Re: [ossec-list] Re: AnaLogi - OSSEC WUI v1.2

[Frank Stefan Sundberg Solli]

Hi, I really like the new version, I got some suggestions that im posting
here

1) In management.php the database usage- client vs level. level 5 and level
9 has the same colour (blue)
2) in detail.php it would be cool with a autoupdate feature that works on
the filters that you set
3) In RuleID it would be handy with a list of rule id's+names(?) so that
you can navigate through the alerts

On Fri, Aug 3, 2012 at 2:00 PM, Xavier Mertens  wrote:

> I installed the new version (just replaced the existing directory) and
> worked like a charm...
>
> Good job Guys!
>
> /x
>
> On Thu, Aug 2, 2012 at 2:37 PM, techsupp...@ecsc.co.uk <
> techsupp...@ecsc.co.uk> wrote:
>
>> For the bug... I *think* you have not replaced
>> ./analogi/php/index_graph.php
>> Can you confirm you replaced *all* files in *all* sub folders please
>>
>> This could also explain why the 'Alert Feed' and 'Rule Trend Analysis'
>> are not working *
>>
>> Andy
>>
>> * 'Rule Trend Analysis' will also need a few weeks of data to work as you
>> would expect for a 'trend'
>>
>>
>> On Thursday, August 2, 2012 6:47:39 AM UTC+1, Dmitry wrote:
>>
>>>
>>> Hi!
>>>
>>> I used AnaLogi 1.1.
>>> As far as I unfrstood in order to install AnaLogi 1.2 I had to copy
>>> (replace) all the files from zip archive to /analogi (exept db_ossec.php).
>>> I did so, but I have almost empty pages NewsFeed and Management.
>>> See attached files (+ 1 previous bug).
>>> Bug
>>>
>>> 
>>> NewsFeed
>>>
>>>
>>> 
>>> Management
>>>
>>> 
>>>
>>>
>>> On Wednesday, August 1, 2012 2:18:20 PM UTC+4, techs...@ecsc.co.ukwrote:
>>>
 The new version is out and on GitHub !!

 https://github.com/ECSC/**analogi/downloads

 New Features
 --
 Connection Diagnostics for when Analogi does not have any data for the
 graphs (it tests mysql/php module, connection to server, mysql schema,
 database content).

 Group Category filtering added to main page (sshd, arpwatch, windows
 etc)

 New page 'NewsFeed' providing:
 * 'Threat Feed' gives a listing of alerts based upon alert time and
 threat level
 * 'Trend Analysis' compares the previous time block against previous
 weeks to see which alert/systems are experience the greatest change from
 base line

 New page 'Management' for managing and running the SQL database
 providing:
 * Last agent check in report to highlight which agents have stopped
 reporting in
 * List of the biggest alert/system combinations
 * Database size and Database row count
 * Report on which agents are using the most disk space with a per level
 breakdown
 * Historical report on database data
 * All of which help feed into the last section, the Database Clean
 up filter for deleting superfluous data

 Auto Div scaling on front page ensures that an excess of graph lines
 does not impede the visuals

 Customisable auto-highlighing of keywords on detail.php

 Fix/Improved
 --
 Faster SQL
 Hover text for front page
 Improved consistency between index.php and detail.php
 Radio button selection on index.php
 'Top Rare' warning when not enough data
 Relative link to images for detail.php
 Hard links added to header
 Lots more


 All feedback welcome.

 (I've created a new thread to keep comments separate.)

 --
 My server is com

Re: [ossec-list] Re: AnaLogi - OSSEC WUI v1.2

[techsupp...@ecsc.co.uk]

Frank I think it's probably me being daft, but which comments are you 
referring to?

