Re: [ossec-list] OSSEC agent 2.9 failing on solaris 10

install or compile newer version of openssl into machine and try recompiling ossec? Ire Kourkoumelis kirjoitti ti 27. marrask. 2018 klo 18.31: > So, what can I do to resolv this and install ossec? > > > > El martes, 27 de noviembre de 2018, 13:25:10 (UTC-3), dan (ddpbsd) > escribió: >> >> On

Re: [ossec-list] [v2.8.3][ossec-maild] ERROR (smtp server)

well. does telnet localhost work fine? Eero ti 29. toukok. 2018 klo 12.06 kirjoitti: > Hi, > > I am receiving the error: > > > > *2018/05/28 17:29:54 ossec-maild(1223): ERROR: Error Sending email to > 127.0.0.1 (smtp server)2018/05/28 18:00:01 ossec-maild(1223): ERROR: Error > Sending email to

Re: [ossec-list] Re: PCI 10.5.5 Requirement OSSEC configuration

Log hashing? integrity? Try samhain to guard your ossec logs? Eero ma 14. toukok. 2018 klo 19.48 Will Duckworth kirjoitti: > Did you ever find out a method? Or just assume the indexing is enough? > > > > On Thursday, 9 February 2012 19:57:46 UTC, awhitehatter

Re: [ossec-list] Ossec agent installation issue on AIX Server's

Well. I don't have access to AIX system, so I cannot fix or help with issue. Eero On Mon, Feb 12, 2018 at 11:12 AM, Sardar Salim Shaikh wrote: > Hi Eero, > > Thanks for your reply !!! > > The gcc version on AIX 6.1 is : gcc-4.8.3-1 > > Please help me with this issue, I'm

Re: [ossec-list] Ossec agent installation issue on AIX Server's

Well, are you using gcc on aix? what is output of cc --version and gcc --version Eero 2018-01-29 8:55 GMT+02:00 Sardar Salim Shaikh : > Hello All, > > I'm facing some issues installing the ossec agent on the AIX Server 6.3 > and 7.1, I'm getting below error's while

Re: [ossec-list] Solaris 10 install issue - Fatal error in reader: Makefile, line 4

you could also try to edit file src/makefile: find line 4: uname_S := $(shell sh -c 'uname -s 2>/dev/null || echo not') and replace it with uname_S=SunOS and try again.. Eero 2017-06-30 2:04 GMT+03:00 Eero Volotinen <eero.voloti...@iki.fi>: > what is output of: > &

Re: [ossec-list] Solaris 10 install issue - Fatal error in reader: Makefile, line 4

what is output of: make --version as you can see from errormessage, problem is in the makefile. 2017-06-29 23:39 GMT+03:00 Robert : > I am having issues installing on Solaris 10 (i.e. Solaris 10 8/11 > s10s_u10wos_17b SPARC) and am getting the error below when it

Re: [ossec-list] OSSEC install on Solaris 9

ource for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > # cc --version > /usr/ucb/cc: language optional software package not installed > > > > On Monday, June 26, 2017 at 3:25:45 PM UTC-4, Eero Vol

Re: [ossec-list] OSSEC install on Solaris 9

rc/os_crypto/blowfish > *** Error code 1 > make: Fatal error: Command failed for target `os_crypto' > Current working directory /export/ossec-hids-2.8.1/src/os_crypto > > Error Making os_crypto > *** Error code 1 > make: Fatal error: Command failed for target `all' > > Err

Re: [ossec-list] can't access https://www.atomicorp.com/downloads

Works fine from my browser. Eero 2017-03-06 9:58 GMT+02:00 : > I can't access https://www.atomicorp.com/downloads, the website return > this error: > > Forbidden You do not have permission to access this document. > > -- > Web Server at

Re: [ossec-list] ossec-remoted not running

Is something runnin on port 1514 already? or ossec already running? Eero 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo < eduardo.reich...@hotmail.com>: > Dear All, > i doing installing ossec server in RHEL 6.8, but just ossec-remoted not > running, i do troubleshooting with commands

Re: [ossec-list] Mass monitoring log files in a folder on windows

. Only strftime works but in some of my cases it's not > enough :( > > Regards > > T. > > 2017. február 14., kedd 1:19:41 UTC+1 időpontban Eero Volotinen a > következőt írta: >> >> try *log instead of *.log >> >> Eero >> >> 13.2.2017 6.19

