Hello, i have OSSEC installation on Centos 7 by rpm packages. I have server
default installation and client, in client configuration
/var/ossec/etc/agent.conf i add address of my server. When i restart agent
i got this errors.
Starting OSSEC HIDS 2.9.3 (by Trend Micro Inc.)...
Started
Does anyone have any recommendations?
=(
Regards...
El viernes, 2 de marzo de 2018, 13:01:11 (UTC-6), Carlos Islas escribió:
>
> Hello,
>
> Firstly, im sorry for my bad english. I want to know, based on your
> experience, which directories are the most common to realize a syscheck on
>
Hello Igor!
I also installed OSSEC 2.9.3 by rpm packages on centos7, same as you (as
described here:
https://ossec.github.io/docs/manual/installation/installation-package.html#rpm-installation
).
I had the same problem, and it's caused because /etc/ and /bin/ appears on
the check list on both
Is it possible to crank up the verbosity of ossec-logtest so that I can see
if individual lines in a rule match? I'm stuck on something that's got me
flustered.
I've got what I think is a simple rule, but damn if I can get it to work:
This is the log entry:
2018 Mar 12 13:14:22 WinEvtLog:
Hello,
It seems the Ossec Windows Agent logs incorrect process id: 0 for WinEvtLog:
Security: AUDIT_SUCCESS(4656)
The actual process id is in process name: 0x1abc
Can this be resolved ?
See log below
2018/03/12 10:04:30 ossec-agent: DEBUG: Sending message to server: '2018
Mar 12 10:04:29