On Friday, August 3, 2012 1:15:31 PM UTC+1, Frank Stefan wrote:
>
> Thanks for the new update, where can I find the thread about the comments?
>
> On Fri, Aug 3, 2012 at 11:27 AM, Dmitry  wrote:
>
>> Thanks a lot.
>> You are quite right. I'm windows user, so i was not able to extract and 
>> correctly copy Analogi files.
>>
>>
>> On Thursday, August 2, 2012 4:37:54 PM UTC+4, techs...@ecsc.co.uk wrote:
>>>
>>> For the bug... I *think* you have not replaced 
>>> ./analogi/php/index_graph.php  
>>> Can you confirm you replaced *all* files in *all* sub folders please
>>>
>>> This could also explain why the 'Alert Feed' and 'Rule Trend Analysis' 
>>> are not working *
>>>
>>> Andy
>>>
>>> * 'Rule Trend Analysis' will also need a few weeks of data to work as 
>>> you would expect for a 'trend'
>>>
>>> On Thursday, August 2, 2012 6:47:39 AM UTC+1, Dmitry wrote:


 Hi!

 I used AnaLogi 1.1.
 As far as I unfrstood in order to install AnaLogi 1.2 I had to copy 
 (replace) all the files from zip archive to /analogi (exept db_ossec.php).
 I did so, but I have almost empty pages NewsFeed and Management.
 See attached files (+ 1 previous bug).
 Bug

 
 NewsFeed


 
 Management

 


 On Wednesday, August 1, 2012 2:18:20 PM UTC+4, techs...@ecsc.co.ukwrote:
>
> The new version is out and on GitHub !!
>
> https://github.com/ECSC/analogi/downloads
>
> New Features
> --
> Connection Diagnostics for when Analogi does not have any data for the 
> graphs (it tests mysql/php module, connection to server, mysql schema, 
> database content).
>
> Group Category filtering added to main page (sshd, arpwatch, windows 
> etc)
>
> New page 'NewsFeed' providing:
> * 'Threat Feed' gives a listing of alerts based upon alert time and 
> threat level
> * 'Trend Analysis' compares the previous time block against previous 
> weeks to see which alert/systems are experience the greatest change from 
> base line
>
> New page 'Management' for managing and running the SQL database 
> providing:
> * Last agent check in report to highlight which agents have stopped 
> reporting in
> * List of the biggest alert/system combinations
> * Database size and Database row count
> * Report on which agents are using the most disk space with a per 
> level breakdown
> * Historical report on database data
> * All of which help feed into the last section, the Database Clean 
> up filter for deleting superfluous data
>
> Auto Div scaling on front page ensures that an excess of graph lines 
> does not impede the visuals
>
> Customisable auto-highlighing of keywords on detail.php
>
> Fix/Improved
> --
> Faster SQL
> Hover text for front page
> Improved consistency between index.php and detail.php
> Radio button selection on index.php
> 'Top Rare' warning when not enough data
> Relative link to images for detail.php
> Hard links added to header
> Lots more
>
>
> All feedback welcome.
>
> (I've created a new thread to keep comments separate.)
>

>
>
> -- 
> MVH/With regards
>
> Frank
> --
> Name: Frank Stefan Sundberg Solli
> E-mail: frankste...@gmail.com
> Web:http://0x41.me
> GPG:684119F4
>
>

Re: [ossec-list] Re: AnaLogi - OSSEC WUI v1.2

[techsupp...@ecsc.co.uk]

1) Yes, the colours are generated by amcharts, I've been considering a 
custom colour set which would probably also look good here..
2) Oops I thought it did, good idea
3) Which RuleID please? I ask because on the detail.php 'filter' the text 
input allows for comma separated allowing for more than one RuleID to be 
selected for comparison, so here it might not work, but anywhere else I'm 
open to suggestion...

