[ossec-list] OSSEC with OSSIM

Dear all, Any of you have working with ossec server talking to ossec in OSSIM? I send alert level ossec via syslog to rsyslog ossim but not working because OSSIM use custom log with tag AV in front of each log so alert from ossec server not recognize by OSSIM. I heard about ossec in hybrid

Re: [ossec-list] OSSEC with OSSIM

On Wed, Nov 12, 2014 at 5:47 AM, Teddy Jayasaputra teddy.jayasapu...@gmail.com wrote: Dear all, Any of you have working with ossec server talking to ossec in OSSIM? I send alert level ossec via syslog to rsyslog ossim but not working because OSSIM use custom log with tag AV in front of each

Re: [ossec-list] pgp signatures for releases

On Sat, Nov 8, 2014 at 5:12 AM, Eero Volotinen eero.voloti...@iki.fi wrote: Hi List, looking for gpg signatures for ossec releases? where I can download them? It doesn't look like they're currently offered. -- Eero -- --- You received this message because you are subscribed to the

Re: [ossec-list] Hybrid issues - stops forwarding logs

On Mon, Nov 10, 2014 at 4:02 AM, Chris H chris.hemb...@gmail.com wrote: The only calls in the strace to alerts.log are these: sendto(4, 1:ossec-keepalive:--MARK--: no[;..., 673, 0, NULL, 0) = 673 Are you sure 4 is a log file, and not the connection to the ossec-remoted on the other end? I

Re: [ossec-list] pgp signatures for releases

2014-11-12 16:08 GMT+02:00 dan (ddp) ddp...@gmail.com: On Sat, Nov 8, 2014 at 5:12 AM, Eero Volotinen eero.voloti...@iki.fi wrote: Hi List, looking for gpg signatures for ossec releases? where I can download them? It doesn't look like they're currently offered. So, is there any way

Re: [ossec-list] pgp signatures for releases

On Wed, Nov 12, 2014 at 12:48 PM, Eero Volotinen eero.voloti...@iki.fi wrote: 2014-11-12 16:08 GMT+02:00 dan (ddp) ddp...@gmail.com: On Sat, Nov 8, 2014 at 5:12 AM, Eero Volotinen eero.voloti...@iki.fi wrote: Hi List, looking for gpg signatures for ossec releases? where I can download

Re: [ossec-list] Hybrid issues - stops forwarding logs

On Wed, Nov 12, 2014 at 11:49 AM, dan (ddp) ddp...@gmail.com wrote: On Mon, Nov 10, 2014 at 4:02 AM, Chris H chris.hemb...@gmail.com wrote: The only calls in the strace to alerts.log are these: sendto(4, 1:ossec-keepalive:--MARK--: no[;..., 673, 0, NULL, 0) = 673 Are you sure 4 is a log

[ossec-list] Agentless timeouts for linux and MAC systems

Hello Guys/Gals, I have a new system up and running with OSSEC. trying to get an agentless deployment working and it is timing out right after a successful login. I have tried the expect script with commands such as pwd and it always times out. this happens for a few linux hosts and a MAC

Re: [ossec-list] Agentless timeouts for linux and MAC systems

On Wed, Nov 12, 2014 at 3:02 PM, Jim Nofsinger jnofsin...@gmail.com wrote: Hello Guys/Gals, I have a new system up and running with OSSEC. trying to get an agentless deployment working and it is timing out right after a successful login. I have tried the expect script with commands such as