Re: [ossec-list] OSSEC Active Response Block on pattern-matched SSH user logins

On Thu, Jun 15, 2017 at 6:39 AM, Rahul Tiwari wrote: > Can you please provide the rule i am also having the same issue i need to > block the user after failed attempts. > Please help > What is stopping you from creating a rule? Do you have log samples to help us help you?

Re: [ossec-list] Re: Logging of informational events on OSSIM

On Thu, Jun 15, 2017 at 3:14 AM, Irshad Rahimbux wrote: > The logs are being pushed to archives.log and not ossec.log > Only ossec stuff should be in the ossec.log. Alerts go in alerts.log and log events go to archives.log (if the logall option is enabled). > On

Re: [ossec-list] OSSEC Active Response Block on pattern-matched SSH user logins

Can you please provide the rule i am also having the same issue i need to block the user after failed attempts. Please help On Thursday, April 29, 2010 at 3:41:48 AM UTC+5:30, JL wrote: > > Hi all, > > Forgive me if this has been covered somewhere, but I haven't come > across it. > > > Is

[ossec-list] Re: Logging of informational events on OSSIM

Hello Irshad I think I have replied this on the other thread, isn't it? https://groups.google.com/forum/#!topic/ossec-list/mDueDPTDFTw Best regards, On Thursday, June 15, 2017 at 9:14:32 AM UTC+2, Irshad Rahimbux wrote: > > The logs are being pushed to archives.log and not ossec.log > > On

[ossec-list] Re: OSSEC - windows event

Hello Irshad You have configurated your manager in order to recorder all events in archives.log. In this file, you have all the events and there is the event you want to see on the GUI. But, an event could be or not an alert. And if you want to see it on the GUI must be an alert. This is the

[ossec-list] Re: OSSEC-LOGTEST yet Alert Generated yet: **Alert to be generated

Hello. This is a very old thread. But I am facing some similar issues. Can you post your rules that you did for that to work. Thnaks. On Friday, April 13, 2012 at 10:04:21 PM UTC+4, tomcelica wrote: > > Any Ideas what my next step is? No Alert logged even though rule > tests and seems to

[ossec-list] Re: OSSEC - windows event

The logs are being pushed to archives.log and not ossec.log On Thursday, June 15, 2017 at 11:09:01 AM UTC+4, Irshad Rahimbux wrote: > > > Hi, > > I have done the following changes in my configuration files as follows: > > > OAlerts > eventchannel > > > Logs are being pushed to

[ossec-list] Re: Logging of informational events on OSSIM

The logs are being pushed to archives.log and not ossec.log On Thursday, June 15, 2017 at 11:06:58 AM UTC+4, Irshad Rahimbux wrote: > > Hi, > > I am using AlienVault OSSIM and would like to be able to read logs from > windows besides application, security and system. > > I have done the

[ossec-list] Re: OSSEC - windows event

Hi, I have done the following changes in my configuration files as follows: OAlerts eventchannel Logs are being pushed to ossec.log on server as follows: 2017 Jun 15 09:23:19 (Host-172-27-5-231) 172.27.5.231->WinEvtLog 2017 Jun 14 11:55:22 WinEvtLog: OAlerts: INFORMATION(300):

[ossec-list] Logging of informational events on OSSIM

Hi, I am using AlienVault OSSIM and would like to be able to read logs from windows besides application, security and system. I have done the following changes in my configuration files as follows: OAlerts eventchannel Logs are being pushed to ossec.log on server as follows: