On Mon, Mar 16, 2020 at 12:33 PM llehirgen wrote:
>
> I use dokku in a Ubuntu 18.04 LTS machine.
> I received the following alerts concerning files hidden in a long list of
> directories:
>
> Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
> Portion of the log(s):
I use dokku in a Ubuntu 18.04 LTS machine.
I received the following alerts concerning files hidden in a long list of
directories:
Rule: 510 fired (level 7) -> "Host-based anomaly detection event
(rootcheck)."
Portion of the log(s):
Files hidden inside directory
On Mon, Mar 16, 2020 at 8:43 AM dan (ddp) wrote:
>
> On Mon, Mar 16, 2020 at 8:16 AM Olivier Ragain
> wrote:
> >
> > Hi,
> > So now the question is, why does it not work when i use:
> > decoders configuration in the ossec.conf file ?
> > I see that it is loading the file from the logs, but it
On Mon, Mar 16, 2020 at 8:16 AM Olivier Ragain
wrote:
>
> Hi,
> So now the question is, why does it not work when i use:
> decoders configuration in the ossec.conf file ? I
> see that it is loading the file from the logs, but it fails to log the
> decoder information itself and then ossec wont
Hi,
So now the question is, why does it not work when i use:
decoders configuration in the ossec.conf file ?
I see that it is loading the file from the logs, but it fails to log the
decoder information itself and then ossec wont start.
Can anyone explain how to use the decoder_dir configuration
Hi,
So, I've created the local_decoder.xml file in the etc folder and put my
decoder code in it and it is working. I am using version 3.6.0
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop
On Fri, Mar 13, 2020 at 2:28 PM Olivier Ragain
wrote:
>
> Hi,
> I've created a custom decoder:
>
> ^sshd
>
>
>
> sshd-custom
> ^Bad protocol version
> ^\S+ from (\S+) port (\S+)$
> srcip,srcport
>
>
> When I restart the engine to load it, I end up with