Re: [ossec-list] Mass monitoring log files in a folder on windows

random > characters/numbers at the end of the filename like: > log-20160829124854-kibe.1519.22082016.log. The "1519.22" part is random. > That's why I wanted to use *.log. :( > > 2017. február 13., hétfő 14:54:32 UTC+1 időpontban Eero Volotinen a > következőt írta: >

Re: [ossec-list] Mass monitoring log files in a folder on windows

Check out this: Date Based Example For log files that change according to the date, you can also specify a strftime format to replace the day, month, year, etc. For example, to monitor the log C:\Windows\app\log-08-12-15.log, where 08 is the year, 12 is the month and 15 the day (and it is rolled

Re: [ossec-list] Email Alerts on Google Compute Instances

How about using local postfix for smarthost and configuring relay with it? -- Eero 2016-12-13 13:37 GMT+02:00 flippery_fish : > Hi, > > Google Compute Engine does not allow outbound connections on ports 25, > 465, and 587. > > As recommended by GCE, I have setup mailjet

Re: [ossec-list] Re: How to change the OSSEC installation directory in windows

How about modifying the installation package? Eero 2016-09-22 12:56 GMT+03:00 Victor Fernandez : > Hi, > > when you run the OSSEC installer for Windows, you can choose the location > where OSSEC will be installed. This shouldn't be a problem. > > Since OSSEC registers a

Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

You can use ip address any while creating agent keys for roaming devices. Eero 2016-09-13 10:58 GMT+03:00 Nick Giannoulis : > Hi all > I have an OSSEC server running perfectly monitoring all my servers. I > want to expand it to start monitoring my 'normal' clients ( win7-10

Re: [ossec-list] in solaris - does realtime check work?

I think that realtime monitoring is not supported under solaris. eero 8.9.2016 9.40 ip. "Stephen LuShing" kirjoitti: > I install ossec in solaris and trying to check some directories so I setup > the following in ossec.conf > > > >

Re: [ossec-list] trying to install ossec on solaris 10

try installing gcc and then point cc to gcc binary. Eero 2016-09-06 22:28 GMT+03:00 Stephen LuShing : > - I am running bash and fixed some places where the was a /bin/sh to > ./bin/bash. > - Since Solaris 10 has no cc - I install Sun Studio 12.2 and pointed the > path of cc

Re: [ossec-list] cannot connect to ossec server on docker

Try creating client key with correct ip addresa.. 27.8.2016 12.35 ap. "Ka-Hing Cheung" kirjoitti: > I have ossec server and agent running in two different docker images. The > agent is not able to connect to the server: > > > 2016/08/26 20:56:25 ossec-agentd: INFO: Trying to

Re: [ossec-list] Irregular Agent Activity in OSSEC agents

Are you running out of network or disk speed? Eero 20.7.2016 10.39 ip. "eyal gershon" kirjoitti: > Hey Jose, > > There was no update or upgrade done. > I performed the procedure you mentioned before but the results stayed the > same. > > I have around 1600 servers and 400

Re: [ossec-list] Solaris Compilation - Visibility

Tried compiling ossec 2.8.3 under Solaris/x86 5.10 and it worked. Any of these messages are not errors, they are just warnings. Please provide complete output from compiling. Eero 2016-07-19 22:28 GMT+03:00 Kumar Mg : > Hi, > > We also have the agent compilation issue on the

Re: [ossec-list] Solaris Compilation - Visibility

what is your solaris version, platform and gcc version? this might be related to zlib.. Eero 2016-07-19 22:28 GMT+03:00 Kumar Mg : > Hi, > > We also have the agent compilation issue on the Solaris platform with the > 2.8.3 version of code. How can we fix the "Checking for >

Re: [ossec-list] not able to send alert mail

Use local smtp instead of it. Eero 4.7.2016 10.43 ap. "rvb n" kirjoitti: > Hi Friends, > > I am trying to send alert mail from my ossec server to googleapps mail but > i could not make it. getting enclosed error > > my smtp server is googleapp server > >

Re: [ossec-list] Ransomware.

