Ossec doesn’t show any logos. What application are you seeing logos in?
On Fri, Dec 8, 2023 at 9:38 AM Satwika sree wrote:
> Hi All,
>
> Is this possible to set custom logo for each agent group? If it's possible
> what tis the process?
>
> Please help me work on this case.
>
> Regards,
> Sree.
That's not supported. Windows is an agent only platform.
On Tue, Jul 12, 2022 at 1:34 PM M Asif wrote:
>
> Hi! Geeks
>
> I am trying to install ossec in windows server. When I run exec it install in
> client/server mode. But my requirement is to install ossec agnent as
> standalone. I mean in
You can check the ossec.log on the ossec server for details.
On Tue, Jul 20, 2021 at 12:26 PM Vishal Ghaware
wrote:
>
> OSSEC analysisd: Testing rules failed. Configuration error. Exiting
>
> hense all clients disconnected from server
>
> --
>
> ---
> You received this message because you are
*ahem* _THIS_ patch.
On Mon, Feb 1, 2021 at 1:34 PM dan (ddp) wrote:
>
> I think this patch should fix the inotify problem.
> Not sure how to work on the geoip stuff, I think OpenBSD dropped the
> ports for the old library.
>
> On Sun, Jan 31, 2021 at 12:11 PM Carlos Lopez wro
I think this patch should fix the inotify problem.
Not sure how to work on the geoip stuff, I think OpenBSD dropped the
ports for the old library.
On Sun, Jan 31, 2021 at 12:11 PM Carlos Lopez wrote:
>
> Hi all,
>
>
>
> I am trying to install Ossec 3.6.0 under an OpenBSD 6.8 hosts to act as an
On Fri, Jan 29, 2021 at 6:39 AM lapin noel wrote:
>
> I'm afraid there is the same info, but I couldn't find one in short browsing,
> so I post here.
>
> When MS Windows Security/Defender(MSWS) validates heap integrity, the agent
> crashes.
> And when MSWS does not validate, the agent runs
On Wed, Jan 13, 2021 at 6:21 AM Kedar Mendhurwar
wrote:
>
> Hi Folks,
>
> I have been trying to install ossec agent 3.6 on ubuntu 20.4 and each time I
> try starting the service, I get the error " ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'." I have
>
On Mon, Dec 28, 2020 at 9:31 AM Yana Zaeva wrote:
>
> Hi Kyriakos,
>
> Sorry for the late response. There default JSON decoder that OSSEC uses
> (which you can find the path /var/ossec/ruleset/decoders/
> 0006-json_decoders.xml) should parse all the information present in a log.
> For example,
No worries. You added some great information.
On Mon, Nov 16, 2020 at 12:48 PM Scott Wozny wrote:
>
> ACK! Sorry! Didn't see you'd already replied, Dan...
>
> What he said. :)
>
> Scott
>
>
> On Mon, Nov 16, 2020, 10:10 dan (ddp) wrote:
>>
>> On Mon,
On Mon, Nov 16, 2020 at 7:27 AM Andrew S wrote:
>
> Hi Brian,
>
> Thank you for the clarification but I don't understand why someone would
> associate our website with dailymail.co.uk ?
>
I haven't verified, but Brian mentioned dailymail being in the
referrer field. So there was (possibly) a
On Mon, Nov 9, 2020 at 7:37 AM Ziv Mansour wrote:
>
> Hey, we're trying to connect our Windows servers to OSSEC.
> It works for some of them, as for others it isn't.
>
> The error: ERROR: Incorrectly formatted message from
>
> We used the correct key, as it works on some servers.
Are each of
Hi Scott,
On Sat, Oct 17, 2020 at 6:47 PM saw...@gmail.com wrote:
>
> In testing snort 2.9 inline operation logs against OSSEC (3.6.0), I have
> found something weird.
>
>
> This “alert” event gets caught by the decoder:
>
>
> 10/17-21:23:32.374062 [**] [1:1002:0] /etc/passwd test detected
On Mon, Aug 17, 2020 at 10:42 PM Daniel Gerep wrote:
>
> Hi all,
>
> I am starting to use OSSEC so I may be doing something wrong here.
