from:"Eduardo Reichert Figueiredo"

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-31 Thread Eduardo Reichert Figueiredo

Hi,
after enable ipv6 in /boot i received other problem, the process remoted 
binding in port 1514 for ipv6 and not binding to ipv4.

udp6   0  0 :::514  :::*   
 5243/bin/ossec-remo
udp6   0  0 :::1514 :::*   
 5244/bin/ossec-remo

You know this type of problem?


Em quarta-feira, 29 de março de 2017 15:09:37 UTC-3, Victor Fernandez 
escreveu:
>
> Sorry Eduardo, maybe the method that I told you (enabling on the fly) does 
> not work properly.
>
> If followed those steps to disable IPv6, better undo what you did to 
> disable it.
>
> I have done it by editing file "/etc/sysctl.conf" and adding (to disable) 
> or removing (to enable back) these lines:
>
> net.ipv6.conf.all.disable_ipv6 = 1
>
> net.ipv6.conf.default.disable_ipv6 = 1
>
>
> You probably used this method to disable IPv6, so please try to remove (or 
> comment) those lines, reboot your system and start OSSEC again.
>
> Best regards.
>
> On Wed, Mar 29, 2017 at 3:30 PM, Eduardo Reichert Figueiredo <
> eduardo@hotmail.com > wrote:
>
>> Hi Victor,
>> i validated and ipv6 feature is enable in my redhat 7.3, but ossec 
>> remoted continue is same error reported above.
>>
>> The file of installation is same that used in other installations 
>> (rhel6.8).
>>
>> Em quinta-feira, 23 de março de 2017 15:37:50 UTC-3, Victor Fernandez 
>> escreveu:
>>>
>>> Hi Eduardo, 
>>>
>>> I agree with Dan, I tested OSSEC v2.9 on a clean CentOS 7 with your 
>>>  configuration and it worked. But when I disabled IPv6 I got the 
>>> same errors you have.
>>>
>>> Please try to enable IPv6 on the running system with:
>>>
>>> sysctl -w net.ipv6.conf.all.disable_ipv6=1
>>> sysctl -w net.ipv6.conf.default.disable_ipv6=1
>>>
>>>
>>> And try to start OSSEC. If it works, consider enabling IPv6 permanently 
>>> by editing file */etc/sysctl.conf*.
>>>
>>> Hope it help. If I find another way to run OSSEC with IPv6 disabled I 
>>> will let you know.
>>>
>>> Best regards.
>>>
>>> On Thu, Mar 23, 2017 at 11:19 AM, dan (ddp)  wrote:
>>>
>>>> On Thu, Mar 23, 2017 at 1:08 PM, Eduardo Reichert Figueiredo
>>>>  wrote:
>>>> > Hi dan, i dont have ipv6 enabled in my system linux, so i dont have 
>>>> inet6 in
>>>> > my ifconfig configurations, only ipv4.
>>>> >
>>>> > This can caused for the problem?
>>>> >
>>>>
>>>> I think having ipv6 support is necessary now. You don't need to have
>>>> addresses or anything, but the facilities need to be available.
>>>>
>>>> > Em quarta-feira, 22 de março de 2017 20:30:08 UTC-3, dan (ddpbsd) 
>>>> escreveu:
>>>> >>
>>>> >> On Tue, Mar 21, 2017 at 10:46 AM, Eduardo Reichert Figueiredo
>>>> >>  wrote:
>>>> >> > When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and 
>>>> address) i
>>>> >> > have
>>>> >>
>>>> >> Is IPv6 totally disabled for your system (support for IPv6 was 
>>>> removed)?
>>>> >>
>>>> >> > a problem to ossec-remoted and ossec-auth, this services cant bind 
>>>> ports
>>>> >> > 1514, log error below.
>>>> >> > I generated my certificated with commands "openssl genrsa -out" and
>>>> >> > "openssl
>>>> >> > req -new -x509 -key ".
>>>> >> >
>>>> >> > ##Log OSSEC.LOG
>>>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'.
>>>> >> > 2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from:
>>>> >> > '0.0.0.0/0'
>>>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'.
>>>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>>>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>>>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port
>>>> >> > '1514'
>>>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port
>>>> >> > '514'
>>>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Startin

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-29 Thread Eduardo Reichert Figueiredo

Hi Victor,
i validated and ipv6 feature is enable in my redhat 7.3, but ossec remoted 
continue is same error reported above.