Well. This is impossible. There is no way to see difference between normal file access and virus crypting all your files.. Eero 7.6.2016 6.31 ip. "Nate" kirjoitti: > We currently have samba file servers, which of course log access and > whatnot to the samba logs. > > I'm

Re: [ossec-list] Ossec Over TCP

well. tcp is not supported? Eero 2016-05-05 9:02 GMT+03:00 Vani Paridhyani : > Hi! > > I need to run ossec over tcp. I made below modifications: > > In server ossec.conf: > > > > syslog > > 1515 > > tcp > > > > > In client ossec.conf: > > > > >

Re: [ossec-list] Re: id "|" or "," ??

They are regexp operators ^ beginning of line and $ is end of line.. Eero 28.3.2016 10.11 ip. "Rob B" kirjoitti: > PS. Almost forgot to add : > > What does this mean? ^1000$|^1002$ > > The "^" and the '$' before the pipe really has me perplexed. > > Thx. > > >

Re: [ossec-list] Re: ssh_asa-fwsmconfig_diff

KR, Yurii > > 2016-03-28 14:10 GMT+03:00 Eero Volotinen <eero.voloti...@iki.fi>: > >> you need to supply both passwords to register_host.sh >> >> -- >> Eero >> >> 2016-03-28 14:04 GMT+03:00 Yurii Shatylo <yuriishat...@gmail.com>: &g

Re: [ossec-list] Re: ssh_asa-fwsmconfig_diff

ot;. > Do you which line has to be configure in script? In password list I have > registered login and password by "*register_host.sh*" and I successfully > authenticate (without ENABLE mode) when I start checking the script. I have > only issue with ENABLE mode password. > >

Re: [ossec-list] Re: ssh_asa-fwsmconfig_diff

You need to configure correct enable password in cisco and script too. (or to password list) -- Eero 2016-03-28 13:46 GMT+03:00 Yurii Shatylo : > Dear Colleagues, > > Some time ago I setup Cisco ASA agentless monitoring. After Brent’s > clarification I found out that I

Re: [ossec-list] Facing error while installing ossec agent in Centos 7

You need to install gcc on your system 19.3.2016 2.33 ip. "ROSHIN SARATH.S" kirjoitti: > i tried to install OSSEC agent OSSEC HIDS v2.8 in Centos 7 but getting an > error in final stage > error is in below > > 5- Installing the system > - Running the Makefile > ./Makeall:

Re: [ossec-list] important questions on CDB lists

Err. You must be joking? Try googling with 'CDB'. Eero 18.3.2016 9.42 ip. "theresa mic-snare" kirjoitti: > ehlo *, > > I have an important question about CDB lists, as I'm just researching for > my thesis on OSSEC. > yes, i've read the documentation on readthedocs, maybe

Re: [ossec-list] Re: OSSEC compilation error on 5.3 AIX

Well. You must be joking. Get one. -- Eero 2016-03-15 18:44 GMT+02:00 Aymen Belkhiria <belkhiria.ay...@gmail.com>: > The issue is that I don't have a test environnement. > > BR > > On Tuesday, March 15, 2016 at 2:15:50 PM UTC+1, Eero Volotinen wrote: >> >> Compi

Re: [ossec-list] Re: OSSEC compilation error on 5.3 AIX

Compile on test host and copy binaries to production host.. Eero 15.3.2016 3.04 ip. "Aymen Belkhiria" kirjoitti: > Hi there, >> > > I have to install ossec in AIX 5.3 do you have the recompiled ossec agent > version? was you able to compile it. > The issue is that the

Re: [ossec-list] OSSEC Server Backup & Restore Procedure

Just shutdown the server and pack /var/ossec-directory and init scripts to tarball? restore works just unpacking the tarball to correct directory. -- Eero 2016-02-25 7:56 GMT+02:00 : > Hi Team, > > Can someone help tell how to take backup & restore for OSSEC 2.8.3. > > > Regards

Re: [ossec-list] Alert fires, but no email generated?

this particular > alert - mail alerts seems to be working fine for other rules? > > I checked the mail.info for anything obvious, but couldn't see anything > suspicious at a first glance... > > Best regards, > Fredrik > > On Wednesday, February 24, 2016 at 7:54:43 AM UTC+1

Re: [ossec-list] Alert fires, but no email generated?