Andy

On Tuesday, August 7, 2012 12:25:23 PM UTC+1, Frank Stefan wrote:
>
> Hi, I really like the new version, I got some suggestions that im posting 
> here
>
> 1) In management.php the database usage- client vs level. level 5 and 
> level 9 has the same colour (blue)
> 2) in detail.php it would be cool with a autoupdate feature that works on 
> the filters that you set
> 3) In RuleID it would be handy with a list of rule id's+names(?) so that 
> you can navigate through the alerts
>
> On Fri, Aug 3, 2012 at 2:00 PM, Xavier Mertens  wrote:
>
>> I installed the new version (just replaced the existing directory) and 
>> worked like a charm...
>>
>> Good job Guys!
>>
>> /x
>>
>> On Thu, Aug 2, 2012 at 2:37 PM, techsupp...@ecsc.co.uk <
>> techsupp...@ecsc.co.uk> wrote:
>>
>>> For the bug... I *think* you have not replaced 
>>> ./analogi/php/index_graph.php  
>>> Can you confirm you replaced *all* files in *all* sub folders please
>>>
>>> This could also explain why the 'Alert Feed' and 'Rule Trend Analysis' 
>>> are not working *
>>>
>>> Andy
>>>
>>> * 'Rule Trend Analysis' will also need a few weeks of data to work as 
>>> you would expect for a 'trend'
>>>  
>>>
>>> On Thursday, August 2, 2012 6:47:39 AM UTC+1, Dmitry wrote:
>>>

 Hi!

 I used AnaLogi 1.1.
 As far as I unfrstood in order to install AnaLogi 1.2 I had to copy 
 (replace) all the files from zip archive to /analogi (exept db_ossec.php).
 I did so, but I have almost empty pages NewsFeed and Management.
 See attached files (+ 1 previous bug).
 Bug

 
 NewsFeed


 
 Management

 


 On Wednesday, August 1, 2012 2:18:20 PM UTC+4, techs...@ecsc.co.ukwrote:

>  The new version is out and on GitHub !!
>
> https://github.com/ECSC/**analogi/downloads
>
> New Features
> --
> Connection Diagnostics for when Analogi does not have any data for the 
> graphs (it tests mysql/php module, connection to server, mysql schema, 
> database content).
>
> Group Category filtering added to main page (sshd, arpwatch, windows 
> etc)
>
> New page 'NewsFeed' providing:
> * 'Threat Feed' gives a listing of alerts based upon alert time and 
> threat level
> * 'Trend Analysis' compares the previous time block against previous 
> weeks to see which alert/systems are experience the greatest change from 
> base line
>
> New page 'Management' for managing and running the SQL database 
> providing:
> * Last agent check in report to highlight which agents have stopped 
> reporting in
> * List of the biggest alert/system combinations
> * Database size and Database row count
> * Report on which agents are using the most disk space with a per 
> level breakdown
> * Historical report on database data
> * All of which help feed into the last section, the Database Clean 
> up filter for deleting superfluous data
>
> Auto Div scaling on front page ensures that an excess of graph lines 
> does not impede the visuals
>
> Customisable auto-highlighing of keywords on detail.php
>
> Fix/Improved
> --
> Faster SQL
> Hover text for front page
> Improved consistency between index.php and detail.php
> Radio button selection on index.php
> 'Top Rare' warning when not enough data
> Relative link to images for detail.php
> Hard links added to header
> Lots more
>
>
> All feedback welcome.
>
> (I've created a new thread to keep comments separate.)
>
> -- 
> My server is com

Re: [ossec-list] Re: AnaLogi - OSSEC WUI v1.2

[Frank Stefan Sundberg Solli]

3) What I was thinking was more of a drop down menu of all Rule IDS', that
way you dont need to know the Rule ID for the alert you want to look for.
(This will allow people not familiar with the internals of ossec to search
for relevant log entries)


On Tue, Aug 7, 2012 at 2:44 PM, techsupp...@ecsc.co.uk <
techsupp...@ecsc.co.uk> wrote:

> 1) Yes, the colours are generated by amcharts, I've been considering a
> custom colour set which would probably also look good here..
> 2) Oops I thought it did, good idea
> 3) Which RuleID please? I ask because on the detail.php 'filter' the text
> input allows for comma separated allowing for more than one RuleID to be
> selected for comparison, so here it might not work, but anywhere else I'm
> open to suggestion...
>
> Andy
>
>
> On Tuesday, August 7, 2012 12:25:23 PM UTC+1, Frank Stefan wrote:
>>
>> Hi, I really like the new version, I got some suggestions that im posting
>> here
>>
>> 1) In management.php the database usage- client vs level. level 5 and
>> level 9 has the same colour (blue)
>> 2) in detail.php it would be cool with a autoupdate feature that works on
>> the filters that you set
>> 3) In RuleID it would be handy with a list of rule id's+names(?) so that
>> you can navigate through the alerts
>>
>> On Fri, Aug 3, 2012 at 2:00 PM, Xavier Mertens wrote:
>>
>>> I installed the new version (just replaced the existing directory) and
>>> worked like a charm...
>>>
>>> Good job Guys!
>>>
>>> /x
>>>
>>> On Thu, Aug 2, 2012 at 2:37 PM, techsupp...@ecsc.co.uk <
>>> techsupp...@ecsc.co.uk> wrote:
>>>
 For the bug... I *think* you have not replaced
 ./analogi/php/index_graph.php
 Can you confirm you replaced *all* files in *all* sub folders please

 This could also explain why the 'Alert Feed' and 'Rule Trend Analysis'
 are not working *

 Andy

 * 'Rule Trend Analysis' will also need a few weeks of data to work as
 you would expect for a 'trend'


 On Thursday, August 2, 2012 6:47:39 AM UTC+1, Dmitry wrote:

>
> Hi!
>
> I used AnaLogi 1.1.
> As far as I unfrstood in order to install AnaLogi 1.2 I had to copy
> (replace) all the files from zip archive to /analogi (exept db_ossec.php).
> I did so, but I have almost empty pages NewsFeed and Management.
> See attached files (+ 1 previous bug).
> Bug
>
> 
> NewsFeed
>
>
> 
> Management
>
> 
>
>
> On Wednesday, August 1, 2012 2:18:20 PM UTC+4, techs...@ecsc.co.ukwrote:
>
>>  The new version is out and on GitHub !!
>>
>> https://github.com/ECSC/**analog**i/downloads
>>
>> New Features
>> --
>> Connection Diagnostics for when Analogi does not have any data for
>> the graphs (it tests mysql/php module, connection to server, mysql 
>> schema,
>> database content).
>>
>> Group Category filtering added to main page (sshd, arpwatch, windows
>> etc)
>>
>> New page 'NewsFeed' providing:
>> * 'Threat Feed' gives a listing of alerts based upon alert time and
>> threat level
>> * 'Trend Analysis' compares the previous time block against previous
>> weeks to see which alert/systems are experience the greatest change from
>> base line
>>
>> New page 'Management' for managing and running the SQL database
>> providing:
>> * Last agent check in report to highlight which agents have stopped
>> reporting in
>> * List of the biggest alert/system combinations
>> * Database size and Database row count
>> * Report on which agents are using the most disk space with a per
>> level breakdown
>> * Historical report on database data
>> * All of which help feed into the last section, the Database
>> Clean up filter for deleting superfluous data
>>
>> Auto Div scaling on front page ensures that an excess of graph lines
>> does not impede the visuals
>>
>> Customisable auto-highlighing of keywords on detail.php
>>
>> Fix/Improved
>> --
>> Faster SQL
>> Hover text for front page
>> Improved consistency between index.php and detail.php
>> Radio button selection on index.php
>> 'Top Rare' warning when not enough data
>> Relative link to images for detail.php
>> Hard links added to header
>> Lots more
>>
>>
>> All feedback welcome.
>>
>> (I've created a new thread to keep comments separate.)
>>
>> --
>> My server is com

Re: [ossec-list] Re: AnaLogi - OSSEC WUI v1.2

[techsupp...@ecsc.co.uk]

Sorry, to clarify, are you referring to a specific location, or everywhere? 

On Tuesday, August 7, 2012 2:15:57 PM UTC+1, Frank Stefan wrote:
>
> 3) What I was thinking was more of a drop down menu of all Rule IDS', that 
> way you dont need to know the Rule ID for the alert you want to look for. 
> (This will allow people not familiar with the internals of ossec to search 
> for relevant log entries)
>
>
> On Tue, Aug 7, 2012 at 2:44 PM, techsupp...@ecsc.co.uk <
> techsupp...@ecsc.co.uk> wrote:
>
>> 1) Yes, the colours are generated by amcharts, I've been considering a 
>> custom colour set which would probably also look good here..
>> 2) Oops I thought it did, good idea
>> 3) Which RuleID please? I ask because on the detail.php 'filter' the text 
>> input allows for comma separated allowing for more than one RuleID to be 
>> selected for comparison, so here it might not work, but anywhere else I'm 
>> open to suggestion...
>>
>> Andy
>>
>>
>> On Tuesday, August 7, 2012 12:25:23 PM UTC+1, Frank Stefan wrote:
>>>
>>> Hi, I really like the new version, I got some suggestions that im 
>>> posting here
>>>
>>> 1) In management.php the database usage- client vs level. level 5 and 
>>> level 9 has the same colour (blue)
>>> 2) in detail.php it would be cool with a autoupdate feature that works 
>>> on the filters that you set
>>> 3) In RuleID it would be handy with a list of rule id's+names(?) so that 
>>> you can navigate through the alerts
>>>
>>> On Fri, Aug 3, 2012 at 2:00 PM, Xavier Mertens wrote:
>>>
 I installed the new version (just replaced the existing directory) and 
 worked like a charm...

 Good job Guys!

 /x

 On Thu, Aug 2, 2012 at 2:37 PM, techsupp...@ecsc.co.uk <
 techsupp...@ecsc.co.uk> wrote:

> For the bug... I *think* you have not replaced 
> ./analogi/php/index_graph.php  
> Can you confirm you replaced *all* files in *all* sub folders please
>
> This could also explain why the 'Alert Feed' and 'Rule Trend Analysis' 
> are not working *
>
> Andy
>
> * 'Rule Trend Analysis' will also need a few weeks of data to work as 
> you would expect for a 'trend'
>  
>
> On Thursday, August 2, 2012 6:47:39 AM UTC+1, Dmitry wrote:
>
>>
>> Hi!
>>
>> I used AnaLogi 1.1.
>> As far as I unfrstood in order to install AnaLogi 1.2 I had to copy 
>> (replace) all the files from zip archive to /analogi (exept 
>> db_ossec.php).
>> I did so, but I have almost empty pages NewsFeed and Management.
>> See attached files (+ 1 previous bug).
>> Bug
>>
>> 
>> NewsFeed
>>
>>
>> 
>> Management
>>
>> 
>>
>>
>> On Wednesday, August 1, 2012 2:18:20 PM UTC+4, techs...@ecsc.co.ukwrote:
>>
>>>  The new version is out and on GitHub !!
>>>
>>> https://github.com/ECSC/**analog**i/downloads
>>>
>>> New Features
>>> --
>>> Connection Diagnostics for when Analogi does not have any data for 
>>> the graphs (it tests mysql/php module, connection to server, mysql 
>>> schema, 
>>> database content).
>>>
>>> Group Category filtering added to main page (sshd, arpwatch, windows 
>>> etc)
>>>
>>> New page 'NewsFeed' providing:
>>> * 'Threat Feed' gives a listing of alerts based upon alert time and 
>>> threat level
>>> * 'Trend Analysis' compares the previous time block against previous 
>>> weeks to see which alert/systems are experience the greatest change 
>>> from 
>>> base line
>>>
>>> New page 'Management' for managing and running the SQL database 
>>> providing:
>>> * Last agent check in report to highlight which agents have stopped 
>>> reporting in
>>> * List of the biggest alert/system combinations
>>> * Database size and Database row count
>>> * Report on which agents are using the most disk space with a per 
>>> level breakdown
>>> * Historical report on database data
>>> * All of which help feed into the last section, the Database 
>>> Clean up filter for deleting superfluous data
>>>
>>> Auto Div scaling on front page ensures that an excess of graph lines 
>>> does not impede the visuals
>>>
>>> Customisable auto-highlighing of keywords on detail.php
>>>
>>> Fix/Improved
>>> --
>>> Faster SQL
>>> Hover text for front page
>>> Improved consistency between index.php and detail.php
>>> Radio button selection on index.php
>>> 'Top Rare' warning when not enough data
>>> Relative li

[ossec-list] Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?

