Tks, Victor.
I ended up doing something like it:
host1|host2|host3
but using the hostname from /etc/hostname of the servers running the agent.
Cheers,
Tom
On Friday, June 2, 2017 at 3:43:23 PM UTC, Victor Fernandez wrote:
>
> Hi Tom,
>
> there is a rule option, , that should work for you.
Hi Prakash
Try set to 0 (now you should have 1) the option *remoted.verify_msg_id* in
/var/ossec/etc/internal_options.conf in the manager and agent and restart
both.
*remoted.verify_msg_id=0*
i hope it helps.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On June 6,
Hi,
Please help.
I am getting following error:-
2017/06/06 11:20:29 ossec-remoted(1407): ERROR: Duplicated counter for
'notify1-nightly.networkfleet.com'.
2017/06/06 11:20:35 ossec-remoted(1407): ERROR: Duplicated counter for
'notify1-nightly.networkfleet.com’.
I have followed steps
Thanks but unfortunately all it shows is the following:
OSSEC HIDS agent_control. Agent information:
Agent ID: 1027
Agent Name: server1
IP address: any/any
Status: Active
Operating system:Linux 4.4.
Client version: OSSEC HIDS v2.8.3 /
Hi all,
have problem with dovecot decoder
Example log:
Dec 19 17:20:08 ny dovecot: pop3-login: Aborted login (auth failed, 2
attempts in 18 secs): user=, method=PLAIN, rip=1.2.3.4, lip=1.2.3.4,
session=
Default dovecot decoder
dovecot
^\w\w\w\w-login: Aborted login
: user=\p(\S+)\p,
Hi John,
I think it should appear in */var/ossec/bin/agent_control -i 1027. *Also,
you can review the ossec.conf of your agent.
Regards.
On Monday, June 5, 2017 at 6:24:14 PM UTC+2, John Kondur wrote:
>
> I just started to use ossec, and was doing some testing by making some
> changes in a