Hi JP1, you found a pattern for archive.log file?
Em quarta-feira, 18 de fevereiro de 2015 17:12:45 UTC-3, jp1...@gmail.com
escreveu:
>
> So, this works OK for me on alerts.log - does anyone have a logstash conf
> that works on the archives.log if you have ossec saving all logs to that?
>
> On
Hi JP1, you found a pattern for archive.log file?
Em quarta-feira, 18 de fevereiro de 2015 17:12:45 UTC-3, jp1...@gmail.com
escreveu:
>
> So, this works OK for me on alerts.log - does anyone have a logstash conf
> that works on the archives.log if you have ossec saving all logs to that?
>
> On
Is there a way to the OSSEC server without the three GeoIP packages or at
least force the packages to not be used? I'd like to install the least
amount of additional packages to my web server as possible.
Thanks,
Shawn
--
---
You received this message because you are subscribed to the
Thanks for your response Santiago!
So the target system is actually a pfSense router (FreeBSD 10.3 based) and
the main problem I have is that the logs are not in plaintext format - they
use a "clog" format instead which OSSEC can't read. The only workaround at
the moment is to run a local
How about modifying the installation package?
Eero
2016-09-22 12:56 GMT+03:00 Victor Fernandez :
> Hi,
>
> when you run the OSSEC installer for Windows, you can choose the location
> where OSSEC will be installed. This shouldn't be a problem.
>
> Since OSSEC registers a
Hi,
when you run the OSSEC installer for Windows, you can choose the location
where OSSEC will be installed. This shouldn't be a problem.
Since OSSEC registers a background service on Windows, you should first
install OSSEC into another partition and then create the C:\ drive image.
Hope it
Hi,
Review *alerts.json* in order to know if you have the decoder name and the
event id extracted in fields. Also, check out your logstash mapping. If the
fields are not extracted in alerts.json, you can not filter by them in
kibana.
I did the query in Wazuh and it works, so I recommend you
Hello all,
We have a group of servers where the C:/ drive gets re-imaged daily with a
standard image. Since its going to be same image that all the servers use,
not sure how to make OSSEC part of that image and avoid agent-server
registration issues. So we wanted to install it on a different