[ossec-list] Active Response in windows 2008

Hi all , I have ossec manager running on centos ,and two agents one of them is running on windows 2008. The active response work fine on centos agent but on windows server not work automatically and work fine manually . I hope to figure out the problem. -- --- You received this message

Re: [ossec-list] Active Response in windows 2008

, 31103,31104,31105,31106,31110,31109,31115,31151,31152,31153,31154,31161,31162,31163,31164,31165 /rules_id timeout600/timeout /active-response On Thursday, May 14, 2015 at 4:43:16 PM UTC+2, dan (ddpbsd) wrote: On Thu, May 14, 2015 at 10:22 AM, HMath h.i.yo...@gmail.com javascript: wrote: Hi all

Re: [ossec-list] Active Response in windows 2008

another point, there are some system errors in windows machine I saw them in log file in windows ossec On Saturday, May 16, 2015 at 1:06:47 PM UTC+2, HMath wrote: yes , I was getting alerts for them in the alert.log and some of them emailed depending on the level. another point

Re: [ossec-list] Active Response in windows 2008

, May 17, 2015 at 3:36 AM, HMath h.i.yo...@gmail.com javascript: wrote: another point, there are some system errors in windows machine I saw them in log file in windows ossec Errors could be bad. I didn't check, but are you sure all of the rule IDs you added to the AR

Re: [ossec-list] Active Response in windows 2008

xxx.xxx.xxx.xxx the IP appears What is the problem in this case? On Tuesday, May 26, 2015 at 11:06:57 AM UTC+2, HMath wrote: I reinstalled the windows server , but the case is similar . I have a question: how ossec server knows the path of the file route-null.cmd existing on windows agent in order

Re: [ossec-list] Updating ossec is done on ossec server only

Thank you On Monday, July 27, 2015 at 4:04:31 PM UTC+2, dan (ddpbsd) wrote: On Jul 26, 2015 7:57 AM, HMath h.i.yo...@gmail.com javascript: wrote: Greetings, I have updated ossec server to latest version , should I update it also in all clients ? They should be kept in sync

Re: [ossec-list] Updating ossec is done on ossec server only

Thank you On Monday, July 27, 2015 at 4:14:51 PM UTC+2, Eero Volotinen wrote: Yes, you should update clients too. Eero 26.7.2015 2.57 ip. HMath h.i.yo...@gmail.com javascript: kirjoitti: Greetings, I have updated ossec server to latest version , should I update it also in all clients

Re: [ossec-list] ossec-remoted(1213): WARN: Message from xxx.xxx.xxx.xxx not allowed

Thank you On Thursday, July 23, 2015 at 1:54:12 PM UTC+2, dan (ddpbsd) wrote: On Jul 23, 2015 4:58 AM, HMath h.i.yo...@gmail.com javascript: wrote: Greetings, I can see this alert on ossec server where this IP is NOT one of clients . What does this mean? It looks like that ip

[ossec-list] Updating ossec is done on ossec server only

Greetings, I have updated ossec server to latest version , should I update it also in all clients ? Thank you -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email

[ossec-list] ossec-remoted(1213): WARN: Message from xxx.xxx.xxx.xxx not allowed

Greetings, I can see this alert on ossec server where this IP is NOT one of clients . What does this mean? -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to