The file of installation is same that used in other installations (rhel6.8).

Em quinta-feira, 23 de março de 2017 15:37:50 UTC-3, Victor Fernandez 
escreveu:
>
> Hi Eduardo, 
>
> I agree with Dan, I tested OSSEC v2.9 on a clean CentOS 7 with your 
>  configuration and it worked. But when I disabled IPv6 I got the 
> same errors you have.
>
> Please try to enable IPv6 on the running system with:
>
> sysctl -w net.ipv6.conf.all.disable_ipv6=1
> sysctl -w net.ipv6.conf.default.disable_ipv6=1
>
>
> And try to start OSSEC. If it works, consider enabling IPv6 permanently by 
> editing file */etc/sysctl.conf*.
>
> Hope it help. If I find another way to run OSSEC with IPv6 disabled I will 
> let you know.
>
> Best regards.
>
> On Thu, Mar 23, 2017 at 11:19 AM, dan (ddp)  > wrote:
>
>> On Thu, Mar 23, 2017 at 1:08 PM, Eduardo Reichert Figueiredo
>> > wrote:
>> > Hi dan, i dont have ipv6 enabled in my system linux, so i dont have 
>> inet6 in
>> > my ifconfig configurations, only ipv4.
>> >
>> > This can caused for the problem?
>> >
>>
>> I think having ipv6 support is necessary now. You don't need to have
>> addresses or anything, but the facilities need to be available.
>>
>> > Em quarta-feira, 22 de março de 2017 20:30:08 UTC-3, dan (ddpbsd) 
>> escreveu:
>> >>
>> >> On Tue, Mar 21, 2017 at 10:46 AM, Eduardo Reichert Figueiredo
>> >>  wrote:
>> >> > When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) 
>> i
>> >> > have
>> >>
>> >> Is IPv6 totally disabled for your system (support for IPv6 was 
>> removed)?
>> >>
>> >> > a problem to ossec-remoted and ossec-auth, this services cant bind 
>> ports
>> >> > 1514, log error below.
>> >> > I generated my certificated with commands "openssl genrsa -out" and
>> >> > "openssl
>> >> > req -new -x509 -key ".
>> >> >
>> >> > ##Log OSSEC.LOG
>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'.
>> >> > 2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from:
>> >> > '0.0.0.0/0'
>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'.
>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port
>> >> > '1514'
>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port
>> >> > '514'
>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck scan
>> >> > (forwarding database).
>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck database
>> >> > (pre-scan).
>> >> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Starting ...
>> >> > 2017/03/21 11:35:47 ossec-authd: INFO: Started (pid: 24420).
>> >> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Returning CTX for server.
>> >> > 2017/03/21 11:35:47 getaddrinfo: Name or service not known
>> >> > 2017/03/21 11:35:47 ossec-authd: Unable to bind to port 1514
>> >> >
>> >> > in other cases for unable to bind port 1514, my error was my
>> >> > client.keys,
>> >> > but now i have a new error "getaddrinfo".
>> >> >
>> >> > Can you help me?
>> >> >
>> >> > Kind regards
>> >> >
>> >> > --
>> >> >
>> >> > ---
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "ossec-list" group.
>> >> > To unsubscribe from this group and stop receiving emails from it, 
>> send
>> >> > an
>> >> > email to ossec-list+...@googlegroups.com.
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google 
>> Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an
>> > email to ossec-list+...@googlegroups.com .
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Victor M. Fernandez-Castro
> IT Security Engineer
> Wazuh Inc.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-23 Thread Eduardo Reichert Figueiredo

Hi,
i will try enable this feature in my rhel, after test i notice you.

Thanks.

