Hi,
OSSEC is presenting itself as notify.ossec.net but this domain name does
not resolve. Is there a configurable option in OSSEC to change this?
450 4.7.1 notify.ossec.net: Helo command rejected: Host n
smission/2.82 proto=SMTP helo=not found
--
---
You received this message because you
On Thu, Feb 12, 2015 at 2:39 PM, dan (ddp) ddp...@gmail.com wrote:
On Thu, Feb 12, 2015 at 2:19 PM, George Ficzeri geor...@onshore.com wrote:
Hi,
OSSEC is presenting itself as notify.ossec.net but this domain name does
not resolve. Is there a configurable option in OSSEC to change this?
On Thu, Feb 12, 2015 at 2:19 PM, George Ficzeri geor...@onshore.com wrote:
Hi,
OSSEC is presenting itself as notify.ossec.net but this domain name does
not resolve. Is there a configurable option in OSSEC to change this?
450 4.7.1 notify.ossec.net: Helo command rejected: Host n
*ON https://github.com/ossec/ossec-hids/releases*
*Server / Agent 2.8*
*Change log*
*Disable /var/ossec/queue/diff/*state.$epoch files, they were not used.
pull: by reyjrar*
*HOW to enadle /var/ossec/queue/diff/*state.$epoch files in ossec 2.8*
среда, 11 февраля 2015 г., 16:44:05 UTC+3
can you guide me to config it?
On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure
wrote:
I have configured OSSEC to monitor my ASA 5520 but I cannot see anything
In ASA 5520, I enable syslog server to send syslog to my OSSEC
In OSSEC, the /var/ossec/etc/ossec.conf, I
Hi,
Can we monitor network devices activities with OSSEC agentless option. or
we should redirect their logs to the ossec server and monitor the local
logs?
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and
When I checked it in /var/ossec/logs/ossec.log I see that:
remote syslog allowed from: '192.168.10.1'
So, I think we have problem with decoder file.
On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure
wrote:
I have configured OSSEC to monitor my ASA 5520 but I cannot see
when I type in ossec manager: tcpdump -i inside -Xxnnnevvvs 0 port 2514
192.168.11.1 and I also type: tcpdump -i inside -Xxnnnevvvs 0 2514
192.168.11.1
and it show message that:
tcpdump: inside: No such device exists
(SIOGIFHWADDR: No such device)
On Friday, February 6, 2015 at 9:11:33 AM
On Feb 12, 2015 8:50 PM, Network Infrastructure panhatiger...@gmail.com
wrote:
When I checked it in /var/ossec/logs/ossec.log I see that:
remote syslog allowed from: '192.168.10.1'
That was the ip you gave it in the ossec.conf. i believe that should be the
ip of your asa device. If it is
This is starting to border on the absurd. Do you have any linux experience?
On Feb 12, 2015 8:50 PM, Network Infrastructure panhatiger...@gmail.com
wrote:
when I type in ossec manager: tcpdump -i inside -Xxnnnevvvs 0 port 2514
192.168.11.1 and I also type: tcpdump -i inside -Xxnnnevvvs 0 2514
I don't know about this problem
On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure
wrote:
I have configured OSSEC to monitor my ASA 5520 but I cannot see anything
In ASA 5520, I enable syslog server to send syslog to my OSSEC
In OSSEC, the /var/ossec/etc/ossec.conf,
2015-02-12 10:18 GMT+02:00 Network Infrastructure panhatiger...@gmail.com:
I don't know about this problem
You cannot run two services (daemons) on same port. You need to reconfigure
syslog or/and disable and stop it.
--
Eero
--
---
You received this message because you are subscribed to
2015-02-12 10:47 GMT+02:00 Network Infrastructure panhatiger...@gmail.com:
can you guide me to config it?
No, you need to use google to find instructions to do that.
--
Eero
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe
Apache 2.4 style log messages are only supported in the master branch on
github.com/ossec/ossec-hids or the upcoming 2.9 release.
It would be nice if you could provide some log messages of ModSecurity
so we can try this out in the dev version.
Regards
Christian
Am 12.02.2015 um 00:03 schrieb
Hello Ricardo,
you can use
agent_config name=hostA01|hostA02|hostA03
[...]
/agent_config
agent_config name=hostB01|hostB02|hostB03
[...]
