OK, so that base OS came with zlib, sqlite, openssl and make.
As described in the tarball install guidance, I ran a: sudo yum install
make gcc zlib-devel pcre2-devel sqlite-devel openssl-devel libevent-devel
After the install from the tarball, I removed gcc (and the dependencies
that came with
OK, so after a little more digging, I see now why there is no logrotate
script that comes with the build from source since the files in
/var/ossec/logs/alerts, archives and firewall are managed and compressed by
ossec, itself. :)
This leaves me with a couple questions, though.
1) Is the size of
Make came on the base OS, so I'm not inclined to remove that. It's mostly
the compiler I want gone. I'll do a deeper dig into the other dependencies
to see if I can see some obvious ongoing operational reasons to keep the
-devel packages around as most of the time I already had the regular
Thanks for the reply, Dan. I'll probably roll my own logrotate script and
use the one from the Atomic repo 3.3.0 install as a base. And yes,
ossec.log was empty because I hadn't started the agent yet. I had assumed
a different purpose for that file, but now that I'm running a few agents
On Wed, Jun 17, 2020 at 1:31 PM Scott Wozny wrote:
>
> Hi Dan,
>
> Very interesting! Feels kind of Rube Goldberg-y but I fully understand the
> reasoning and it makes perfect sense in the context of what's trying to be
> accomplished here. I very much appreciate the explanation! :)
>
Maybe,
Hi Dan,
Very interesting! Feels kind of Rube Goldberg-y but I fully understand the
reasoning and it makes perfect sense in the context of what's trying to be
accomplished here. I very much appreciate the explanation! :)
Thanks,
Scott
On Wed, Jun 17, 2020 at 8:22 AM dan (ddp) wrote:
> On
On Wed, Jun 17, 2020 at 9:26 AM Rashad Mogsi wrote:
>
> first thx for the replay
> and i did install the ossec-hids -agent and its active on the ossem server.
> so i cant receive any logs in the OSSEM WEB.
> so i want to know how to change refresh rate of reciving logs from the server
> to WEB
first thx for the replay
and i did install the ossec-hids -agent and its active on the ossem server.
so i cant receive any logs in the OSSEM WEB.
so i want to know how to change refresh rate of reciving logs from the
server to WEB interface GUI.
Thank you again for your attention .
On
On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity wrote:
>
> Would someone know if the following is possible?
>
> I have a product by the name of BitDefender which can produce a log - the log
> is in CEF format I believe. That log contains alerts that are raised by
> various endpoints
On Wed, Jun 17, 2020 at 9:15 AM Rashad Mogsi wrote:
>
> i have installed OSSEM Server on Esxi and i can't receve any logs form the
> Windows server .
> is there any configurations should i do from the OSSEM or from the windows so
> i can see the logs
>
OSSEM or OSSEC? I can't help you with
Yes there is! I believe the details are here:
https://www.ossec.net/join-us-on-slack/
On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity wrote:
>
> Is there a slack group for the OSSEC community?
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
>
i have installed OSSEM Server on Esxi and i can't receve any logs form the
Windows server .
is there any configurations should i do from the OSSEM or from the windows
so i can see the logs
any one can answer?
--
---
You received this message because you are subscribed to the Google Groups
Is there a slack group for the OSSEC community?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this
Would someone know if the following is possible?
I have a product by the name of BitDefender which can produce a log - the
log is in CEF format I believe. That log contains alerts that are raised
by various endpoints being monitored by BitDefender.
1. Is there a way I could deploy an
On Sun, Jun 14, 2020 at 2:57 AM John Goh wrote:
>
> So I should just leave the IDS running for a period of time and it will log
> in real-time?
>
It's supposed to.
> The only changes that the IDS currently logs are like files in etc and
> Mozilla cache. Nothing else in particular on those
On Mon, Jun 15, 2020 at 3:09 PM Scott Wozny wrote:
>
> I'm trying to get off the Atomic repo for a variety of reasons, so I just did
> a 3.6.0 agent install from the tarball's script on a CentOS 7 minimal machine
> to test the process and compatibility with my build tweaks. One of the
>
On Tue, Jun 16, 2020 at 7:21 AM siddharth jha wrote:
>
> Hi,
>
> I'm new in ossec and recently install OSSEC 3.6.0 on Ubuntu 18.04.04 server
> successfully.
> also add some win. agent and i can see alerts on ossec web-ui but i'm not
> receiving any alerts on email.
> need suggestion how should
On Tue, Jun 16, 2020 at 5:35 PM Scott Wozny wrote:
>
> Just an "idle curiosity" kind of question. In a 3.6.0 server installed from
> the tarball on CentOS 7, when I run a ps, I have 2 instances of
> /var/ossec/bin/ossec-maild running, both under UID ossecm. Does anyone know
> why there are 2
18 matches
Mail list logo