>
> I have OSSEC installed as a server in my Linux VM and the Agent in my Windows
> Server 2012 VM.
>
> My server has the default configuration plus this:
>
>
On Thu, Aug 13, 2020 at 6:22 AM Kyriakos Stavridis
wrote:
>
> Hello dan, thank you for your response.
>
> My goal is to enable OSSEC to parse utf-8. Isn't there any option that would
> allow me to do that?
>
Not currently.
> I would really like to contribute to OSSEC and add this myself.
On Fri, Aug 7, 2020 at 5:23 AM Kyriakos Stavridis
wrote:
>
> Hello everyone,
>
> When I install an agent on a machine, considering I live in Greece, I usually
> face the problem that windows logs contain some Greek characters and OSSEC
> server doesn't seem to be able to parse them.
>
> The
On Thu, Jul 30, 2020 at 8:43 AM Kyriakos Stavridis
wrote:
>
> Hello everyone,
>
> When devices are configured to send remote syslog to OSSEC on port 514 (let's
> say a security product), are these syslog logs saved somewhere? even if they
> don't trigger an alert? As any other normal syslog
n with the code base at the
moment. Energy and spare time for hobbies don't come easily these
days.
> On Thu, Jul 9, 2020 at 8:05 AM dan (ddp) wrote:
>>
>> On Wed, Jul 8, 2020 at 8:45 PM Jeff Dyke wrote:
>> >
>> > As Dan alluded to, I use a local postfix null mail
On Mon, Jul 13, 2020 at 10:11 AM lê danh wrote:
>
> Hello everyone, I want to use ossec to be able to track progress on a windows
> computer, follow the instructions from here
> (http://santi-bassett.blogspot.com/2015/08/how-to-monitor
> -running-processes-with-ossec.html).
>
> I did it
eing on this list for many years has
> taught me a lot about the underpinnings of your project!
>
> Thanks,
> Jeff
>
> On Wed, Jul 8, 2020 at 2:55 PM dan (ddp) wrote:
>>
>> On Tue, Jul 7, 2020 at 4:29 AM lê danh wrote:
>> >
>> > I am a new user, I ju
On Wed, Jul 8, 2020 at 2:53 PM Mm Dd wrote:
>
> Hello all,
>
> First, nice to meet you all, and congratulations for the fantastic product
> you have developed and released to the public.
>
> My question is if it is possible to carry out an unattended OSSEC agent
> deployment using
On Tue, Jul 7, 2020 at 4:29 AM lê danh wrote:
>
> I am a new user, I just have ossec installed and I want to try its email
> feature. I have configured the email address in ossec.conf as follows:
>
>
>
> yes
> conme...@gmail.com
> alt4.gmail-smtp-in.l.google.com.
>
On Fri, Jun 19, 2020 at 7:30 AM siddharth jha wrote:
>
> yes i hv selected smtp as localhost.and using sendmail to do this process.
> and getting msg in maillog
>
> Jun 19 16:25:42 OssecVM sm-mta[25838]: 05GCIXFs019057:
> to=, ctladdr= (0/0), delay=2+22:37:09,
> xdelay=00:00:00,
s a base. And yes,
>> ossec.log was empty because I hadn't started the agent yet. I had assumed a
>> different purpose for that file, but now that I'm running a few agents
>> reporting to a server it all makes more sense now. :)
>>
>> Scott
>>
>>
tion! :)
>
Maybe, but it's not too bad. Everything except the connector process
existed before, and I couldn't think of a better way to do it. It was
fun, but definitely needs some polishing.
> Thanks,
>
> Scott
>
> On Wed, Jun 17, 2020 at 8:22 AM dan (ddp) wrote:
>>
>
On Wed, Jun 17, 2020 at 9:26 AM Rashad Mogsi wrote:
>
> first thx for the replay
> and i did install the ossec-hids -agent and its active on the ossem server.
> so i cant receive any logs in the OSSEM WEB.
> so i want to know how to change refresh rate of reciving logs from the server
> to WEB
On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity wrote:
>
> Would someone know if the following is possible?