Please check your mail server configuration? 2016-02-24 8:28 GMT+02:00 Fredrik : > Thanks Santiago, please find more details below. > > Best regards, > Fredrik > > Yes, I see the alert written to alerts.log (pulled the alert below out of > the archive from yesterday) and

Re: [ossec-list] ERROR: Incorrectly formated message

Key is incorrect ? Try deleting old key and re adding agent? 2.2.2016 6.41 ip. "Robert" kirjoitti: > Hi, > > I already removed and readded one of my agent to to the OSSEC server > (following this guide >

Re: [ossec-list] Re: Global Mail limit

Well, why there is such low limit without #define INT_MAX_VALUE YY Is should be like (Mail->maxperhour > INT_MAX_VALUE) ? -- Eero 2016-01-28 16:22 GMT+02:00 : > Hi, > > I found that limit and it's hardcoded at function Read_Global(), in > src/config/global-config.c > > if

Re: [ossec-list] Re: Global Mail limit

can realistically handle > and investigate more than 10,000+ emails in an hour :) > > thanks, > > > > > > On Fri, Jan 29, 2016 at 1:16 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > >> Well, why there is such low limit without #define INT_MAX_VAL

Re: [ossec-list] Global Mail limit

So, you are sending over in one hour? Changing that requires patch and recompiling ossec server. -- Eero 2016-01-28 11:10 GMT+02:00 Lionel Caignec : > Hi, > > I use ossec to monitor all servers activities from my enterprise including > creation/modification of file. > >

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

Path of as binary, not /var/ossec Eero ke 18. marraskuuta 2015 klo 19.39 Edward <ecanmas...@gmail.com> kirjoitti: > rpm -qf /var/ossec > file /var/ossec is not owned by any package > > > > On Wednesday, November 18, 2015 at 6:34:44 PM UTC+1, Eero Volotinen wrote: >

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

h the same sles11 sp1 and not all > were found, but ossec is installed on this one and working. > This is getting real frustrating, I need to know what exactly is going > wrong. > anyhelp would be much appreciated > > > > On Monday, November 16, 2015 at 8:52:15 PM UTC+1,

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

gainst another server with the same sles11 sp1 and not all > were found, but ossec is installed on this one and working. > This is getting real frustrating, I need to know what exactly is going > wrong. > anyhelp would be much appreciated > > > > On Monday, November 16, 2

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

ht be the compiler is missing critical components > I am getting lost in this issue > > On Wednesday, November 18, 2015 at 6:04:17 PM UTC+1, Eero Volotinen wrote: >> >> Well, >> >> you need to install c++ develoment tools. >> >> see url: >> http:

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

I think assembler 'as' is missing. 16.11.2015 4.41 ip. "Edward" kirjoitti: > I am trying to install ossec agent (2.8.1) on sles 11 sp1 and when running > the ./install.sh I get this error: > > cc: error trying to exec 'as': execvp: No such file or directory > > I did

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

oftware from the official website is not made for Sles and thats why I > have all these issue's. > what is also annoying is that there is nothing in /var/log/messages , is > there some debug function as to why the installer is not working? > > > On Monday, November 16, 2015 at 5

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

ember 16, 2015 at 5:00:30 PM UTC+1, Eero Volotinen wrote: >> >> I think assembler 'as' is missing. >> 16.11.2015 4.41 ip. "Edward" <ecanm...@gmail.com> kirjoitti: >> >>> I am trying to install ossec agent (2.8.1) on sles 11 sp1 and when >&

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

# >> [100%] >> >> >> so it has been installed it, but I don't see the installation... don't >> see the ossec directory being installed >> package doesnt seem to be working >> >> >> >> On Monday, November 16, 2015 at 5:42:00

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

> > but when i search for rpm i get: > > rpm -q ossec-hids-2.8.1-1.1.x86_64.rpm > package ossec-hids-2.8.1-1.1.x86_64.rpm is not installed > > I checked the directories and /var/ossec has not being created > > it doesn't look like it has been installed > > >

Re: [ossec-list] OSSEC installation error cc: error trying to exec 'as': execvp

Well, I extracted buildrequirements from source packages and they look like this: *BuildReq*uires: coreutils *BuildReq*uires: zlib-devel-static *BuildReq*uires: zlib-devel *BuildReq*uires: glibc-devel *BuildReq*uires: openssl-devel *BuildReq*uires: mysql-devel *BuildReq*uires:

Re: [ossec-list] Ossec Client 2.8.3 Detect As Malware

Try using virustotal scanning service. That is possibly false positive. Eero 11.11.2015 2.48 ip. kirjoitti: > Guys > > I did download ossec client 2.8.3 and received a warning message: The file > has a malware: BehavesLike.Win32.Dropper.tc > I use mcafee webgateway 7.6.0 in

Re: [ossec-list] sending email through existing smtp server

You should use local postfix to relay mails. Eero 7.11.2015 10.55 ip. kirjoitti: > Hi all, > > I recently installed OSSEC 2.8.1 on a Debian machine, and I really don't > understand how this email setup works. My config file looks like this: > > > yes >

Re: [ossec-list] Create an alert for NTP offset

You should use nagios for this kind of checks. Eero 4.11.2015 6.08 ip. "Robert Micallef" kirjoitti: > Hi, > > I was wondering if anyone can help me configure a decoder and subsequently > an alert for when the NTP offset becomes too high. For security reasons I > had to

Re: [ossec-list] Re: Ossec agent error

Well, you said that server is located at .200. It isn't according this log . 4.11.2015 12.58 ip. "Reinaldo Fernandes" kirjoitti: > Shouldn't I receive a connected successfully instead of this warnig? > > I found this and it's says that the agent is having issues to

Re: [ossec-list] Re: Ossec agent error

Are you trying to execute log file? You need to run sudo tail filename, not sudo filename Eero 3.11.2015 5.40 ip. "Reinaldo Fernandes" kirjoitti: > Hi dan, > I did now: > sudo /var/ossec/logs/ossec.log > > and I got exactly the same entrys on the logs as before:

Re: [ossec-list] Re: Ossec agent error

sudo tail -f /path/to/filename Eero 3.11.2015 6.26 ip. "Reinaldo Fernandes" kirjoitti: > > Can you provide me the correct command to run?? > Thank you > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group.

Re: [ossec-list] Ossec agent error

this is firewall issue.disable local firewall on ossec server. eero tiistai 3. marraskuuta 2015 Reinaldo Fernandes < fernandes.jreina...@gmail.com> kirjoitti: > Hello, > > > > My name is Reinaldo Fernandes and I’m contacting you regarding the Ossec > solution > > I have been trying to deploy

Re: [ossec-list] Level: 6 - Attempt to use mail server as relay (client host rejected).

Your postfix is incorrectly configured.this is not related with ossec in anyway. Eero 2.11.2015 11.37 ap. "Hak Bun" kirjoitti: > Dear All, > > I have just installed Postfix, Dovecot, and Squirrelmail. > When I test sending out through the web mail, my yahoo can receive the

Re: [ossec-list] OSSEC INSTALLATION ERROR ON AIX 7

what is output of command: cc --version Eero 2015-10-28 8:59 GMT+02:00 : > We are facing difficulties in installation of Ossec on our AIX 7.1 server. > > Error we are getting > > *5- Installing the system* > > *- Running the Makefile* > > > > Making zlib (by

Re: [ossec-list] Re: Watchguard Firebox logs

Did you checked out watchguard dimension appliance? Eero 27.10.2015 10.49 ap. "Tero Onttonen" kirjoitti: > Hi, > > I would be interested in to find a solution regarding Watchguard logs. I > did not find a solution after some searching. > > Did this go any further? > >

Re: [ossec-list] how to set alert for authentication failure attempt in windows

it's already included in ossec ruleset, just configure alert levels for email or sms? Eero 2015-10-23 6:48 GMT+03:00 Hak Bun : > Dear All, > > How can I set alert for authentication failure attempt in windows? > > Thanks in advance for your comment. > Hak > > -- > > --- >

Re: [ossec-list] OSSEC error log

how about configuring ipsec psk correctly? I don't see much related to ossec. -- Eero 2015-10-16 8:30 GMT+03:00 Abdul Adil : > Hi OSSEC Community, > > Could any one please help with this error log from OSSEC ? > Oct 1 03:17:18 ip-XX-X-X-XX.us-west-2.server 2015:pmthrfw1

Re: [ossec-list] ossec-remoted(1213): WARN: Message from x.x.x.x not allowed.

rds, as i > described earlier, agent and clients are having communications but behind > the NAT through the Site to Site VPN connections > > > > On Thursday, October 15, 2015 at 11:07:51 AM UTC+5:30, Eero Volotinen > wrote: >> >> to client key ip address field .. >> &g