/agent_config
Christian
On Wed, Feb 11, 2015 at 10:11:34AM -0800, Ricardo Perre wrote:
The feature is selecting config based on the name, but not the
IP 192.168.10.1 is the ip of my asa
On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure
wrote:
I have configured OSSEC to monitor my ASA 5520 but I cannot see anything
In ASA 5520, I enable syslog server to send syslog to my OSSEC
In OSSEC, the
On Wed, Feb 11, 2015 at 11:06 PM, Network Infrastructure
panhatiger...@gmail.com wrote:
When I open ossec.log I saw that:
Remote syslog allowed from: '192.168.10.1'
Error: Unable to bind port '514'
It looks like your syslogd is currently bound to that port. You can
either make it stop doing
On Thu, Feb 5, 2015 at 7:49 AM, dan (ddp) ddp...@gmail.com wrote:
On Wed, Feb 4, 2015 at 11:29 PM, John Luko johnl...@gmail.com wrote:
Ok. I did a local setup and after sometime I was finally able to recreate
the issue. Setup was as follows:
server1 (server mode) -- server 2 (hybrid mode)
On Thu, Feb 12, 2015 at 3:08 AM, alex petrov allreadypa...@gmail.com wrote:
ON https://github.com/ossec/ossec-hids/releases
Server / Agent 2.8
Change log
Disable /var/ossec/queue/diff/*state.$epoch files, they were not used. pull:
by reyjrar
HOW to enadle
On Thu, Feb 12, 2015 at 5:09 AM, Rohith PS rohith...@gmail.com wrote:
Hi,
Can we monitor network devices activities with OSSEC agentless option. or we
should redirect their logs to the ossec server and monitor the local logs?
You can do either, or both. They kind of cover different things.
On Thu, Feb 12, 2015 at 11:01 AM, Darren Worrall dar...@iweb.co.uk wrote:
Hey Folks,
Setup is a single server installation - no remote agents. I've defined
custom command and active-response blocks, but it wont fire and I cant
figure out why. A sample config, ossec.log and alerts.log are
On Thu, Feb 12, 2015 at 11:59 AM, Network Infrastructure
panhatiger...@gmail.com wrote:
yes, I change syslog server to use port 2514 too
I don't know what you mean.
If you changed the destination for the logs from the cisco asa run
this on the ossec manager:
`tcpdump -i ETHERNET_INTERFACE
On Thu, Feb 12, 2015 at 11:52 AM, Darren Worrall dar...@iweb.co.uk wrote:
Right, I've cracked it - I'm doing some strict argument parsing, and the
script recieves an extra parameter not listed in the manual[1] - a 7th
argument. I guess this is a documentation bug, anyone know what that
Hey Folks,
Setup is a single server installation - no remote agents. I've defined
custom command and active-response blocks, but it wont fire and I cant
figure out why. A sample config, ossec.log and alerts.log are here[0]. The
script is just a dummy one which logs to a file when triggered,
On Thu, Feb 12, 2015 at 11:48 AM, Network Infrastructure
panhatiger...@gmail.com wrote:
remote
connectionsyslog/connection
port2514/port
allowed-ips192.168.11.1allowed-ips
local_ip192.168.11.11/local_ip
/remote
After config it It restart ossec but it doesn't show anything
i look
On Thursday, 12 February 2015 16:21:21 UTC, dan (ddpbsd) wrote:
Does the python script work if you run it manually?
It does yes.
I think the script it erroring, if I just touch a file and immediately
exit, that works. Is there something unusual about the environment for
active response
Right, I've cracked it - I'm doing some strict argument parsing, and the
script recieves an extra parameter not listed in the manual[1] - a 7th
argument. I guess this is a documentation bug, anyone know what that
parameter is supposed to be? It's just a dash when I get it.
[1]:
remote
connectionsyslog/connection
port2514/port
allowed-ips192.168.11.1allowed-ips
local_ip192.168.11.11/local_ip
/remote
After config it It restart ossec but it doesn't show anything
i look it at(/var/ossec/logs/archives/archives.log)
On Friday, February 6, 2015 at 9:11:33 AM UTC+7,
yes, I change syslog server to use port 2514 too
On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure
wrote:
I have configured OSSEC to monitor my ASA 5520 but I cannot see anything
In ASA 5520, I enable syslog server to send syslog to my OSSEC
In OSSEC, the
29 matches
Mail list logo