>
> I have a product by the name of BitDefender which can produce a log - the log
> is in CEF format I believe. That log contains alerts that are raised by
> various endpoints
On Wed, Jun 17, 2020 at 9:15 AM Rashad Mogsi wrote:
>
> i have installed OSSEM Server on Esxi and i can't receve any logs form the
> Windows server .
> is there any configurations should i do from the OSSEM or from the windows so
> i can see the logs
>
OSSEM or OSSEC? I can't help you with
Yes there is! I believe the details are here:
https://www.ossec.net/join-us-on-slack/
On Wed, Jun 17, 2020 at 9:15 AM sensato cybersecurity wrote:
>
> Is there a slack group for the OSSEC community?
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
>
On Sun, Jun 14, 2020 at 2:57 AM John Goh wrote:
>
> So I should just leave the IDS running for a period of time and it will log
> in real-time?
>
It's supposed to.
> The only changes that the IDS currently logs are like files in etc and
> Mozilla cache. Nothing else in particular on those
On Mon, Jun 15, 2020 at 3:09 PM Scott Wozny wrote:
>
> I'm trying to get off the Atomic repo for a variety of reasons, so I just did
> a 3.6.0 agent install from the tarball's script on a CentOS 7 minimal machine
> to test the process and compatibility with my build tweaks. One of the
>
On Tue, Jun 16, 2020 at 7:21 AM siddharth jha wrote:
>
> Hi,
>
> I'm new in ossec and recently install OSSEC 3.6.0 on Ubuntu 18.04.04 server
> successfully.
> also add some win. agent and i can see alerts on ossec web-ui but i'm not
> receiving any alerts on email.
> need suggestion how should
On Tue, Jun 16, 2020 at 5:35 PM Scott Wozny wrote:
>
> Just an "idle curiosity" kind of question. In a 3.6.0 server installed from
> the tarball on CentOS 7, when I run a ps, I have 2 instances of
> /var/ossec/bin/ossec-maild running, both under UID ossecm. Does anyone know
> why there are 2
On Sat, Jun 13, 2020 at 7:41 AM John Goh wrote:
>
> Hi all, I'm new to the whole idea of using IDS and OSSEC. I've been trying to
> detect certain file creation or changes in realtime but I do not see it being
> reflected in the OSSEC web interface. The OSSEC is being deployed in a local
>
On Sun, Jun 7, 2020 at 11:06 AM Arnau b s wrote:
>
> Anyone knows how to install OSSEC agent in the ubuntu server 20.04?
>
I haven't had time to create an image for 20.04 yet. Are you
experiencing issues?
Can you provide details?
> --
>
> ---
> You received this message because you are
On Tue, May 12, 2020 at 8:57 AM Dominik Vogt wrote:
>
> I'm struggling to understand how to write custom rules.
> Unfortunately the "" tag seems to be completely
> undocumented, and the book doesn't explain it either:
>
> Each rule, or grouping of rules, must be defined within a
>element.
On Sun, May 3, 2020 at 6:58 AM rpr // wrote:
>
> On Thu, 8 Aug 2019 at 13:08, dan (ddp) wrote:
> >
> > > Where can we find the most current OSSEC documentation?
> > >
> > You can browse through the github repository:
> > https://github.com/ossec/o
e:
>>
>>> I also had to install zlib-devel.
>>> But now I get this error:
>>> [image: image.png]
>>> So I install openssl, but it says it is already installed...
>>>
>>> On Tue, Apr 21, 2020 at 9:37 AM dan (ddp) wrote:
>>>
>>>> T
Openssl or openssl-devel?
On Tue, Apr 21, 2020 at 10:29 AM Luke Boguslaw
wrote:
> I also had to install zlib-devel.
> But now I get this error:
> [image: image.png]
> So I install openssl, but it says it is already installed...