Re: [ossec-list] ossec-remoted(1213): WARN: Message from x.x.x.x not allowed.

well, you need to use correct ip address while creating client key or using ip address ANY .. -- Eero 2015-10-14 15:49 GMT+03:00 Hari Krishna : > I have both my clients and servers are behind the nat and connected with > VPN tunnel, Agents within the servers subnet,

Re: [ossec-list] ossec-remoted(1213): WARN: Message from x.x.x.x not allowed.

to client key ip address field .. -- Eero 2015-10-15 8:31 GMT+03:00 hari krishna <g2h...@gmail.com>: > Can you explain in detailed about the solution, where do i have to add > this ANY ? > > > > On Wednesday, October 14, 2015 at 6:54:45 PM UTC+5:30, Eero Volotinen >

Re: [ossec-list] Checkpoint OPSEC Certification

Hi, Is there any problems to set checkpoint to log into syslog and then use ossec agent on box to forward logs to ossec server? This is usual way to do this.. -- Eero 2015-09-25 0:37 GMT+03:00 : > Hello, I'm trying to get my Checkpoint firewall, ips, vpn, etc. logs into >

Re: [ossec-list] Glibc 2.14 dependency

Just install it from sources or from atomic repo.. Eero 27.8.2015 3.02 ip. Onion Guy oni0nytiru...@gmail.com kirjoitti: Hello all, It appears the latest version of OSSEC requires glibc 2.14. Are there any versions that require a lower version, specifically 2.12? I am running CentOS 6 so

Re: [ossec-list] OSSEC WUI can't read alerts.log

Well, you need to give correct permissions to apache as wui is running under apache uid.. Eeeo 8.8.2015 8.27 ip. Daniel Twardowski noghrisli...@gmail.com kirjoitti: I'm using OSSEC Server Virtual Appliance 2.8.2 and last night I configured a few domain controllers to send it their logs. When

Re: [ossec-list] OSSEC WUI can't read alerts.log

and still got the error. Alerts.log is still growing, though. Up to 4.2G. On Saturday, August 8, 2015 at 3:29:32 PM UTC-4, Eero Volotinen wrote: Well, you need to give correct permissions to apache as wui is running under apache uid.. Eeeo 8.8.2015 8.27 ip. Daniel Twardowski noghri...@gmail.com

Re: [ossec-list] Updating ossec is done on ossec server only

Yes, you should update clients too. Eero 26.7.2015 2.57 ip. HMath h.i.youss...@gmail.com kirjoitti: Greetings, I have updated ossec server to latest version , should I update it also in all clients ? Thank you -- --- You received this message because you are subscribed to the Google

Re: [ossec-list] authenticated smtp usage...

How about using postix on localhost? Much better solution.. On Jun 15, 2015 6:04 PM, Mark Feferman mark.fefer...@gmail.com wrote: I know this topic has been discussed many times, but I'm not sure why it isn't implemented. smtp_usernamesend_from_email_username/smtp_username

Re: [ossec-list] Blank /etc/hosts.deny

Well, did you actived active response? It might modify hosts.deny .. 10.5.2015 7.53 ip. fi...@vivaldi.net kirjoitti: Hi, Before installing OSSEC on a Debian 8 server, I took a look at the hosts.deny and hosts.allow files and noted that they were not blank. After installing OSSEC, however,

Re: [ossec-list] Error on osssec 2.8.1 installation - Permission Issue?

even start if you are not. Thanks, Bruno On Monday, May 4, 2015 at 5:02:11 PM UTC-7, Eero Volotinen wrote: Really root user? Try again.. Eero 5.5.2015 2.53 ap. Bruno Alvisio bruno@gmail.com kirjoitti: Hello, I am trying to install osssec 2.8.1 on Linux hybrid version. When I

Re: [ossec-list] Error on osssec 2.8.1 installation - Permission Issue?

Really root user? Try again.. Eero 5.5.2015 2.53 ap. Bruno Alvisio bruno.alvi...@gmail.com kirjoitti: Hello, I am trying to install osssec 2.8.1 on Linux hybrid version. When I run the ./install.sh script as root: I get the following error: ./install.sh: line 725: ./etc/ossec.mc:

Re: [ossec-list] Problem with snort

How snort logging is configured? Full or fast mode? 3.5.2015 2.51 ap. AMINE.E amine.eloui...@um5s.net.ma kirjoitti: Hi I have noticed something with snort-full log format, that it is not logging the *full_log* into /var/ossec/logs/alerts/alert.log. it just takes the *first* line and logs it.

