Re: [ossec-list] Ossec agent logs to two ossec server's / sensors

Hello, Thank you so much Dan, I'll try this. Best Regards, Shaikh S. > > I've never done it, so this is mostly a guess: > > Create a second OSSEC manager. > Copy the client.keys file from the original manager to the new one. > Turn off the rids functionality on the servers and agents. >

Re: [ossec-list] Having troubles with exclusion rules

I made sure today that when I restarted the OSSEC server, all processes had exited ( ps ax | grep ossec ) before restarting. I again triggered a scan, and watched the flood of error 2502 emails coming in: Received From: db01.domain.com->/var/log/secure Rule: 2502 fired (level 10) -> "User missed

Re: [ossec-list] Delete ossec-remoted processes

Here are my logs after restarting ossec. I do not see any remoted error but still got stall entries root@ossec-1000:/ossec-server# grep remoted logs/ossec.log 2018/07/13 05:30:37 ossec-remoted: INFO: Started (pid: 4785). 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: '127.0.0.1' 2