They are regexp operators ^ beginning of line and $ is end of line..
Eero
28.3.2016 10.11 ip. "Rob B" kirjoitti:
> PS. Almost forgot to add :
>
> What does this mean? ^1000$|^1002$
>
> The "^" and the '$' before the pipe really has me perplexed.
>
> Thx.
>
>
>
^
Start of string, or start of line in multi-line pattern
\A
Start of string
$
End of string, or end of line in multi-line pattern
On Monday, March 28, 2016 at 4:20:47 PM UTC-4, Rob B wrote:
>
> found pipe = logical OR
>
>
>
> On Monday, March 28, 2016 at 3:11:30 PM UTC-4, Rob B wrote:
>>
>>
found pipe = logical OR
On Monday, March 28, 2016 at 3:11:30 PM UTC-4, Rob B wrote:
>
> PS. Almost forgot to add :
>
> What does this mean? ^1000$|^1002$
>
> The "^" and the '$' before the pipe really has me perplexed.
>
> Thx.
>
>
>
> On Monday, March 28, 2016 at 3:07:30 PM
PS. Almost forgot to add :
What does this mean? ^1000$|^1002$
The "^" and the '$' before the pipe really has me perplexed.
Thx.
On Monday, March 28, 2016 at 3:07:30 PM UTC-4, Rob B wrote:
>
> Heya Folks,
>
> I've been looking for the docs that explain the difference between
Heya Folks,
I've been looking for the docs that explain the difference between the
use of the '|" and the "," when specifying the id numbers within a rule. I
cant find anything that explains the use.
Could someone explain to me the differences by way of use? or provide a
link that I may
Yes, I am using.
KR,
Yurii
2016-03-28 21:11 GMT+03:00 dan (ddp) :
> On Mon, Mar 28, 2016 at 2:09 PM, Yurii Shatylo
> wrote:
> > Hi Brent,
> >
> > I have modified configuration and now it looks:
> >
> > # Going into enable mode.
> > send "enable\r"
> >
On Mon, Mar 28, 2016 at 2:09 PM, Yurii Shatylo wrote:
> Hi Brent,
>
> I have modified configuration and now it looks:
>
> # Going into enable mode.
> send "enable\r"
> expect {
> "*assword:" {
> send "$addpass\r"
> expect {
> "*asswor*"
Hi Brent,
I have modified configuration and now it looks:
*# Going into enable mode.send "enable\r"expect { "*assword:" {*
*send "$addpass\r"*
*expect {"*asswor*" {send_user "ERROR:
Incorrect enable password to remote host: $hostname .\n"
That regex looks IPv4 specific. Can you make it allow IPv6 addresses?
Sent from my iPad
> On Mar 28, 2016, at 05:35, theresa mic-snare wrote:
>
> Thanks, Dan!
> I now almost got it fully working your advice was really good!
> Here's my problem, somehow the OpenBSD
When you use a standard SSH client, and go into enable mode.
Does it have an uppercase P on password?
I vaguely recall an issue with the case sensitivity of that script.
send "enable\r"
> expect {
> "Password:" {
> send "$addpass\r"
> expect {
I believe that should be
great, I will just do that :)
thanks for all your help!
Am Montag, 28. März 2016 17:56:09 UTC+2 schrieb dan (ddpbsd):
>
> On Mon, Mar 28, 2016 at 11:53 AM, theresa mic-snare
> wrote:
> > Awesome, this worked!
>
> Sweet. I'll submit a PR to change this.
>
> > I'm going
On Mon, Mar 28, 2016 at 11:53 AM, theresa mic-snare
wrote:
> Awesome, this worked!
Sweet. I'll submit a PR to change this.
> I'm going to work on some more postfix rules and decoders over the next few
> days, because I have tons of Level 2 - Rule 1002 alerts that I want
On Mon, Mar 28, 2016 at 10:00 AM, Yurii Shatylo wrote:
> I have done it when I added host (ASA).
> In my file called .passlist I have the following record:
> username@192.168.0.1|password|enablepass
> When I start checking I got error only with enable authentication, the
Awesome, this worked!
I'm going to work on some more postfix rules and decoders over the next few
days, because I have tons of Level 2 - Rule 1002 alerts that I want gone.
do you think they would be accepted (once they work properly) as a PR on
github?
Am Montag, 28. März 2016 17:45:58 UTC+2
On Mon, Mar 28, 2016 at 11:42 AM, theresa mic-snare
wrote:
> Sorry, it's this one
> 2016-03-23T01:09:28.962188+01:00 tron postfix/smtpd[472]: warning:
> 199.249.24.179.list.dsbl.org: RBL lookup error: Host or domain name not
> found. Name service error for
Sorry, it's this one
2016-03-23T01:09:28.962188+01:00 tron postfix/smtpd[472]: warning: 199.249.