[Diezou]

Hello,
Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?
If not (that I think after docs reading), I'd like to know if these 
algorithms act as a part of future roadmap?
Thanks

Re: [ossec-list] Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?

[dan (ddp)]

On Tue, Aug 7, 2012 at 12:10 PM, Diezou  wrote:
> Hello,
> Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?
> If not (that I think after docs reading), I'd like to know if these
> algorithms act as a part of future roadmap?
> Thanks

No, and not really.

Re: [ossec-list] Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?

[Wei Zhang]

Is there a place for feature request? +1 for SHA-256 or SHA512

On Tue, Aug 7, 2012 at 12:13 PM, dan (ddp)  wrote:

> On Tue, Aug 7, 2012 at 12:10 PM, Diezou  wrote:
> > Hello,
> > Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?
> > If not (that I think after docs reading), I'd like to know if these
> > algorithms act as a part of future roadmap?
> > Thanks
>
> No, and not really.
>

Re: [ossec-list] Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?

[dan (ddp)]

On Tue, Aug 7, 2012 at 12:26 PM, Wei Zhang  wrote:
> Is there a place for feature request? +1 for SHA-256 or SHA512
>

https://bitbucket.org/dcid/ossec-hids In the issues section

Is there a specific reason you want one of these? Are these required
by something specific?

>
> On Tue, Aug 7, 2012 at 12:13 PM, dan (ddp)  wrote:
>>
>> On Tue, Aug 7, 2012 at 12:10 PM, Diezou  wrote:
>> > Hello,
>> > Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?
>> > If not (that I think after docs reading), I'd like to know if these
>> > algorithms act as a part of future roadmap?
>> > Thanks
>>
>> No, and not really.
>
>

Re: [ossec-list] Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?

[Wei Zhang]

We have requirement to use FIPS 140-2 hashing algorithm. I read somewhere
that md5sum or sha1sum will not be on the approve list in the future.
assuming that is true, i would have to remove OSSEC off 25+ servers. dont
really want to do that.

On Tue, Aug 7, 2012 at 12:43 PM, dan (ddp)  wrote:

> On Tue, Aug 7, 2012 at 12:26 PM, Wei Zhang  wrote:
> > Is there a place for feature request? +1 for SHA-256 or SHA512
> >
>
> https://bitbucket.org/dcid/ossec-hids In the issues section
>
> Is there a specific reason you want one of these? Are these required
> by something specific?
>
> >
> > On Tue, Aug 7, 2012 at 12:13 PM, dan (ddp)  wrote:
> >>
> >> On Tue, Aug 7, 2012 at 12:10 PM, Diezou  wrote:
> >> > Hello,
> >> > Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?
> >> > If not (that I think after docs reading), I'd like to know if these
> >> > algorithms act as a part of future roadmap?
> >> > Thanks
> >>
> >> No, and not really.
> >
> >
>

Re: [ossec-list] Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?

[Ryan Schulze]

Do you remember where you read that? As far as I can see FIPS 140-3 is 
still in draft and sha-1 is still in the list. But considering the draft 
has been around for years it would be good to have a heads up if it 
get's deprecated when the final release comes around.



On 8/7/2012 12:15 PM, Wei Zhang wrote:
We have requirement to use FIPS 140-2 hashing algorithm. I read 
somewhere that md5sum or sha1sum will not be on the approve list in 
the future.  assuming that is true, i would have to remove OSSEC off 
25+ servers. dont really want to do that.


On Tue, Aug 7, 2012 at 12:43 PM, dan (ddp) > wrote:


On Tue, Aug 7, 2012 at 12:26 PM, Wei Zhang mailto:acur...@gmail.com>> wrote:
> Is there a place for feature request? +1 for SHA-256 or SHA512
>

https://bitbucket.org/dcid/ossec-hids In the issues section

Is there a specific reason you want one of these? Are these required
by something specific?