Re: [ossec-list] ETL Developer at Woodlawn,MD

Please remove this spammer from mailinglist? -- Eero 2015-04-09 19:23 GMT+03:00 saquib ansari saquib8860.ans...@gmail.com: * NOTE: Only for W2 candidates* *Job Title:* ETL Developer *Location:* Woodlawn, MD *Duration:* 2+

Re: [ossec-list] ERROR: Invalid ID for the source ip: 'x.x.x.x'

2015-04-07 21:55 GMT+03:00 Sinisha Erceg ser...@windmobile.ca: Hello, I apologize in advance for lack of understanding and I’ve attempted to look through the forums but I have inherited OSSEC from a predecessor and I have limited *nix experience. I’ve managed to fix some items but some

Re: [ossec-list] ERROR: Invalid ID for the source ip: 'x.x.x.x'

Is source address incorrect? Ipsec connections, firewalls with nat rules can cause this kind of issues. Try dumping ossec traffic from manager and check that ip source is correct? Eero 7.4.2015 11.36 ip. Sinisha Erceg ser...@windmobile.ca kirjoitti: Thanks Eero for your quick reply. I am

Re: [ossec-list] JD for review: Oracle GL Restructuring Technical Consultant @ Dublin, OH

Hi, Please stop spamming ossec list. -- Eero 2015-04-08 0:16 GMT+03:00 saquib ansari saquib8860.ans...@gmail.com: *Please have a look on the below requirement and if interested revert me back with your updated profile.* *Role: Oracle GL Restructuring Technical Consultant*

Re: [ossec-list] Re: Can OSSEC log all process the user open in Microsoft Windows?

How about reading the documentation ? Eero 31.3.2015 6.17 ip. kirjoitti Nhen Panha panhan...@gmail.com: Sorry sir! My skill is Cisco configuration. I don't know how to Configure windows to track the information. Could you help me please? On Sunday, March 29, 2015 at 6:22:01 PM UTC+7, Nhen

Re: [ossec-list] Re: Cannot get Syslog from Cisco Devices

2015-03-24 23:31 GMT+02:00 Nhen Panha panhan...@gmail.com: Help me to configure my router with ossec manager Do you really understand how cisco logging works? logging trap XXX sets the log level of cisco to syslog.

Re: [ossec-list] Cannot get Syslog from Cisco Devices

Try following settings on cisco (asa) logging enable logging trap notifications -- Eero 2015-03-24 22:09 GMT+02:00 Nhen Panha panhan...@gmail.com: Hello sir! Today, I would like to ask you the problem between configuration Ossec and Cisco devices. In cisco router and switch I config:

Re: [ossec-list] Cannot OSSEC to MySQL Server

2015-03-21 19:18 GMT+02:00 Network Infrastructure panhatiger...@gmail.com: Help me please! I installed and configured OSSEC on CentOS 6.6 and also install XAMPP 1.8.1 to sent report to MySQL Server but I got error as below: ossec-dbd(5202): ERROR: Error connecting to database

Re: [ossec-list] Cannot OSSEC to MySQL Server

Is telnet 127.0.0.1 3306 working? No connection refused reply? Eero 21.3.2015 7.36 ip. kirjoitti Network Infrastructure panhatiger...@gmail.com: Help me please! I installed and configured OSSEC on CentOS 6.6 and also install XAMPP 1.8.1 to sent report to MySQL Server but I got error as

Re: [ossec-list] Re: I cannot monitor my ASA 5520 by using OSSEC

2015-02-13 17:43 GMT+02:00 Network Infrastructure panhatiger...@gmail.com: I don't see anything but I think I config my ASA working properly. Well, well. http://www.killyourdarlingsjournal.com/wp/wp-content/uploads/2014/06/5881861191_90de8b5bc9.jpg -- Eero -- --- You received this

Re: [ossec-list] Re: I cannot monitor my ASA 5520 by using OSSEC

2015-02-12 10:18 GMT+02:00 Network Infrastructure panhatiger...@gmail.com: I don't know about this problem You cannot run two services (daemons) on same port. You need to reconfigure syslog or/and disable and stop it. -- Eero -- --- You received this message because you are subscribed to