>
> On Tue, Apr 21, 2020 at 9:37 A
The installation documentation has a list of pre requisite packages that
should be installed. In this case it’s libevet-devel
On Tue, Apr 21, 2020 at 7:49 AM Luke Boguslaw wrote:
> I did a make clean, then ran install with PCRE2_SYSTEM=yes, but am getting
> this error now:
> [image: image.png]
On Sun, Apr 12, 2020 at 11:22 PM Problem Store wrote:
>
> Dear Team,
>
> I have one question, the example I have 1GB storage in OSSEC, when storage
> will be full then automatically deleted from the beginning log( old log).
> It's possible if possible how? Please share your idea.
>
Use cron to
On Mon, Apr 20, 2020 at 5:30 PM sumit soni wrote:
>
> Hi ,
> I have systems with different languages and wondering if I create a rule to
> match English logs can that rule also work for logs from other language OS
> or not .
> For .e.g if create a rule whc=ich mach with following string 3
This does not look related to this thread. Reply in-line.
On Tue, Apr 21, 2020 at 6:36 AM Mohit Gupta wrote:
>
> Hi Team,
>
> Good Morning/Afternoon/Evening.
>
> I was trying to install ossec agent on one of my machine but getting below
> error on control start up.
>
> -
>
On Mon, Apr 20, 2020 at 10:34 PM David Williams wrote:
>
> Andy,
> How about this:
> yum info pcre2-devel
> Note the "2:" pcre2-devel
> -David
>
This should be the answer right here. Use pcre2, not pcre.
>
> On 4/20/20 7:43 PM, Luke Boguslaw wrote:
> > It is telling me
On Wed, Apr 1, 2020 at 12:58 PM SHADO wrote:
>
> Hi!
>
> Did a new install on Ubuntu 18.04 LTS and ossec-Maild is hogging the CPU.
>
>
> ossecmPID 1 78 Mar31 ?07:34:06 /var/ossec/bin/ossec-maild
>
>
> PID USERPRI NI VIRT RESSHR S CPU% MEM% TIME+ Command
>
On Mon, Mar 30, 2020 at 2:11 PM Glen Peterson wrote:
>
> I installed on Ubuntu 18.04 with according to this:
> https://www.ossec.net/downloads/#apt-automated-installation-on-ubuntu-and-debian
>
> I installed both agent and server. Specifically:
> $ wget -q -O -
On Mon, Mar 23, 2020 at 8:35 AM Olivier Ragain
wrote:
>
> Hi
> Sorry for the delay in answering.
>
> The error I get:
> 2020/03/23 12:28:25 ossec-testrule: INFO: Reading decoder file
> etc/custom/local_decoder.xml.
> 2020/03/23 12:28:25 ossec-analysisd(2106): ERROR: Error adding decoder plugin.
On Thu, Mar 19, 2020 at 4:59 PM Leroy Tennison wrote:
>
> Running v3.3.0 on the server and v3.2.0 on the client, trying to exclude
> *.bz2 in a given directory, I tried:
>
>
>
> /path/to/.bz2$
I think this will ignore '/path/to/.bz2' and only that file.
>
>
>
> based on another post.
On Tue, Mar 24, 2020 at 7:48 AM AHMED ADEWUYI wrote:
>
> Hi,
>
> Please is there a way to reduce or manage numbers of forwarded events on the
> ossec agent to Alienvault sensor.
>
Not really. The Windows agent can filter some things out with
eventchannel, but that's about it.
> Thanks.
>
>
On Mon, Mar 16, 2020 at 12:33 PM llehirgen wrote:
>
> I use dokku in a Ubuntu 18.04 LTS machine.
> I received the following alerts concerning files hidden in a long list of
> directories:
>
> Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
> Portion of the log(s):
On Mon, Mar 16, 2020 at 8:43 AM dan (ddp) wrote:
>
> On Mon, Mar 16, 2020 at 8:16 AM Olivier Ragain
> wrote:
> >
> > Hi,
> > So now the question is, why does it not work when i use:
> > decoders configuration in the ossec.conf file ?
