g any alerts and
>> doesn't even log them, but still logs any non-email events (levels 1-6) so
>> I can still prove to an auditor that the scans are actually running against
>> various hosts (some auditors want multiple proof points like that).
>>
>> Hope tha
Good morning,
I've been trying to whitelist the IP of my scanner so that I never get
notifications from it and that alerts are ignored for it.
I've tried adding it to the whitelist in the ossec configuration file (And
as I understand, that configuration is not used for the notification
information?
Thanks
On Wed, Mar 11, 2020 at 9:45 AM Olivier Ragain
wrote:
> Hi Bruce,
> Thanks for the clarifications, got mixed up a bit on the if_level and log
> level. I've set it back to 0.
>
> So now the funny thing is as follow:
> * I know my rules work because some of the tes
- Ignoring all alerts triggered by our scanner
>*Rule 11 matched.
>
>
> **Phase 3: Completed filtering (rules).
>Rule id: '11'
>Level: '0'
>Description: 'Ignoring all alerts triggered by our scanner'
>
>
> Now if I set t
10
> Ignoring all alerts triggered by our scanner
>
>
>
>
>
>
>
> Personally I use the second example, which ignores sending any alerts and
> doesn't even log them, but still logs any non-email events (levels 1-6) so
> I can still prove to an auditor that th
Hi,
I've created a custom decoder:
^sshd
sshd-custom
^Bad protocol version
^\S+ from (\S+) port (\S+)$
srcip,srcport
When I restart the engine to load it, I end up with the following error:
2020/03/13 18:21:54 ossec-testrule: INFO: Reading decoder file
Hi,
So now the question is, why does it not work when i use:
decoders configuration in the ossec.conf file ?
I see that it is loading the file from the logs, but it fails to log the
decoder information itself and then ossec wont start.
Can anyone explain how to use the decoder_dir configuration
Hi,
So, I've created the local_decoder.xml file in the etc folder and put my
decoder code in it and it is working. I am using version 3.6.0
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop
Hi
Sorry for the delay in answering.
The error I get:
2020/03/23 12:28:25 ossec-testrule: INFO: Reading decoder file
etc/custom/local_decoder.xml.
2020/03/23 12:28:25 ossec-analysisd(2106): ERROR: Error adding decoder
plugin.
The configuration:
etc/custom
...
Thanks
--
---
You
.
>
> - Bruce
>
>
> On Tuesday, March 10, 2020 at 12:34:41 PM UTC-4, Olivier Ragain wrote:
>>
>> Hi,
>> I ve configured ossec to load rules from a custom folder to avoid having
>> to touch any of the other files and facilitate updates. Some
10 matches
Mail list logo