Weird... Just curious, how did you figure it out?
On Tue, May 26, 2015 at 10:29 AM, Xavier Mertens xmert...@gmail.com wrote:
FYI, my problem has been solved by reformating the comment in the
active-response section:
Changed from:
!-- comment --
To:
!-- comment
--
Bug?
/x
On
I reinstalled the windows server , but the case is similar .
I have a question:
how ossec server knows the path of the file route-null.cmd existing on
windows agent in order to perform the response?
Thank you in advance
On Friday, May 22, 2015 at 1:39:25 PM UTC+2, dan (ddpbsd) wrote:
On Sun,
Hi,
I just looked in the root of my OSSEC installation on Ubuntu and noticed
dozens of files with names like ossec-hosts.CMvJNMB8af.
What could those be and what's the effect, if any, of deleting them?
Thanks,
--
finid
--
---
You received this message because you are subscribed to the
FYI, my problem has been solved by reformating the comment in the
active-response section:
Changed from:
!-- comment --
To:
!-- comment
--
Bug?
/x
On Fri, May 22, 2015 at 3:22 AM, Santiago Bassett
santiago.bass...@gmail.com wrote:
Not sure if this is of any help, but try to run
Hello
Maybe anyone has working archives.log integration with logstash ?
Thanks for an advise.
With best regards
Martynas
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it,
Another thing , I am sure now when I run the command :
/var/ossec/bin/agent_control -b xxx.xxx.xxx.xxx -f win_nullroute -u 002 it
did not work on the agent i.e when I run command
C:\route print the ip did not appear , but when on agent I run the file
route-null.cmd and write ADD
Hi,
I've this rule in local_rules.xml,
rule id=5551 level=5 frequency=6 timeframe=180 overwrite=yes
optionsalert_by_email/options
if_matched_sid5503/if_matched_sid
same_source_ip /
descriptionMultiple failed logins in a small period of time.
/description
On May 26, 2015 9:34 AM, Abdul Baqui mabaqu...@gmail.com wrote:
Hi,
I've this rule in local_rules.xml,
rule id=5551 level=5 frequency=6 timeframe=180 overwrite=yes
optionsalert_by_email/options
if_matched_sid5503/if_matched_sid
same_source_ip /
descriptionMultiple failed
On Tue, 26 May 2015, T-SOC Operations wrote:
Sorry, bloody germans ;-)
-someone sharing their logstash 1.5.0 ossec grok filter (ossec.log +
alerts.log, also the permission challenges on those files)
-clean json formatted events from ossec to logstash input handler
I thought the ossec json
On Tue, 26 May 2015, T-SOC Operations wrote:
hello ossec fellows,
i'm struggling with the json syslog_output filter. The are some kind of
json format, but logstash is not able
to decode the message right away.
example json outputs in kibana4:
windows alert: http://pastebin.com/2n4jsJYS
On Tue, May 26, 2015 at 1:43 PM, T-SOC Operations
t-soc-operati...@tiri.li wrote:
hello ossec fellows,
i'm struggling with the json syslog_output filter. The are some kind of
json format, but logstash is not able
to decode the message right away.
example json outputs in kibana4:
Sorry, bloody germans ;-)
-someone sharing their logstash 1.5.0 ossec grok filter (ossec.log +
alerts.log, also the permission challenges on those files)
-clean json formatted events from ossec to logstash input handler
I thought the ossec json message is properly formated and therefore
On Tue, 26 May 2015, fi...@vivaldi.net wrote:
I just looked in the root of my OSSEC installation on Ubuntu and noticed
dozens of files with names like ossec-hosts.CMvJNMB8af.
What could those be and what's the effect, if any, of deleting them?
Those are temporary files created by the
Since OSSEC has support for incorporating geoip, is there a way to include
rules that are based on country code? I couldn't find any instructions in
the manual for doing so. There are some custom rules I wrote that would be
enhanced and triggered only for certain countries.
I understand that
pam_rules.xml is set as:
rule id=5500 level=0 noalert=1
decoded_aspam/decoded_as
descriptionGrouping of the pam_unix rules./description
/rule
rule id=5501 level=3
if_sid5500/if_sid
matchsession opened for user /match
descriptionLogin session opened./description
After installing OSSEC, and keeping default ossec.conf and all rules, what
changes do I need to make so that OSSEC sends mail for multiple
authentication failures, successful login after multiple authentication
failures? I want OSSEC to send mail alerts when a user fails to login 4
times, and
hello ossec fellows,
i'm struggling with the json syslog_output filter. The are some kind of
json format, but logstash is not able
to decode the message right away.
example json outputs in kibana4:
windows alert: http://pastebin.com/2n4jsJYS
linux alert: http://pastebin.com/UPAUq9pB
On Tue, May 26, 2015 at 7:00 AM, Martynas Buožis m...@nrdcs.lt wrote:
Hello
Maybe anyone has working archives.log integration with logstash ?
Thanks for an advise.
I think you can read the file with syslog-ng, strip of the OSSEC
specific header, and use syslog-ng to foward the log messages
On Tue, May 26, 2015 at 4:33 AM, HMath h.i.youss...@gmail.com wrote:
I reinstalled the windows server , but the case is similar .
I have a question:
how ossec server knows the path of the file route-null.cmd existing on
windows agent in order to perform the response?
I believe the relative
On Sat, May 23, 2015 at 2:25 AM, Never Mr mrneve...@gmail.com wrote:
I have config ossec.conf :
global
email_notificationyes/email_notification
email_tox...@gmail.com/email_to
smtp_serveralt4.gmail-smtp-in.l.google.com/smtp_server
On Mon, May 25, 2015 at 12:22 PM, Joseph Portillo jos...@calpop.com wrote:
Dear Ossec-list Community
I recommended OSSEC to one of my customers.
They are running Freebsd as their OS.
They are also running DirectAdmin as their Control Panel.
I know OSSEC is compatible with all Freebsd OS
On Tue, May 26, 2015 at 9:42 AM, Abdul Baqui mabaqu...@gmail.com wrote:
pam_rules.xml is set as:
rule id=5500 level=0 noalert=1
decoded_aspam/decoded_as
descriptionGrouping of the pam_unix rules./description
/rule
rule id=5501 level=3
if_sid5500/if_sid
22 matches
Mail list logo