> > I see th
On Mon, Mar 16, 2020 at 8:16 AM Olivier Ragain
wrote:
>
> Hi,
> So now the question is, why does it not work when i use:
> decoders configuration in the ossec.conf file ? I
> see that it is loading the file from the logs, but it fails to log the
> decoder information itself and then ossec wont
On Fri, Mar 13, 2020 at 2:28 PM Olivier Ragain
wrote:
>
> Hi,
> I've created a custom decoder:
>
> ^sshd
>
>
>
> sshd-custom
> ^Bad protocol version
> ^\S+ from (\S+) port (\S+)$
> srcip,srcport
>
>
> When I restart the engine to load it, I end up with
On Mon, Mar 2, 2020 at 9:25 AM Kumar G wrote:
>
> Hi Team,
>
>
> Need your help on this one.
>
> We are at 3.1X version of OSSEC environment. When trying to install the
> package on Linux 8 and starting the agent we get an errorr on libssl.
>
> error while loading shared libraries: libssl.so.10:
On Wed, Mar 4, 2020 at 8:38 AM AHMED ADEWUYI wrote:
>
> Hello,
>
> I am experiencing frequent ossec agent disconnected from AlienVault server.
>
> I have removed the RIDS files on the client and server, yet isn't connecting.
>
> please what can i do to keep it up and running again.
>
> Here is
On Tue, Feb 18, 2020 at 4:44 AM Muhammed Ashique wrote:
>
> Is there any way to store all syslog logs generated from Network Device into
> different path ? . All Logs (agents,Devices) it is going to a single file
> (archive.json) but i want to segregate only syslog logs has to come different
>
On Tue, Feb 18, 2020 at 1:52 AM Schultheis Burkhard
wrote:
>
> Hi,
>
> I want to get a message, when the ruleset of iptables gets modified. But
> I see that iptables doesn't log its changes. Or am I wrong?
>
I'm not aware of a log, but I'm far from an expert.
If you're running an OSSEC agent on
On Mon, Feb 17, 2020 at 9:25 AM Burkhard Schultheis
wrote:
>
> Hi,
>
> I want to get an email from OSSEC when a port is opened or closed in the
> firewall. Therefore I changed "no_log" in firewall_rules.xml to "log".
> But the OSSEC failed to start. What's wrong? How to get the desired
> emails
led,
> /var/ossec/etc/resolv.conf is a copy of /etc/resolv.conf and
> /etc/services is the same as on the other server.
>
3.4 made some improvements for systems that disable ipv6.
https://github.com/ossec/ossec-hids/releases/tag/3.4.0
> Regards
> Burkhard
>
>
> Am 28.01.2020 um 12
On Wed, Feb 5, 2020 at 7:49 AM dan (ddp) wrote:
>
> On Fri, Jan 31, 2020 at 2:28 PM Natassia M Stelmaszek wrote:
> >
> > I performed my original installation without database support because I
> > didn’t want to complicate things. When I went to re-compile/reinstal
On Fri, Jan 31, 2020 at 2:28 PM Natassia M Stelmaszek wrote:
>
> I performed my original installation without database support because I
> didn’t want to complicate things. When I went to re-compile/reinstall with
> the database support included I kept getting the above error. I finally
>
On Mon, Jan 27, 2020 at 1:47 AM Burkhard Schultheis
wrote:
>
> We have 3 servers running OSSEC (standalone). One server runs CentOS 6,
> the two others opensuse 15.1. The configuration of OSSEC is almost
> identical on all three servers (as close as possible).
>
> The CentOS Server sends a lot of
On Thu, Jan 23, 2020 at 6:46 PM Leroy Tennison wrote:
>
> Received the following message: Trojaned version of file '/bin/grep'
> detected. Signature used: 'bash|givemer|/dev/' (Generic)." on 18.04.3 LTS.
> Downloaded the deb from Ubuntu standard repositories, extracted grep (in
> /tmp) and
On Mon, Jan 13, 2020 at 9:04 AM Schultheis Burkhard
wrote:
>
> Some weeks ago I've installed Ossec on on three servers. One is running
> CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves
> as expected, but the opensuse installations behave very different,
> although the
On Fri, Dec 20, 2019 at 12:15 PM Bruce Westbrook wrote:
>
> I'm having an issue getting a composite rule to trigger. What's really
> throwing me is that it works just fine when testing with ossec-logtest, but
> it doesn't work live.
