Hi,
this could be a good starting point:
^\d+\t+\.+\d\d-\d\d-\d\d\d\d
teamviewer
^\d+\t\t
^\d+\t+\s*(\.+)\t+(\.+)\t+(\.+)\t+RemoteControl\t+{(\.+)}
extra_data,status,srcuser,id
teamviewer
^\d+\t
^\d+\t+(\.+)\t+(\.+)\t+(\.+)\t+(\.+)\t+RemoteControl\t+{(\
Hi Jon,
OSSEC connects through UDP protocol, that doesn't guarantee that messages
arrive in the same order they were delivered.
In order to prevent replay attacks, OSSEC verifies the counter from every
message. I think there is a network issue, perhaps congestion, so messages
arrive disordered
Hi Jon,
these settings belong to arriving messages management. When agents delivery
messages to the manager, Remoted decrypts, decompress and checks the
counter from every message.
OSSEC saves the counters on files at /var/ossec/queue/rids in order to
reload them when the manager is restarted,
Hi there.
I'm still getting one alert e-mail type 2 eventhough I modified/created
some files under /etc am I missing something else in the configuration?
This is the server coniguration.
yes
m...@company.com
localhost
oss...@server.com
100
yes
4096
r
Taking a look in /var/ossec/logs/alerts I can see there are lots of things
registered, no related to the files I modified, but related to ssh login
failures, sudo stuff and the like but never get an e-mail with that report.
Thank you very much for your time and support
Regards
El jueves, 13
On Fri, Oct 14, 2016 at 8:55 AM, Kernel Panic wrote:
> Taking a look in /var/ossec/logs/alerts I can see there are lots of things
> registered, no related to the files I modified, but related to ssh login
> failures, sudo stuff and the like but never get an e-mail with that report.
>
Are the file
Hello,
I just installed OSSEC in the Azure space, HIDS seems ok but FIM isn't
behaving consistently.
First realtime monitoring simply isn't working. FIM only seem to work when
the scan runs, which I have set to 10 minutes for testing. Second I only
seem to get a fraction of the changes I've ma
will try ty I think my regex foo was off a bit
On Tuesday, October 11, 2016 at 6:41:56 PM UTC-5, Jacob Mcgrath wrote:
>
> I am looking at logging on a windows agent Teamviewer logs. The issue is
> the irregular output like soo.
>
> 673915615 Support Team20-05-2016 19:37:51 20-05-20
On Tuesday, 28 September 2010 22:48:23 UTC-5, Mike Smith wrote:
>
> Hello,
>
> Can you edit or change an Agent's IP Address if it has changed.
> Either Windows or Linux?
>
> Can you use OSSEC on a DHCP client or only Static IP Addressed Servers?
>
> Thanks,
>
> Mike
>
Hi Mike.
I work on Datto
The server I'm using for testing went down, as soon as I get it back I'm
gonna review it.
Thank you very much for your help, relly appreciated
Regards
El viernes, 14 de octubre de 2016, 10:26:53 (UTC-3), dan (ddpbsd) escribió:
>
> On Fri, Oct 14, 2016 at 8:55 AM, Kernel Panic > wrote:
> > Tak
Realtime monitoring seems to be working now that I've adjusted the scan
frequency. Earlier the scan frequency was 4 hours, then 10 minutes. It's
now 20 minutes and realtime now seems to work. I don't claim it makes
sense, it's just what I'm observing.
Ok I've discovered that the config doesn't
I've changed the scan frequency to 40 minutes, and realtime isn't working.
I've edited files 2 times, nothing. Hopefully it at least fires off when
the next scan happens.
On Friday, October 14, 2016 at 11:06:53 AM UTC-7, Matt wrote:
> Hello,
>
> I just installed OSSEC in the Azure space, HIDS
12 matches
Mail list logo