24.179.list.dsbl.org: RBL lookup error: Host or domain name not found. Name
service error for name=199.249.24.179.list.dsbl.org type=A: Host not found,
try again
Am Montag, 28. März 2016 17:39:32
On Mon, Mar 28, 2016 at 11:35 AM, theresa mic-snare
wrote:
> Thanks, Dan!
> I now almost got it fully working your advice was really good!
> Here's my problem, somehow the OpenBSD smtpd decoders fire instead of the
> postfixmaybe I'd need to rearrange the order in
Thanks, Dan!
I now almost got it fully working your advice was really good!
Here's my problem, somehow the OpenBSD smtpd decoders fire instead of the
postfixmaybe I'd need to rearrange the order in the ossec.conf to load
the postfix decoders last.
because it also triggers this
smtpd
On Mon, Mar 28, 2016 at 10:00 AM, theresa mic-snare
wrote:
> hmm, well I have this decoder in my ossec decoder set,
> /var/ossec/etc/ossec_decoders/postfix_decoders.xml
>
> ^warning:
> ^(\S+): hostname (\s+) verification
> failed
> srcip
>
>
> don't remember if I
I have done it when I added host (ASA).
In my file called *.passlist* I have the following record:
*username@192.168.0.1
|password|enablepass*
When I start checking I got error only with enable authentication, the
first authentication is OK.
Also I tried to put enable
On Mon, Mar 28, 2016 at 8:07 AM, Yurii Shatylo wrote:
> I have read ossec-docs but nothing found about how to set user credentials
> for enables mode. If you know, please send me the doc.
> Thank you in advance.
>
On Fri, Mar 25, 2016 at 4:17 PM, theresa mic-snare
wrote:
> Hi,
>
> i'm trying to write my first rules, by extending the existing postfix rules.
>
> here's what i'm trying to test:
>
> 3300
> RBL lookup error:
> Host or domain name not found. Name service
> error
>
On Sun, Mar 27, 2016 at 11:01 AM, Tuan Anh wrote:
> Hi all,
> I have one problem on the level listed in groups. For example, the response
> groups, alert mail groups.
> thanks !
>
This doesn't make any sense to me, but I just started my second cup of
coffee for the day.
I have read ossec-docs but nothing found about how to set user credentials
for enables mode. If you know, please send me the doc.
Thank you in advance.
KR, Yurii
2016-03-28 14:32 GMT+03:00 Eero Volotinen :
> Please read docs and scripts used for this functionality. You
Please read docs and scripts used for this functionality. You need to
supply enable password too.
28.3.2016 2.15 ip. "Yurii Shatylo" kirjoitti:
> Did you mean I need to add second line to *.psslist *with same
> credentials for ENABLE mode?
>
> KR, Yurii
>
> 2016-03-28
Did you mean I need to add second line to *.psslist *with same credentials
for ENABLE mode?
KR, Yurii
2016-03-28 14:10 GMT+03:00 Eero Volotinen :
> you need to supply both passwords to register_host.sh
>
> --
> Eero
>
> 2016-03-28 14:04 GMT+03:00 Yurii Shatylo
you need to supply both passwords to register_host.sh
--
Eero
2016-03-28 14:04 GMT+03:00 Yurii Shatylo :
> Hello,
>
> Cisco settings is setup correctly because I manually logon to ASA without
> any issues and run the command "show ran conf".
> Do you which line has to be
Hello,
Cisco settings is setup correctly because I manually logon to ASA without
any issues and run the command "show ran conf".
Do you which line has to be configure in script? In password list I have
registered login and password by "*register_host.sh*" and I successfully
authenticate (without
You need to configure correct enable password in cisco and script too. (or
to password list)
--
Eero
2016-03-28 13:46 GMT+03:00 Yurii Shatylo :
> Dear Colleagues,
>
> Some time ago I setup Cisco ASA agentless monitoring. After Brent’s
> clarification I found out that I
Dear Colleagues,
Some time ago I setup Cisco ASA agentless monitoring. After Brent’s
clarification I found out that I have missed some settings which I
successfully setup. When the settings were implemented I tried to check by
“./agentless/ssh_asa-fwsmconfig_diff user...@192.168.0.1” command but
Hi,
I have installed the new version of OSSEC v2.8.3. I have a windows ossec
client. I would like to filter Windows event logs
(Applications/Security/System/Application and Services Log) based on the
event ids at ossec client (in order to reduce the logs forwarded to OSSEC
manager).
Ex:
31 matches
Mail list logo