Em quinta-feira, 23 de março de 2017 15:37:50 UTC-3, Victor Fernandez 
escreveu:
>
> Hi Eduardo, 
>
> I agree with Dan, I tested OSSEC v2.9 on a clean CentOS 7 with your 
>  configuration and it worked. But when I disabled IPv6 I got the 
> same errors you have.
>
> Please try to enable IPv6 on the running system with:
>
> sysctl -w net.ipv6.conf.all.disable_ipv6=1
> sysctl -w net.ipv6.conf.default.disable_ipv6=1
>
>
> And try to start OSSEC. If it works, consider enabling IPv6 permanently by 
> editing file */etc/sysctl.conf*.
>
> Hope it help. If I find another way to run OSSEC with IPv6 disabled I will 
> let you know.
>
> Best regards.
>
> On Thu, Mar 23, 2017 at 11:19 AM, dan (ddp)  > wrote:
>
>> On Thu, Mar 23, 2017 at 1:08 PM, Eduardo Reichert Figueiredo
>> > wrote:
>> > Hi dan, i dont have ipv6 enabled in my system linux, so i dont have 
>> inet6 in
>> > my ifconfig configurations, only ipv4.
>> >
>> > This can caused for the problem?
>> >
>>
>> I think having ipv6 support is necessary now. You don't need to have
>> addresses or anything, but the facilities need to be available.
>>
>> > Em quarta-feira, 22 de março de 2017 20:30:08 UTC-3, dan (ddpbsd) 
>> escreveu:
>> >>
>> >> On Tue, Mar 21, 2017 at 10:46 AM, Eduardo Reichert Figueiredo
>> >>  wrote:
>> >> > When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) 
>> i
>> >> > have
>> >>
>> >> Is IPv6 totally disabled for your system (support for IPv6 was 
>> removed)?
>> >>
>> >> > a problem to ossec-remoted and ossec-auth, this services cant bind 
>> ports
>> >> > 1514, log error below.
>> >> > I generated my certificated with commands "openssl genrsa -out" and
>> >> > "openssl
>> >> > req -new -x509 -key ".
>> >> >
>> >> > ##Log OSSEC.LOG
>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'.
>> >> > 2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from:
>> >> > '0.0.0.0/0'
>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'.
>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port
>> >> > '1514'
>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port
>> >> > '514'
>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck scan
>> >> > (forwarding database).
>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck database
>> >> > (pre-scan).
>> >> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Starting ...
>> >> > 2017/03/21 11:35:47 ossec-authd: INFO: Started (pid: 24420).
>> >> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Returning CTX for server.
>> >> > 2017/03/21 11:35:47 getaddrinfo: Name or service not known
>> >> > 2017/03/21 11:35:47 ossec-authd: Unable to bind to port 1514
>> >> >
>> >> > in other cases for unable to bind port 1514, my error was my
>> >> > client.keys,
>> >> > but now i have a new error "getaddrinfo".
>> >> >
>> >> > Can you help me?
>> >> >
>> >> > Kind regards
>> >> >
>> >> > --
>> >> >
>> >> > ---
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "ossec-list" group.
>> >> > To unsubscribe from this group and stop receiving emails from it, 
>> send
>> >> > an
>> >> > email to ossec-list+...@googlegroups.com.
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google 
>> Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an
>> > email to ossec-list+...@googlegroups.com .
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Victor M. Fernandez-Castro
> IT Security Engineer
> Wazuh Inc.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-23 Thread Eduardo Reichert Figueiredo

Hi dan, i dont have ipv6 enabled in my system linux, so i dont have inet6 
in my ifconfig configurations, only ipv4.

This can caused for the problem?

Em quarta-feira, 22 de março de 2017 20:30:08 UTC-3, dan (ddpbsd) escreveu:
>
> On Tue, Mar 21, 2017 at 10:46 AM, Eduardo Reichert Figueiredo 
> > wrote: 
> > When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) i 
> have 
>
> Is IPv6 totally disabled for your system (support for IPv6 was removed)? 
>
> > a problem to ossec-remoted and ossec-auth, this services cant bind ports 
> > 1514, log error below. 
> > I generated my certificated with commands "openssl genrsa -out" and 
> "openssl 
> > req -new -x509 -key ". 
> > 
> > ##Log OSSEC.LOG 
> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'. 
> > 2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from: '
> 0.0.0.0/0' 
> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'. 
> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known 
> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known 
> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port 
> '1514' 
> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port 
> '514' 
> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck scan 
> > (forwarding database). 
> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck database 
> > (pre-scan). 
> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Starting ... 
> > 2017/03/21 11:35:47 ossec-authd: INFO: Started (pid: 24420). 
> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Returning CTX for server. 
> > 2017/03/21 11:35:47 getaddrinfo: Name or service not known 
> > 2017/03/21 11:35:47 ossec-authd: Unable to bind to port 1514 
> > 
> > in other cases for unable to bind port 1514, my error was my 
> client.keys, 
> > but now i have a new error "getaddrinfo". 
> > 
> > Can you help me? 
> > 
> > Kind regards 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-22 Thread Eduardo Reichert Figueiredo