>
> On Tue, Aug 7, 2012 at 12:13 PM, dan (ddp) mailto:ddp...@gmail.com>> wrote:
>>
>> On Tue, Aug 7, 2012 at 12:10 PM, Diezou mailto:secur...@diezou.net>> wrote:
>> > Hello,
>> > Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?
>> > If not (that I think after docs reading), I'd like to know if
these
>> > algorithms act as a part of future roadmap?
>> > Thanks
>>
>> No, and not really.
>
>

RE: [ossec-list] Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?

[Andy Cockroft (andic)]

Hi

 

For many reasons, I run an OpenVPN network spanning all our servers
across varying sites geographically bringing a VPN tunnel from each
server back to a central location. OSSEC is one use of such a VPN,

 

The OSSEC Server is also the OpenVPN Server, so all traffic is
essentially point-to-point. Very simple to implement, very reliable and
very efficient

 

Works for me - but I suppose it depends what level of FIPS you need

 

Andy

 

 

From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com]
On Behalf Of Wei Zhang
Sent: Wednesday, 8 August 2012 5:15 a.m.
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] Can OSSEC 2.6 support SHA-256 or SHA-512
algorithms?

 

We have requirement to use FIPS 140-2 hashing algorithm. I read
somewhere that md5sum or sha1sum will not be on the approve list in the
future.  assuming that is true, i would have to remove OSSEC off 25+
servers. dont really want to do that. 

On Tue, Aug 7, 2012 at 12:43 PM, dan (ddp)  wrote:

On Tue, Aug 7, 2012 at 12:26 PM, Wei Zhang  wrote:
> Is there a place for feature request? +1 for SHA-256 or SHA512
>

https://bitbucket.org/dcid/ossec-hids In the issues section

Is there a specific reason you want one of these? Are these required
by something specific?


>
> On Tue, Aug 7, 2012 at 12:13 PM, dan (ddp)  wrote:
>>
>> On Tue, Aug 7, 2012 at 12:10 PM, Diezou  wrote:
>> > Hello,
>> > Can OSSEC 2.6 support SHA-256 or SHA-512 algorithms?
>> > If not (that I think after docs reading), I'd like to know if these
>> > algorithms act as a part of future roadmap?
>> > Thanks
>>
>> No, and not really.
>
>

 

[ossec-list] Re: Problem with squid logs

[Emmanuel E.]

I can't find the solution yet. Does anyone have any idea how to fix it?

Re: [ossec-list] Re: Problem with squid logs

[dan (ddp)]

On Thu, Jul 26, 2012 at 9:47 AM, Emmanuel E.  wrote:
> Hello! this happen only with access.log, the agent continues to send logs of
> /var/log/message and /var/log/secure. Sometimes when squid rotates the
> access.log, the agent starts to sends newly the logs. But other times, the
> agent continues without  sending the logs of access.log.
> The logs of access.log rotate weekly automaticly with logrotate. The
> following shows the archive of configuration of logrotate to access.log:
>
> less  /etc/logrotate.d/squid
>
> /var/log/squid/access.log {
> weekly
> rotate 5
> copytruncate
> compress
> notifempty
> missingok
> }
> /var/log/squid/cache.log {
> weekly
> rotate 5
> copytruncate
> compress
> notifempty
> missingok
> }
>
> /var/log/squid/store.log {
> weekly
> rotate 5
> copytruncate
> compress
> notifempty
> missingok
> # This script asks squid to rotate its logs on its own.
> # Restarting squid is a long process and it is not worth
> # doing it just to rotate logs
> postrotate
>   /usr/sbin/squid -k rotate
> endscript
> }
>

How does this differ from the log rotation of the other logs that
continue to work after they're rotated?

[ossec-list] ignore interval but...

[Kat]

Ok, here is a tricky one I can't figure out..

I have a simple rule with an ignore=7200 so it does not fire too much. BUT, 
what if I only want to set the ignore PER HOST? In other words, if it 
triggers on another host it should alert then set the ignore timer. Yeah, I 
am not aware of a clean/simple way to do this..

Any ideas?