On Thu, Jun 15, 2017 at 6:39 AM, Rahul Tiwari wrote:
> Can you please provide the rule i am also having the same issue i need to
> block the user after failed attempts.
> Please help
>
What is stopping you from creating a rule?
Do you have log samples to help us help you?
On Thu, Jun 15, 2017 at 3:14 AM, Irshad Rahimbux
wrote:
> The logs are being pushed to archives.log and not ossec.log
>
Only ossec stuff should be in the ossec.log. Alerts go in alerts.log
and log events go to archives.log (if the logall option is enabled).
> On
Can you please provide the rule i am also having the same issue i need to
block the user after failed attempts.
Please help
On Thursday, April 29, 2010 at 3:41:48 AM UTC+5:30, JL wrote:
>
> Hi all,
>
> Forgive me if this has been covered somewhere, but I haven't come
> across it.
>
>
> Is
Hello Irshad
I think I have replied this on the other thread, isn't it?
https://groups.google.com/forum/#!topic/ossec-list/mDueDPTDFTw
Best regards,
On Thursday, June 15, 2017 at 9:14:32 AM UTC+2, Irshad Rahimbux wrote:
>
> The logs are being pushed to archives.log and not ossec.log
>
> On
Hello Irshad
You have configurated your manager in order to recorder all events in
archives.log. In this file, you have all the events and there is the event
you want to see on the GUI. But, an event could be or not an alert. And if
you want to see it on the GUI must be an alert. This is the
Hello. This is a very old thread. But I am facing some similar issues.
Can you post your rules that you did for that to work.
Thnaks.
On Friday, April 13, 2012 at 10:04:21 PM UTC+4, tomcelica wrote:
>
> Any Ideas what my next step is? No Alert logged even though rule
> tests and seems to
The logs are being pushed to archives.log and not ossec.log
On Thursday, June 15, 2017 at 11:09:01 AM UTC+4, Irshad Rahimbux wrote:
>
>
> Hi,
>
> I have done the following changes in my configuration files as follows:
>
>
> OAlerts
> eventchannel
>
>
> Logs are being pushed to
The logs are being pushed to archives.log and not ossec.log
On Thursday, June 15, 2017 at 11:06:58 AM UTC+4, Irshad Rahimbux wrote:
>
> Hi,
>
> I am using AlienVault OSSIM and would like to be able to read logs from
> windows besides application, security and system.
>
> I have done the
Hi,
I have done the following changes in my configuration files as follows:
OAlerts
eventchannel
Logs are being pushed to ossec.log on server as follows:
2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun
14 11:55:22 WinEvtLog: OAlerts: INFORMATION(300):
Hi,
I am using AlienVault OSSIM and would like to be able to read logs from
windows besides application, security and system.
I have done the following changes in my configuration files as follows:
OAlerts
eventchannel
Logs are being pushed to ossec.log on server as follows:
10 matches
Mail list logo