As the default audit plugins for MySQL are somewhat horrific (XML is not a
log format), and the log syntax for MySQL is multi-line, I've been looking
for other options.
The MariaDB audit plugin so far looks very nice-- It's highly tunable in
terms of what it can report and it plays nice with
Hi all,
I think there is a misunderstanding. According to your *full_log*, I can
see 2 "Account name" fields, the first one is *SubjectUserName*, and the
second one is *TargetUserName*. We are only extracting the *SubjectUserName*
as *Account name*. So, if you paste here your log, I can
Hi,
OSSEC has the capability to detect running processes as well as look for
existing registry keys or folders present on the system, you could use that
to detect the rogue software.
Example of getting running processes in Windows and trigger an alert when
needed (using localfiles / logcollector
An agent is connected if the manager received a keep alive on the past 30
minutes.
The agent sends (by default) a keep alive message every 10 minutes,
everytime manager get a new keep alive, update an internal file for that
particular agent, if the agent after three tries (30 minutes) don't reach
Hi AntonH,
I can see your full_log on Kibana screenshots, it seems like even OSSEC is
not getting that field on the raw_log, meaning we are not extracting it
from the EventChannel.
Currently OSSEC is not extracting all the fields detail on the XML, related
code:
