 2016 at 8:55 AM, Kernel Panic wrote:
> Taking a look in /var/ossec/logs/alerts I can see there are lots of things
> registered, no related to the files I modified, but related to ssh login
> failures, sudo stuff and the like but never get an e-mail with
Taking a look in /var/ossec/logs/alerts I can see there are lots of things
registered, no related to the files I modified, but related to ssh login
failures, sudo stuff and the like but never get an e-mail with that report.
Thank you very much for your time and support
Regards
El jueves, 13
Hi there.
I'm still getting one alert e-mail type 2 eventhough I modified/created
some files under /etc am I missing something else in the configuration?
This is the server coniguration.
yes
m...@company.com
localhost
oss...@server.com
100
yes
4096
Thank you!
El jueves, 13 de octubre de 2016, 14:47:25 (UTC-3), dan (ddpbsd) escribió:
>
> On Thu, Oct 13, 2016 at 1:09 PM, Kernel Panic > wrote:
> > Hi
> > Does this still apply?
> > I have this option enabled: yes along
> > with the realtime=yes.
> >
> > From
On Thu, Oct 13, 2016 at 1:09 PM, Kernel Panic wrote:
> Hi
> Does this still apply?
> I have this option enabled: yes along
> with the realtime=yes.
>
> From another post on the list:
>>In the past new files were not alerted in real time. I'm not sure if
>>this has
Hi
Does this still apply?
I have this option enabled: yes along
with the realtime=yes.
>From another post on the list:
>In the past new files were not alerted in real time. I'm not sure if
>this has changed. Any of the developers know?
Another question , by reading this
Thank you very much for your clarification, now it's much more clear to
me!!!
Regards
El jueves, 13 de octubre de 2016, 10:32:16 (UTC-3), dan (ddpbsd) escribió:
>
> On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic > wrote:
> >
> > Hi
> > Let's see, shouldn't I have to
On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic wrote:
>
> Hi
> Let's see, shouldn't I have to configure on each tag to which directory I
> want to apply it? as in check_all , directories, realtime and which
> directories, or are they global parameters? that's why I
Hi
Let's see, shouldn't I have to configure on each tag to which directory I
want to apply it? as in check_all , directories, realtime and which
directories, or are they global parameters? that's why I included home and
root on both of them.
/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin
Hi
Is this much better now? is realtime a global option ( realtime to all ) or
do I have to tell on which directories I want the realtime monitoring?
/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin
/root,/home,/etc
/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin
Thank you very much
Hi
Ok, so , are those global variables ? I thought I had to specify for every
tag to which directory I wan it to apply that configuration, that's why I
included root and home on both, realtime and check_all.
/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin
/root,/home,/etc
So, do I have to
On Oct 12, 2016 4:49 PM, "Kernel Panic" wrote:
>
> Hi there guys,
>
> When starting the agent I've get this info:
>
> Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using notify
time: 600 and max time to reconnect: 1800
> 2016/10/12 15:43:05
Hi there guys,
When starting the agent I've get this info:
*Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using notify
time: 600 and max time to reconnect: 1800*
2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory given:
'/root'.
2016/10/12 15:43:05
14 matches
Mail list logo