On Tue, Sep 4, 2018 at 8:10 AM Don_Johny wrote:
>
> I started with this but no succes so far.
>
> $BAD WORDS:
>
>
>
> test
> ERROR
> (\S+)
> extra_data
>
>
The log message is odd, but here's how you mess with it.
I'm running a post-3.0 system/pre-3.0 rule set, so not
I started with this but no succes so far.
$BAD WORDS:
test
ERROR
(\S+)
extra_data
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Something like this ?
ossec-exampled
^$BAD_WORDS
^ERROR
srcip, action
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Something like this ?
test
$BAD_WORDS
^BAD_WORDS \S+ \p(\S+)\p$|^BAD_WORDS \S+ \p(\S+)\p$
srcip, action
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
Thank you for time Dan,without you explorin ossec would be so difficult The
problem was https was not installed on the system i installed and
everything work fine .Now i wanna create some custom decoder to match it
with rule "unkown problem found in the system" and when i type error to get
an
Thank you for time Dan,without you explorin ossec would be so difficult The
problem was https was not installed on the system i installed and
everything work fine .Now i wanna create some custom decoder to match it
with rule "unkown problem found in the system" and when i type error to get
an
On Wed, Aug 22, 2018 at 6:32 AM Dzenis Aslani wrote:
>
> Thanks Dan issue is solved :). Any idea why ossec cant be installed through
> APT in Ubuntu i tried both manually and automaticaly and i got same error
> "unable to correct problems you have held broken packages"
>
No clue, I don't deal
Thanks Dan issue is solved :). Any idea why ossec cant be installed through
APT in Ubuntu i tried both manually and automaticaly and i got same error
"unable to correct problems you have held broken packages"
--
---
You received this message because you are subscribed to the Google Groups
On Mon, Aug 20, 2018 at 6:35 AM Don_Johny wrote:
>
> Thank you so much Dan, that work out i solve my issue with agent_manager. But
> when i add the agents, and extract the key, then i copied the key in agent, i
> have output "no agents avaliable". Communication between agent and doesnt
> work.
On Thu, Aug 16, 2018 at 8:54 AM, Don_Johny wrote:
> Thx for response Dan but i got nothing man i follow all your steps and
> commands and i still have the same problem, also the log file report the
> same issue.
>
So something strange is going on with your system. Try the buildlog
thing and send
[image: VirtualBox_ubuntu test2_16_08_2018_14_37_18.png]
Thx for response Dan but i got nothing man i follow all your steps and
commands and i still have the same problem, also the log file report the
same issue.
--
---
You received this message because you are subscribed to the Google
On Wed, Aug 15, 2018 at 10:55 AM, Don_Johny wrote:
> Arleady did, its same, i reinstall it in this way is correct ?
> /var/ossec/bin/ossec-control stop && rm -rf /var/ossec && rm
> /etc/init.d/*ossec* && rm /etc/ossec-init.conf
>
That and a `make clean` inside of `ossec-hids-2.9.3/src`
Next time
[image: VirtualBox_Server Ubuntu 3_16_08_2018_11_55_51.png]
When i restart ossec i got this
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Helo Dan thx for your time and sorry for bothering you I think its
something to do with config maybe.
[image: VirtualBox_Server Ubuntu 1_16_08_2018_11_17_43.png]
[image: VirtualBox_Server Ubuntu 1_16_08_2018_11_34_25.png]
Here are the logs and config on Server 1 (ossec server)
Here are the
Arleady did, its same, i reinstall it in this way is correct ?
/var/ossec/bin/ossec-control stop && rm -rf /var/ossec && rm
/etc/init.d/*ossec* && rm /etc/ossec-init.conf
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from
On Wed, Aug 15, 2018 at 10:39 AM, Don_Johny wrote:
>
> When i type /var/ossec/bin/manage_agents ,I have only this output one on both
> of them
> * OSSEC HIDS v2.9.3 Agent manager. *
> * The following options are available: *
> **
> **
>(A)dd an agent
When i type /var/ossec/bin/manage_agents ,I have only this output one on
both of them
* OSSEC HIDS v2.9.3 Agent manager. *
* The following options are available: *
**
**
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added
On Wed, Aug 15, 2018 at 9:29 AM, Don_Johny wrote:
> Thanks Dan you are the best :) Your post help me a lot and i got alert it
> was problem with smtp server. But know i am facing issue with adding agents.
