Oh. thank for help. Dan :) Vào 00:05:42 UTC+7 Thứ ba, ngày 27 tháng năm năm 2014, dan (ddpbsd) đã viết: > > > On May 26, 2014 1:02 PM, "Nguyễn Văn Hớn" <hon...@gmail.com <javascript:>> > wrote: > > > > > > For example. when server have detect rootkit or modified from agent , we > have alert. but it only server have alert. i want to agent know that. and > agent have autonomous attack that. we have use syslog to send alert from > server to agetn. config from ossec.conf (server) ???? > > There is currently no way to send the alert to the ossec agent software. > Even if you could, there isn't any functionality for the agent to do > anything with the alert. > I do not anticipate that changing. Your best bet is to have the server > notify the admins or security team of issues so they can take the > appropriate actions. > > > Vào 23:51:44 UTC+7 Thứ hai, ngày 26 tháng năm năm 2014, dan (ddpbsd) đã > viết: > >> > >> > >> On May 26, 2014 12:49 PM, "Nguyễn Văn Hớn" <hon...@gmail.com> wrote: > >> > > >> > Oh thank Dan... the question 1. because when the server dectect > attack from agent the only server know that. i think agent need know that. > Can you help me more details. ( sorry my english is bad :( > >> > >> Typically you want a person to know. You could use active response to > try and block the attacks, but you should still probably notify an admin or > he security team. > >> > >> > 2. i have turn on option <logall>yes</logall> but have error > >> > > >> > >> What error? > >> > >> > Vào 23:43:15 UTC+7 Thứ hai, ngày 26 tháng năm năm 2014, dan (ddpbsd) > đã viết: > >> >> > >> >> > >> >> On May 26, 2014 12:39 PM, "Nguyễn Văn Hớn" <hon...@gmail.com> wrote: > >> >> > > >> >> > hi everybody. i have question : > >> >> > How to send alert from server to agent when agent have attacked. > And log from agent send to server. Where is it stored? > >> >> > > >> >> > >> >> You can't really send the alerts to the agents. You can send some > alerts to a centralized location uskng csyslogd, but there's no > functionality to send it to a lot of locations. Why would you want to do > this anyways? > >> >> Alerts are stored in /var/ossec/logs/alerts. Log messages are not > stored by default, you need to turn on the log all option. If yiu do that > they're stored in logs/archives. > >> >> > >> >> > thank for help > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > send an email to ossec-list+...@googlegroups.com. > >> >> > >> >> > For more options, visit https://groups.google.com/d/optout. > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to ossec-list+...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.