stats
> dr-xr-x--T 2 root ossec6 Oct 6 13:37 tmp
> dr-xr-x--- 3 root root20 Oct 6 13:37 update
> dr-xr-x--- 3 root ossec 16 Jan 13 19:24 var
do I need to keep it allon the same volume?
thanks!
Joel
--
---
You received this message because you are subscribed to th
Thanks Dan
On Friday, 13 January 2017 10:44:46 UTC-5, Joel wrote:
>
> Hi all,
>
> I've been using osssec for a while now and I really like it.
>
> I'm now trying to integrate ossec with a monitoring application. I'd like
> to have ossec send Alerts to a remote host via sysl
Hi all,
I've been using osssec for a while now and I really like it.
I'm now trying to integrate ossec with a monitoring application. I'd like
to have ossec send Alerts to a remote host via syslog.
I have it all working, with one exception. It looks like ossec forwards
ALL events as
. Best Regards,
Joel Oliveira
Hello,
Just bumping this issue. Does anyone know anything about this?
Thanks,
Joel Oliveira
Quarta-feira, 21 de Março de 2012 16h58min44s UTC, Joel Oliveira escreveu:
Hello Daniel and all,
I am using OSSEC 2.5.1 on different Linux environments for the past year
and half with OpenSIPs
other people asking for this.
So I would be very grateful if someone would explain to me why maybe my
request is so strange.
Thank you very much for your time,
Joel Oliveira
Segunda-feira, 9 de Abril de 2012 18:52:59 UTC+1, BP9906 escreveu:
I think the answer is no. When I use null route
On Thu, Apr 15, 2010 at 12:09 PM, Joel Merrick joel.merr...@gmail.com wrote:
On Wed, Apr 14, 2010 at 10:11 PM, uifjlh joel.hueb...@gmail.com wrote:
Paul,
I seem to have some piece missing my self ? ... the search part of
Splunk Works, and I have OSSEC Data there, from my OSSEC clients
Well, it doesn't seem to be displaying anything...
OSSEC log directory is being monitored, however sourcetype=ossec
produced nothing. Files have been indexed.
Any ideas?
On Thu, Apr 15, 2010 at 1:05 PM, Joel Merrick joel.merr...@gmail.com wrote:
I have this working now,
I had to manually add
On Thu, Apr 15, 2010 at 1:22 PM, Joel Merrick joel.merr...@gmail.com wrote:
Well, it doesn't seem to be displaying anything...
OSSEC log directory is being monitored, however sourcetype=ossec
produced nothing. Files have been indexed.
Any ideas?
Seems as though the string parsing
, Apr 15, 2010 at 8:25 AM, Joel Merrick joel.merr...@gmail.com
wrote:
On Thu, Apr 15, 2010 at 1:22 PM, Joel Merrick joel.merr...@gmail.com
wrote:
Well, it doesn't seem to be displaying anything...
OSSEC log directory is being monitored, however sourcetype=ossec
produced nothing. Files have
Hi guys,
I'm just getting started with ossec. So far, it seems like a great
tool!
I need to deploy this in a centralized management configuration. I'm
reading through the docs and experimenting in a lab.
One thing i'm not clear on his what gets configured on the agents vs.
what gets
Hey,
there's an entry in the FAQ about this...
http://www.ossec.net/wiki/Know_How:BinaryInstall
J
On Feb 22, 2:38 pm, Jeremy Lee jpl...@gmail.com wrote:
As luck would have it, the same engineer was assigned to the ticket I
opened! :D
*sigh*
Guess I'll be trying the binary-install method.
Hi gang,
I'm wondering if there's any tricks to getting ossec working when the
server is behind a NAT.
here's the case:
i have some linode servers that i'd like to monitor with ossec.
the ossec server is in the office behind a NATting firewall.
the ossecn agent on the linode boxes is configured
hey gang,
sorry for the quick double tap.. I was wondering if there's a way to
dump an agent's config.
since moving all my config into agent.conf on the central server, i
can't tell how a particular agent is configured... I know i can
compare the md5sum of the server and the agent using
hey gang,
I'm working on my centralized management of ossec and it seems to be
going well.
However, it seems that since i centralized and moved all the
configuration to agent.conf, my active response rules have stopped
working. (last entry in active-response.log is Feb. 21, last SSH
brute
in the manager's ossec.conf
On Wed, Feb 23, 2011 at 9:22 PM, Joel Brooks jbro...@oddelement.com wrote:
hey gang,
I'm working on my centralized management of ossec and it seems to be
going well.
However, it seems that since i centralized and moved all the
configuration to agent.conf, my active
hey gang,
OK, on to a new problem with active responses...