> I used every type of network provided in VirtualBox (Host-only,Bridged,NAT)
> and none of
Thanks Dan you are the best :) Your post help me a lot and i got alert it
was problem with smtp server. But know i am facing issue with adding
agents. I used every type of network provided in VirtualBox
(Host-only,Bridged,NAT) and none of them give me the result. When i wanna
add key to agent
Thanks man that help me a LOT, it was problem with smtp server
On Friday, August 10, 2018 at 3:17:59 PM UTC+2, dan (ddpbsd) wrote:
>
> Just a couple of quick ones. I took 3 of the logs you provided, and
> used `ossec-logtest` to see how they were decoded.
>
> **Phase 1: Completed pre-decoding.
Just a couple of quick ones. I took 3 of the logs you provided, and
used `ossec-logtest` to see how they were decoded.
**Phase 1: Completed pre-decoding.
full event: 'Aug 9 06:00:00 server2 systemd:
pam_unix(systemd-user:session): session opened for user dzoni by ($'
hostname:
O thank you, you are really helpful :) lol. How it doesnt matter where you
see information.I told you i cant copy the text from VM(Ubuntu Server) to
Pc(Win10), this was the only way to get data.
On Thursday, August 9, 2018 at 3:49:29 PM UTC+2, dan (ddpbsd) wrote:
>
> On Thu, Aug 9, 2018 at 9:40
On Thu, Aug 9, 2018 at 9:40 AM, Dzenis Aslani wrote:
> I couldnt copy from Virtualmachine but i did make a picture.I hope that it
> make it help
> https://drive.google.com/file/d/11na75k4lPAXUAPowmIjugjpEvQXzqw5n/view?usp=sharing
>
I couldnt copy from Virtualmachine but i did make a picture.I hope that it
make it help
https://drive.google.com/file/d/11na75k4lPAXUAPowmIjugjpEvQXzqw5n/view?usp=sharing
https://drive.google.com/open?id=11na75k4lPAXUAPowmIjugjpEvQXzqw5n
On Thu, Aug 9, 2018 at 9:09 AM, Dzenis Aslani wrote:
> Im using Ubuntu server 18.04
>
>
> On Thursday, August 9, 2018 at 3:08:46 PM UTC+2, Dzenis Aslani wrote:
>>
>> I am sorry, but where can i find them ?
>>
/var/log/authlog maybe
>> On Thursday, August 9, 2018 at 3:00:27 PM UTC+2, dan
Im using Ubuntu server 18.04
On Thursday, August 9, 2018 at 3:08:46 PM UTC+2, Dzenis Aslani wrote:
>
> I am sorry, but where can i find them ?
>
> On Thursday, August 9, 2018 at 3:00:27 PM UTC+2, dan (ddpbsd) wrote:
>>
>> On Thu, Aug 9, 2018 at 8:58 AM, Dzenis Aslani
>> wrote:
>> > Hmm i think
I am sorry, but where can i find them ?
On Thursday, August 9, 2018 at 3:00:27 PM UTC+2, dan (ddpbsd) wrote:
>
> On Thu, Aug 9, 2018 at 8:58 AM, Dzenis Aslani > wrote:
> > Hmm i think so, i care about local logins and also anyone who is trying
> to
> > enter the server (login attempts) .
On Thu, Aug 9, 2018 at 8:58 AM, Dzenis Aslani wrote:
> Hmm i think so, i care about local logins and also anyone who is trying to
> enter the server (login attempts) . Could you provide me rule or changes
> which i have to apply to conf file
>
Not with so little information.
Get some log samples
Hmm i think so, i care about local logins and also anyone who is trying to
enter the server (login attempts) . Could you provide me rule or changes
which i have to apply to conf file
On Thursday, August 9, 2018 at 2:52:57 PM UTC+2, dan (ddpbsd) wrote:
>
> On Thu, Aug 9, 2018 at 6:39 AM, Dzenis
On Thu, Aug 9, 2018 at 6:39 AM, Dzenis Aslani wrote:
> Hello everyone, im new to OSSEC, and i wanna know how to create an email
> alert when somebody is try to login or was successfully loged in into the
> server ?
>
Do you have a log sample of a successful login?
Are you worried about local
30 matches
Mail list logo