>
> Here are the two rules in question:
>
>
> 18101
>
On Wed, Jan 8, 2020 at 4:29 PM agsossec wrote:
>
> Hello,
> We am setting up a test OSSEC server and agent -- both on AWS Linux
> On both we
>
> ran, sudo wget https://www.atomicorp.com/installers/atomic && sudo chmod +x
> atomic && sudo ./atomic
> saved a copy of the agent config --
On Mon, Jan 6, 2020 at 6:09 AM Pierre Gremaud wrote:
>
> I'm trying to decode syslog messages sent by pfsence
>
> The log received in archives.log is the following :
>
> 2020 Jan 05 22:02:05 LAN-HIDS->192.168.85.40 Jan 5 21:02:05 php-fpm[338]:
> /index.php: webConfigurator authentication error
On Tue, Dec 31, 2019 at 2:16 PM Natassia M Stelmaszek wrote:
> Dan,
>
> I'm sorry that I didn't respond sooner but I had to devote time to other
> projects.
>
> So it looks like I was right, this is a defective (or perhaps deficient
> would be more accurate) package. In order to get it to
>
> Natassia
>
>
> On Mon, Dec 2, 2019 at 1:27 PM dan (ddp) wrote:
>>
>>
>>
>> On Mon, Dec 2, 2019 at 3:56 PM Natassia S wrote:
>>>
>>> Everything came out of 3.3.0.tar.gz
>>>
>>> I compared the contents and the same di
On Thu, Dec 5, 2019 at 6:05 AM Kyriakos Stavridis
wrote:
>
> Hello everyone,
>
> Let's say I have a firewall that I want to configure to send it's logs to my
> OSSEC server.
>
> I know that I can simply configure my firewall to send logs to my OSSEC
> server's IP and the ossec server like this:
Newer versions of ossec support pcre2. That should work.
On Fri, Dec 20, 2019 at 2:22 PM Diego S wrote:
> Hi all!
>
> I was wondering the best way to represent a digit between a range and if
> it is possible to indicate that a digit is going to be repeated a given
> number of times.
>
> For
r.
>
The 2.8.3 Makefile would probably add more issues.
> Natassia
>
> On Mon, Dec 2, 2019 at 12:33 PM dan (ddp) wrote:
>
>>
>>
>> On Mon, Dec 2, 2019 at 3:07 PM Natassia M Stelmaszek
>> wrote:
>>
>>> Bad Installation Package???
>>>
On Mon, Dec 2, 2019 at 3:07 PM Natassia M Stelmaszek wrote:
> Bad Installation Package???
>
> I'm trying to build a new machine that includes OSSEC 3.3.0. When I run
> the install.sh, use default responses for a local installation, it gives me
> the following error.
>
> sudo ./install.sh
>
>
>
On Thu, Nov 7, 2019 at 11:16 AM bill evergreen wrote:
>
> Hello list,
>
> does Ossec alert if there are processes running without a binary on disk?
>
> Thank's a lot for any feedback
>
I don't think there's any rules for this.
> Bill
>
> --
>
> ---
> You received this message because you are
On Tue, Nov 12, 2019 at 7:56 PM Mike wrote:
>
> Related to this, do you accept Pull Requests to add additional timestamp
> formats to your pre-decoding? I forked and added a simple change to
> cleanevent.c which has made my parsing much easier for a non-standard syslog
> time format.
>
Yes,
On Fri, Nov 8, 2019 at 2:47 PM Mike wrote:
>
> I believe I have found the issues using strace to find out what ossec-remoted
> was doing. I found:
>
> 1. Not sure why, but on the Virtual Appliance the "ossec" group did not have
> write permissions to /var/ossec/logs so ossec-remoted (which runs
On Thu, Oct 24, 2019 at 12:08 AM 'Vicente Munoz' via ossec-list
wrote:
>
> Hello everyone,
>
>
>
> Just wondering if someone has had some luck with this, we been trying to
> install OSSEC 2.9.0 on Solaris 10 with little luck to this point, after
> making sure the required packages are installed
On Tue, Oct 15, 2019 at 8:59 AM Nate wrote:
>
> Looking at the syslog packets I see the Cisco ASA only uses local facility
> codes but my Palo Alto uses User facility codes:
>
> 08:55:50.340558 IP (tos 0x0, ttl 64, id 917, offset 0, flags [DF], proto UDP
> (17), length 329)
>
On Mon, Oct 14, 2019 at 3:03 PM Nate wrote:
>
> Hi,
>
> I've never seen this before but I setup our ASA 5516 to send syslog events to
> our OSSEC server to detect SHUN events.