I've got active responses working. the one i'm mainly interested
right now is the SSHD bruce force rule/response (rule id=5712).
when this rule is matched, the firewall drop command is executed, but
the active-response.log shows:
Thu
by the md5sum).
-
I will try in debug mode, and i will make sure i'm firing a rule that
is level 6 or higher.
thanks for your patience Dan.
J
On Fri, Feb 25, 2011 at 9:02 PM, dan (ddp) ddp...@gmail.com wrote:
Hi Joel,
On Fri, Feb 25, 2011 at 7:59 PM, Joel Brooks jbro
these last few days.
cheers,
J
On Fri, Feb 25, 2011 at 9:25 PM, Joel Brooks jbro...@oddelement.com wrote:
i can get the active response to fire by passing -b 1.2.3.4 -f
firewall-drop600 -u 000
firewall-drop600 is in the ar.conf.
I guess i don't (yet) understand what uses ar.conf and what uses
causing rule 3151 to fire. Since several developers use
this server legitimately for source control, is there a way to exclude their
known IP address from that rule? So far trying things such as the
whitelist and using srcip!./srcip in the rule have been
unsuccessfully.
Thanks in
advance,
-Joel
Thanks for the quick response! That looks like exactly what we needed.
-Joel
-Original Message-
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED]
On Behalf Of Daniel Cid
Sent: Monday, August 14, 2006 2:30 PM
To: ossec-list@googlegroups.com
Cc: Joel Gray
Subject: [ossec-list
timeout600/timeout
/active-response
Thanks in advance
-Joel
-Original Message-
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED]
On Behalf Of Daniel Cid
Sent: Friday, September 08, 2006 10:36 AM
To: ossec-list@googlegroups.com
Subject: [ossec-list] Re: Firewall actions... question
to fail due to the file looking
for another rule that had not been loaded yet. While this is not a huge
deal that may be something to think about for the future as well,
loading all of the rules before processing them.
Thank you again for pointing me in the right direction.
-Joel
-Original
I've turned off
enforcement which fixes the WUI error, but I would like to get SELinux
re-enabled.
Best Regards,
-Joel
-Original Message-
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED]
On Behalf Of Jeff Schroeder
Sent: Monday, August 13, 2007 5:33 PM
To: ossec-list
Subject
That did it! I'll admit that I'm still learning a bunch about selinux.
I completely missed the --reference option. I'll have to play more with
restrictions later, but for the time being it's working and enabled.
Thanks!
Best Regards,
-Joel
-Original Message-
From: ossec-list
On Sun, Nov 1, 2009 at 9:14 PM, Michael Starks ossec-l...@michaelstarks.com
wrote:
The presentation is currently in Open Document format. Anyone know of a
way I can add an audio track with the proper timing in an *open* format?
Use vncrec to capture a vnc session and record to theora?
--
On Wed, Dec 23, 2009 at 12:17 PM, Robert Lourenco
rob...@tradebridge.co.zawrote:
Hi
The link to installing Ossec on Centos does not work. And my installation
does not work either.
Diagnostics would help :)
--
$ echo kpfmAdpoofdufevq/dp/vl | perl -pe 's/(.)/chr(ord($1)-1)/ge'
.. that's the way I have done it with other I/O
intensive apps that I wanted to slow down in the past... alternatively a
wrapper script?
If you have a configuration management system, then that would be trivial to
deploy
Ta,
Joel
--
$ echo kpfmAdpoofdufevq/dp/vl | perl -pe 's/(.)/chr(ord($1)-1
I have an ansible-ized install of ossec as a server, using the art rpm's to
install (ossec-hids and ossec-hids-server). I have it working as expected
on a server in our office, however when I run the same setup on a server in
our remote data center I am unable to get remoted to stay running.
On Tuesday, November 25, 2014 6:14:48 AM UTC-8, dan (ddpbsd) wrote:
On Mon, Nov 24, 2014 at 7:52 PM, Joel Parker root...@gmail.com
javascript: wrote:
(gdb) set follow-fork-mode child
(gdb) run -df
set follow-fork-mode child
or
run -df
hmm??
ossec.conf (I've tried every
25, 2014 3:51:51 AM UTC-8, Colin Bruce wrote:
Dear Joel,
What I am about to suggest is probably silly but have you configured an
agent at the remote installation. If there are no agents installed then
remoted stops as it has nothing to do. I see from your gdb output that it
reads
Am I able to setup the OSSEC windows agent to report to both a Wazuh and a
OSSIM server at the same time?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
32 matches
Mail list logo