Looking for hardware specs to run a Windows box 2008 with OSSEC and with
expandability in mine.
Plan is to start 100 = clients.
What are the advantages of a linux server vs win for running ossec as well??
Any help would rock man !!!
William
--
---
You received this message because
On Wed, Feb 11, 2015 at 1:16 PM, Ricardo Perre rjmpe...@gmail.com wrote:
Hi,
I've tested and only frequency is supported by rootcheck.
Are you planning to add time and day to rootcheck config?
Nope, but we do like pull requests. Give it a shot, then submit one
here:
The feature is selecting config based on the name, but not the exact name but
rather a regular expression.
Scenario:
OSSEC server with X VM's connected to it.
*agent.conf:*
agent_config name=*REGEX1*
localfile
location/var/log/my1.log/location
log_formatsyslog/log_format
Hi,
I've tested and only frequency is supported by rootcheck.
Are you planning to add time and day to rootcheck config?
Thank you
segunda-feira, 5 de Janeiro de 2015 às 15:08:37 UTC, dan (ddpbsd) escreveu:
On Fri, Jan 2, 2015 at 1:49 PM, Glenn Ford gmfp...@gmail.com
javascript: wrote:
On Wed, Feb 11, 2015 at 1:11 PM, Ricardo Perre rjmpe...@gmail.com wrote:
The feature is selecting config based on the name, but not the exact name
but rather a regular expression.
Scenario:
OSSEC server with X VM's connected to it.
agent.conf:
agent_config name=REGEX1
localfile
Just to add the error when set up the *scan_day* and *scan_time *to
rootcheck config:
*ossec-config(1230): ERROR: Invalid element in the configuration:
'scan_day'ossec-config(1230): ERROR: Invalid element in the configuration:
'scan_time'*
quarta-feira, 11 de Fevereiro de 2015 às 18:16:28
Hello,
I've tested the config, it doesn't work.
I haven't tested the profile settings, I was aiming to manage clients in a
different way.
I have a hypervisor with ~100 VM's on it, if I could differentiate the
OSSEC config based on the name I wouldn't have to worry about setting a
profile.
Is
On Wed, Feb 11, 2015 at 12:56 PM, Ricardo Perre rjmpe...@gmail.com wrote:
Hello,
I've tested the config, it doesn't work.
I haven't tested the profile settings, I was aiming to manage clients in a
different way.
I have a hypervisor with ~100 VM's on it, if I could differentiate the OSSEC
On Wed, Feb 11, 2015 at 12:56 PM, William Amundson
wjamundso...@gmail.com wrote:
Looking for hardware specs to run a Windows box 2008 with OSSEC and with
expandability in mine.
Plan is to start 100 = clients.
What are the advantages of a linux server vs win for running ossec as well??
The
Bingo! Your ASA is not configured properly for logging.
ssh to the device and login
enable
(enter password)
config t
logging trap debugging
exit
write mem
exit
if debugging is too much info, you can lower it to notifications as in
Eero's example.
But you're never going to see your ASA
2015-02-12 6:06 GMT+02:00 Network Infrastructure panhatiger...@gmail.com:
When I open ossec.log I saw that:
Remote syslog allowed from: '192.168.10.1'
Error: Unable to bind port '514'
is syslog already using that port?
--
Eero
--
---
You received this message because you are subscribed
When I use the command you tell me,It show message like these:
#tcpdump -i inside -nn 514 192.168.10.1
.
..
On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure
wrote:
I have configured OSSEC to monitor my ASA 5520 but I cannot see anything
Please stop spamming the list. You have multiple threads on thia already.
On Feb 11, 2015 5:20 AM, Network Infrastructure panhatiger...@gmail.com
wrote:
Help me!
Ossec and my ASA 5520 doesn't work.
I don't how to configure it?
--
---
You received this message because you are subscribed
Hi Team,
Thanks for your reply, I checked the agent log and found that the agent is
not able to reach on 1514 port to the server.
Trying to connect to server (10.5.0.23:1514).
WARN: Waiting for server reply (not started). Tried: ’10.5.0.23’.
on AWS all traffic is allowed, between the net
This is the message when I use the command:
but it doesn't work
ASA5520# sh run log
logging enable
logging asdm informational
logging host inside 192.168.10.11
ASA5520# sh run | inc log
service-object tcp eq klogin
service-object tcp eq login
service-object udp eq syslog
service-object udp
Help me!
Ossec and my ASA 5520 doesn't work.
I don't how to configure it?
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
You need to enable logging to syslog server first. command is like logging
trap syslog-level
example:
conf t
logging trap notifications
wr
br,
Eero
--
2015-02-11 8:50 GMT+02:00 Network Infrastructure panhatiger...@gmail.com:
This is the message when I use the command:
but it doesn't work
HOW server and client communicate? what are the port that need to be open ?
Can we use some other port for client to server communication.
On Tuesday, February 10, 2015 at 11:06:44 PM UTC+5:30, Eero Volotinen wrote:
2015-02-10 18:42 GMT+02:00 shankey shanke...@gmail.com javascript::
HI
2015-02-11 12:42 GMT+02:00 shankey shankey.ci...@gmail.com:
HOW server and client communicate? what are the port that need to be open ?
Can we use some other port for client to server communication.
HOW about reading the *docs* first?
--
Eero
--
---
You received this message because
1514 UDP as default, but please read the docs
- http://ossec-docs.readthedocs.org/en/latest/
On Wednesday, 11 February 2015 10:42:25 UTC, shankey wrote:
HOW server and client communicate? what are the port that need to be open ?
Can we use some other port for client to server
used to be so
test:/var/ossec/queue/diff/test/533# ls -l
total 756
-rwxr-x--- 1 ossec ossec 2703 Feb 11 12:22 last-entry
-rwxr-x--- 1 ossec ossec 2882 Sep 26 14:46 state.1411728392
-rwxr-x--- 1 ossec ossec 1211 Sep 29 08:04 state.1411963489
-rwxr-x--- 1 ossec ossec 1559 Sep 29 08:05
On Wed, Feb 11, 2015 at 2:00 AM, Network Infrastructure
panhatiger...@gmail.com wrote:
When I use the command you tell me,It show message like these:
#tcpdump -i inside -nn 514 192.168.10.1
That's not the command I gave you.
`tcpdump -i inside -nn port 514 and host 192.168.10.1`
You should be
On Wed, Feb 11, 2015 at 8:19 AM, alex petrov allreadypa...@gmail.com wrote:
used to be so
What used to what?
Are you sure the values OSSEC is receiving are changing?
Check the permissions on the queue/diff directories.
test:/var/ossec/queue/diff/test/533# ls -l
total 756
-rwxr-x--- 1
test:/var/ossec/queue/diff# ls -l
drwxr- 5 ossec ossec 4096 Feb 9 13:46 test
test:/var/ossec/queue/diff/test# ls -l
total 20
drwxr-x--- 2 ossec ossec 4096 Feb 9 16:57 140125
drwxr-x--- 2 ossec ossec 12288 Nov 5 08:23 533
drwxr-x--- 2 ossec ossec 4096 Feb 9 13:46 700086
When I open ossec.log I saw that:
Remote syslog allowed from: '192.168.10.1'
Error: Unable to bind port '514'
On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure
wrote:
I have configured OSSEC to monitor my ASA 5520 but I cannot see anything
In ASA 5520, I enable syslog
When I checked in ossec.log I see message that:
Remote syslog allowed from: 192.168.10.1
.
.
ERROR: Unable to bind port 514
On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure
wrote:
I have configured OSSEC to monitor my ASA 5520
26 matches
Mail list logo