>
> ossec.conf
>
>syslog
>10.10.2.2
>514
>
>
>
> 0
> 9
>
>
>
> local_rules.xml
>
>
>
On Fri, Oct 11, 2019 at 8:56 AM Prashanthi Soundarajan
wrote:
>
>
>
> On Friday, October 11, 2019 at 6:23:37 PM UTC+5:30, Prashanthi Soundarajan
> wrote:
>>
>>
>>
>>>
>>> Do the new files you create show up in your syscheck database file?
>>> (/var/ossec/queue/syscheck/syscheck.db for the OSSEC
On Mon, Oct 14, 2019 at 9:54 AM Diego S wrote:
>
> Hi!
>
> i tried with a updated version and im still getting the same error :S
>
That's Wazuh. I don't know enough about their project to help.
>
>
> El sáb., 12 oct. 2019 a las 9:12, dan (ddp) () escribió:
>>
>
On Fri, Oct 11, 2019 at 2:03 PM Diego S wrote:
> Im using 2.0 version.
>
2.0 is ancient. Not much I can do to help with that.
> Im not able to find the syntax error.
>
> Thanks!
>
> El vie., 11 oct. 2019 a las 14:51, dan (ddp) ()
> escribió:
>
>> On Fri, Oct 1
On Fri, Oct 11, 2019 at 1:41 PM Diego S wrote:
>
> Thnaks you very much for your response.
> Let me know if am i wrong. The decoder will be like this:
>
>
> ^\d+\s\w\w\w\w\w,
>
>
>
> Brocade-format
> ^\d\d\d\d/\d\d/\d\d-\d\d:\d\d:\d\d \(\S+\),
> \[\S+\], \S+, \S+, /S+)/\S+(/\w+/\S+),
>
I'm sure it can be cleaned up a lot
On Fri, Oct 11, 2019 at 12:06 PM dan (ddp) wrote:
>
> On Fri, Oct 11, 2019 at 11:49 AM Diego S wrote:
> >
> > Hi everyone!
> >
> > I wondering if we already have on ossec a custom decoder acording to this
> > kind of log
On Fri, Oct 11, 2019 at 11:49 AM Diego S wrote:
>
> Hi everyone!
>
> I wondering if we already have on ossec a custom decoder acording to this
> kind of log to get the red values.
>
> 1022 AUDIT, 2019/07/26-18:02:33 (UYT), [SEC-3020], INFO, SECURITY,
>
On Fri, Oct 11, 2019 at 7:53 AM Prashanthi Soundarajan
wrote:
>
>
>
>>
>> All the samples are from the alerts you say you are getting emails
>> for. The important alerts to look for are the ones you're not getting
>> emails for.
>> Assuming those exist in the alerts.log file, check your smtp
On Thu, Oct 10, 2019 at 5:10 AM Kyriakos Stavridis
wrote:
>
> Hey guys,
>
> Can I have an active response only activated for a specific agent? (active
> reponse's location is on ossec server)
>
> Example:
> I have agent1 and agent2, I have 2 active responses AR1 and AR2. I want AR1
> to be
On Thu, Oct 10, 2019 at 9:24 AM Prashanthi Soundarajan
wrote:
>
>
> Yes, I able see the alerts which I mentioned (" Level 2 - Unknown problem
> somewhere in the system","Level 8 - Log file size reduced","Level 7 -
> Integrity checksum changed."," Level 13 - Non standard syslog message") in
>
On Thu, Oct 10, 2019 at 8:54 AM Prashanthi Soundarajan
wrote:
>
> Yes, I am getting email alerts like " Level 2 - Unknown problem somewhere in
> the system","
> Level 8 - Log file size reduced","Level 7 - Integrity checksum changed.","
> Level 13 - Non standard syslog message"
>
> I am not
On Thu, Oct 10, 2019 at 7:02 AM Prashanthi Soundarajan
wrote:
>
>
>
> On Thursday, October 10, 2019 at 3:57:41 PM UTC+5:30, Prashanthi Soundarajan
> wrote:
>>
>> ossec.conf
>> ___
>>
>>
>>
>> yes
>> my email
>> 127.0.0.1
>> ossecm@fcappiee
>> yes
>>
>>
>>
>>
er someone adds that feature."