Re: [ossec-list] Re: I cannot monitor my ASA 5520 by using OSSEC

2015-02-12 10:47 GMT+02:00 Network Infrastructure panhatiger...@gmail.com: can you guide me to config it? No, you need to use google to find instructions to do that. -- Eero -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe

Re: [ossec-list] Re: I cannot monitor my ASA 5520 by using OSSEC

2015-02-12 6:06 GMT+02:00 Network Infrastructure panhatiger...@gmail.com: When I open ossec.log I saw that: Remote syslog allowed from: '192.168.10.1' Error: Unable to bind port '514' is syslog already using that port? -- Eero -- --- You received this message because you are subscribed

Re: [ossec-list] Re: I cannot monitor my ASA 5520 by using OSSEC

You need to enable logging to syslog server first. command is like logging trap syslog-level example: conf t logging trap notifications wr br, Eero -- 2015-02-11 8:50 GMT+02:00 Network Infrastructure panhatiger...@gmail.com: This is the message when I use the command: but it doesn't work

Re: [ossec-list] Can use OSSEC for FIM solution ,

2015-02-11 12:42 GMT+02:00 shankey shankey.ci...@gmail.com: HOW server and client communicate? what are the port that need to be open ? Can we use some other port for client to server communication. HOW about reading the *docs* first? -- Eero -- --- You received this message because

Re: [ossec-list] Can use OSSEC for FIM solution ,

2015-02-10 18:42 GMT+02:00 shankey shankey.ci...@gmail.com: HI TEAm , Can is use OSSEC for FIM solution, to clear my PCI Audit, if yes, Yes, it can act as fim. then help me with the hardware requirement and installation procedure. Err. Maybe you need to hire consult .. -- Eero --

Re: [ossec-list] Juniper SSG OSSEC via syslog

I'm looking to avoid having to worry about disk space for this sort of config. You must be joking? Disk space is _very_ cheap nowadays and it's also possible to use compression .. -- Eero -- --- You received this message because you are subscribed to the Google Groups ossec-list group.

Re: [ossec-list] Monitoring /var/ossec

2014-12-01 0:20 GMT+02:00 fi...@vivaldi.net: Hi, In a test installation, I noticed that if I add /var/ossec directory in the list of directories that syscheck should monitor, disk usage speeds up really fast. In less than 2 hours, disk usage on on a test system doubled. What's the best

Re: [ossec-list] pgp signatures for releases

2014-11-12 16:08 GMT+02:00 dan (ddp) ddp...@gmail.com: On Sat, Nov 8, 2014 at 5:12 AM, Eero Volotinen eero.voloti...@iki.fi wrote: Hi List, looking for gpg signatures for ossec releases? where I can download them? It doesn't look like they're currently offered. So, is there any way

[ossec-list] pgp signatures for releases

Hi List, looking for gpg signatures for ossec releases? where I can download them? -- Eero -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [ossec-list] Ossec compatibility with Redhat

2014-07-16 10:35 GMT+03:00 Amritha Kumar amritha.kumar4...@gmail.com: Hi, One of my customer has installed Ossec on a RedHat server RHEL 5.4. Now this server needs to patched as per PCIDSS requirements. The current RedHat OS version is RHEL 5.4, once patched the version will be 5.10. Please

Re: [ossec-list] Red Hat 7.0 and OSSEC

2014-06-01 17:56 GMT+03:00 Aaron Hunter aaron.hunt...@gmail.com: Given the major changes in Red Hat 7.0 what do the OSSEC developers recommend with respect to upgrading from 6.x to 7.0? Well, did you notice any issues on rhel 7 rc? -- Eero -- --- You received this message because you

Re: [ossec-list] OSSEC Splunk or other RHEL option?

How about fluentd+kibana? 12.4.2014 16.05 kirjoitti Glenn Ford gmfpa...@gmail.com: Hi all, I was originally going to do an OSSEC - OSSIM setup but running into some issues with RHEL compliance since OSSIM is Debian. Now I was looking at Splunk (Free) Enterprise but noticed the splunk app

[ossec-list] minor ossec issue

Hi List, I have some issues with ossec. My ossec server was down about week and after starting ossec server, all clients start to flood server and they also eat disk io from client servers. How to resolve this issue, ie. reset all clients to fresh today state? -- Eero -- --- You received

  1   2   >