Hi Shawn,
by default OSSEC triggers an alert when a package is
installed/removed/updated:
*command*
yum install valgrind.x86_64
*archives.log*
2016 Sep 15 09:08:44 ip-10-0-0-10->/var/log/messages Sep 15 09:08:43 ip-10-0
-0-10 yum[5630]: Installed: 1:valgrind-3.10.0-16.el7.x86_64
*alerts.log*
*
On Thu, Sep 15, 2016 at 1:13 AM, InfoSec wrote:
> Regardless of the syslog RFC, they all allow messages up to 1024 bytes. The
> entire message is 1017 bytes.
>
> I think csyslogd is choking on the \r\n\t\t (carriage return, line feed, and
> two tabs) that precede every group SID. The event is bein
Hi, I am wondering how to run ossec server by default as a daemon in Linux
(Arch). For example,
systemctl enable ossec-control ?
cheers
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving
On Thu, Sep 15, 2016 at 7:11 AM, Daiyue Weng wrote:
> Hi, I am wondering how to run ossec server by default as a daemon in Linux
> (Arch). For example,
>
> systemctl enable ossec-control ?
>
>
I haven't done any serious testing (avoiding systemd mostly), but
these PRs might help:
https://github.c
Thanks for the help that's perfect.
On Thursday, September 15, 2016 at 5:20:21 AM UTC-4, Jesus Linares wrote:
>
> Hi Shawn,
>
> by default OSSEC triggers an alert when a package is
> installed/removed/updated:
>
> *command*
> yum install valgrind.x86_64
>
> *archives.log*
> 2016 Sep 15 09:08:44 i
On Thu, Sep 15, 2016 at 6:01 AM, dan (ddp) wrote:
> On Thu, Sep 15, 2016 at 1:13 AM, InfoSec wrote:
>> Regardless of the syslog RFC, they all allow messages up to 1024 bytes. The
>> entire message is 1017 bytes.
>>
>> I think csyslogd is choking on the \r\n\t\t (carriage return, line feed, and
>>
Hey Everyone,
I have two questions related to agentless configurations. I can't seem to
find a good answer on either.
First Question:
How do I removed a host from the ossecagentless config. I did remove it
from ossec.conf and from .passlist but the hosts are still showing. Two of
them were t
On Thu, Sep 15, 2016 at 10:35 AM, Keith wrote:
> Hey Everyone,
>
> I have two questions related to agentless configurations. I can't seem to
> find a good answer on either.
>
> First Question:
>
> How do I removed a host from the ossecagentless config. I did remove it
> from ossec.conf and from .
Hi Jesus,
Apologize for the late reply. Was away from the OSSEC for a while.
The configuration for eventlog ID was implemented however, I started
getting some of the new message in ossec logs on the agent box. Do you
think if these are normal?
2016/09/06 07:04:43 ossec-agent(1951): INFO: Analyz
Hi team,
We are in the process of getting the sudo rules worked out for OSSEC
environment. However there came up a question like if we can have the ossec
user have read/write access on them.(eg: /var/ossec/rules, /var/ossec/etc -
ossec accountshould have the write permission). Is it advisable to c
Hi,
We recently migrated one of our OSSEC instance to a new server. We are
using Linux(CentOS) as the platform. Post migration, we noticed that none
of the agents were connected to the server and agents had the following
error in the logs:
2016/09/15 09:05:56 ossec-agentd: INFO: Trying to connect
Difference between your setup and mine is that I am forwarding events in
CEF format, you seem to be forwarding the OSSEC multi-line format.
Can you please rerun your test with CEF format in syslog_output?
--
---
You received this message because you are subscribed to the Google Groups
"ossec
12 matches
Mail list logo