I'd like to do some work in dbd, but I don't have a lot of time. I
feel like the time I do have would be better spent elsewhere right
now.
> jerry
>
> On Thu, Oct 3, 2019 at 10:12 AM dan (ddp) wrote:
>>
>> On Thu, Oct 3, 2019 at 12:09 PM Jerr
get added to the database? If it's done on the
> server the manage_agents is not working!
The mysql database? Never.
> jerry
>
> On Wed, Oct 2, 2019 at 4:55 PM dan (ddp) wrote:
>>
>> On Wed, Oct 2, 2019 at 6:32 PM Jerry Lowry wrote:
>> >
>> > Well, I have t
he problem. Rebuilt Pcre with --enable-jit=no and it is off and
>>> running. This is my test VM where I installed MariaDB. I will add an
>>> agent to it and see if it has the same problem as my physical server.
>>>
>>> jerry
>>>
>
That was the problem. Rebuilt Pcre with --enable-jit=no and it is off and
>> running. This is my test VM where I installed MariaDB. I will add an agent
>> to it and see if it has the same problem as my physical server.
>>
>> jerry
>>
>> On Wed, Oct 2, 2019
On Tue, Oct 1, 2019 at 1:13 PM Jerry Lowry wrote:
>
> List,
>
> I just installed a test VM running Centos 7 and installed ossec 3.3.0. Ran
> through the script and took all the default questions except for the email.
> When I try to start ossec these are the errors I get in the log:
>
. I think this page lists them:
https://mariadb.com/kb/en/library/server-system-variables/
connect_timeout appears to be 10
wait_timeout 28800
interactive_timeout 28800
My system is a lot busier than yours though.
> jerry
>
> On Thu, Sep 26, 2019 at 4:15 AM dan (ddp) wrote:
>>
&
On Fri, Sep 27, 2019 at 11:51 AM llehirgen wrote:
>
>
>
> On Friday, September 27, 2019 at 4:51:20 PM UTC+2, dan (ddpbsd) wrote:
>>
>>
>> Is ssmtp listening on 127.0.0.1 port 25?
>>
>
> I honestly do not know what port is ssmtp listening on.
> I used sudo netstat -tulpn and got 5 program names:
On Fri, Sep 27, 2019 at 10:45 AM llehirgen wrote:
>
> I am testing OSSEC HIDS in a Virtual machine on Ubuntu 18.04 server.
> First of all I installed and configured ssmtp as follows:
>
>
> root=my...@gmail.com
> mailhub=smtp.gmail.com:587
> rewriteDomain=gmail.com
> hostname=localhost
>
On Wed, Sep 25, 2019 at 8:56 PM Jerry Lowry wrote:
>
> I understand completely, I am not real happy about it either, and I used to
> work there in support!
>
> But that is what your docs say to use, so I did.
>
> I was going to install MariaDB and give that a shot as well.
>
> thanks,
>
> jerry
but I can verify later. I didn’t realize openbsd
still has mysql, so I guess I can try with the official one too (although
I’m not sure how I feel about installing oracle software ;)).
> jerry
>
> On Wed, Sep 25, 2019 at 12:40 PM dan (ddp) wrote:
>
>>
>>
>> On Wed, Se
file into the /var/ossec directory so it should be
> doing dns translation. I still get "Mail from not accepted by server"
> errors, postfix is also configured to accept email from any of the subnets
> defined.
>
Check your postfix logs for errors.
> jerry
>
> On Wed,
1 - 100 of 5855 matches
Mail list logo