Re: [ossec-list] Russian cyrillic
Даниил, огромное спасибо за помощь! Решеение действительно очень простое! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] authenticated smtp usage...
I know this topic has been discussed many times, but I'm not sure why it isn't implemented. send_from_email_username email_password Granted, there are going to be issues sending to smtp servers that require SSL/TLS, etc.., but that's far less of an issue (i.e., finding one that doesn't require SSL/TLS) that finding one that doesn't require authentication. I understand the security aspect, but the database credentials are already stored there in plain text. $.02 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] authenticated smtp usage...
How about using postix on localhost? Much better solution.. On Jun 15, 2015 6:04 PM, "Mark Feferman" wrote: > I know this topic has been discussed many times, but I'm not sure why it > isn't implemented. > > send_from_email_username > email_password > > Granted, there are going to be issues sending to smtp servers that require > SSL/TLS, etc.., but that's far less of an issue (i.e., finding one that > doesn't require SSL/TLS) that finding one that doesn't require > authentication. > > I understand the security aspect, but the database credentials are already > stored there in plain text. > > $.02 > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] ossec-logtest succeeds but alerts never happen
I created a custom decoder (in local_decoder.xml) to parse a log file from an application that is similar in format to syslog. I also created the corresponding custom rule (in local_rules.xml) to trigger on a particular event. While testing all of this, when I run ossec-logtest, I get success. But now that I restart OSSEC, I never receive and alert. I look at the ossec.log file and it has analyzed the particular log file of interest. What am I missing? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] [Call for help] Help shape the future of machine learning research for IDSs
Dear, (Brazilian Portuguese version bellow – Versão em português abaixo) My name is Antonio Augusto, and I am currently doing a MS in Computer Science in Brazil. My research focus on the use of Machine Learning techniques on IDS (Intrusion Detection Systems) alerts. There has been a lot of work on this area in recent years, which tries to bring some improvements on the way we deal with alerts. However, the academia has no way to know which approach will be most beneficial to the system analyst. We are trying to fill this gap, and would really appreciate your help. We have devised a simple survey, which will help us discover which areas of the IDS you think needs more improvement. It will take only about 10 minutes from your time to answer the survey. We have forms in English and Portuguese; choose the one will feel more comfortable with. Please, answer only one version of the form. Also, if you can, please forward this message to any of your friends that work with IDSs, the more people we have, the better. Thanks a lot for your help! The form in English: http://goo.gl/forms/5xoo4Yr6PU The form in Portuguese: http://goo.gl/forms/VhZOnIr3PF (Portuguese version – Versão em Português) Prezados, Meu nome é Antonio Augusto, e eu estou fazendo um mestrado em Ciência da Computação no Brasil. O foco da minha pesquisa é sobre o uso de técnicas de Aprendizado de Máquina em alertas de IDSs (Sistemas de Detecção de Intrusão, na sigla em inglês). Atualmente tem havido muito trabalho nessa área, muitos que tentam melhorar a maneira como lidamos com alertas de IDSs. No entanto, a área acadêmica não tem como saber que abordagem trará os melhores ganhos para os analistas de segurança. Nós estamos tentando fechar essa lacuna, e gostaríamos de sua ajuda. Nós desenvolvemos um questionário que vai nos ajudar a descobrir quais áreas do IDS vocês acham que precisam de mais melhorias. Responder o questionário não vai levar mais de 10 minutos. Temos versões do formulário em português e inglês; escolha a que você se sentir mais confortável em responder. Por favor, responda apenas uma versão. Além disso, se você puder encaminhar essa mensagem para outras pessoas que trabalham com IDS nós seriámos muito gratos. Muito obrigado pela ajuda! Questionário em inglês: http://goo.gl/forms/5xoo4Yr6PU Questionário em português: http://goo.gl/forms/VhZOnIr3PF -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: ossec-logtest succeeds but alerts never happen
I ended up getting it working. I think it had to do with the timing of writing test entries to the log file I was processing. Sorry to bother. BTW, this is an absolutely fantastic product! On Monday, June 15, 2015 at 3:45:34 PM UTC-5, Mark Feferman wrote: > > I created a custom decoder (in local_decoder.xml) to parse a log file from > an application that is similar in format to syslog. > I also created the corresponding custom rule (in local_rules.xml) to > trigger on a particular event. > > While testing all of this, when I run ossec-logtest, I get success. > > But now that I restart OSSEC, I never receive and alert. I look at the > ossec.log file and it has analyzed the particular log file of interest. > > What am I missing? > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