Hi Victor, bellow my remote configurations in ossec.conf

 
syslog
0.0.0.0/0
  
  
secure
  

About command for run the proccess ossec-authd "/var/ossec/bin/ossec-authd 
-p 1514 >/dev/null 2>&1 &" but this process "exit" in seconds.
I try use 1514  but dont have success. 

Em terça-feira, 21 de março de 2017 15:15:26 UTC-3, Victor Fernandez 
escreveu:
>
> Hi Eduardo,
>
> It seems that the error from "getaddrinfo" does not show which process 
> logs it, but both remoted and authd processes are logging errors.
>
> Could you share your  configuration and the command that you use 
> to run ossec-authd? It could be very useful for us to help you.
>
> Best regards.
>
>
> On Tuesday, March 21, 2017 at 7:46:37 AM UTC-7, Eduardo Reichert 
> Figueiredo wrote:
>>
>> When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) i 
>> have a problem to ossec-remoted and ossec-auth, this services cant bind 
>> ports 1514, log error below.
>> I generated my certificated with commands "openssl genrsa -out" and 
>> "openssl req -new -x509 -key ".
>>
>> ##Log OSSEC.LOG
>> 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'.
>> 2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0
>> '
>> 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'.
>> 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>> 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>> 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
>> 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port '514'
>> 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck scan 
>> (forwarding database).
>> 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck database 
>> (pre-scan).
>> 2017/03/21 11:35:47 ossec-authd: DEBUG: Starting ...
>> 2017/03/21 11:35:47 ossec-authd: INFO: Started (pid: 24420).
>> 2017/03/21 11:35:47 ossec-authd: DEBUG: Returning CTX for server.
>> 2017/03/21 11:35:47 *getaddrinfo*: Name or service not known
>> 2017/03/21 11:35:47 ossec-authd: Unable to bind to port 1514
>>
>> in other cases for unable to bind port 1514, my error was my client.keys, 
>> but now i have a new error "getaddrinfo".
>>
>> Can you help me?
>>
>> Kind regards
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-22 Thread Eduardo Reichert Figueiredo

Hi Victor, bellow my remote configurations in ossec.conf

 
syslog
0.0.0.0/0
  
  
secure
  

About command for run the proccess ossec-authd "/var/ossec/bin/ossec-authd 
-p 1514 >/dev/null 2>&1 &" but this process "exit" in seconds.
I try use 1514  but dont have success. 


Em terça-feira, 21 de março de 2017 15:15:26 UTC-3, Victor Fernandez 
escreveu:
>
> Hi Eduardo,
>
> It seems that the error from "getaddrinfo" does not show which process 
> logs it, but both remoted and authd processes are logging errors.
>
> Could you share your  configuration and the command that you use 
> to run ossec-authd? It could be very useful for us to help you.
>
> Best regards.
>
>
> On Tuesday, March 21, 2017 at 7:46:37 AM UTC-7, Eduardo Reichert 
> Figueiredo wrote:
>>
>> When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) i 
>> have a problem to ossec-remoted and ossec-auth, this services cant bind 
>> ports 1514, log error below.
>> I generated my certificated with commands "openssl genrsa -out" and 
>> "openssl req -new -x509 -key ".
>>
>> ##Log OSSEC.LOG
>> 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'.
>> 2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0
>> '
>> 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'.
>> 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>> 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>> 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
>> 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port '514'
>> 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck scan 
>> (forwarding database).
>> 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck database 
>> (pre-scan).
>> 2017/03/21 11:35:47 ossec-authd: DEBUG: Starting ...
>> 2017/03/21 11:35:47 ossec-authd: INFO: Started (pid: 24420).
>> 2017/03/21 11:35:47 ossec-authd: DEBUG: Returning CTX for server.
>> 2017/03/21 11:35:47 *getaddrinfo*: Name or service not known
>> 2017/03/21 11:35:47 ossec-authd: Unable to bind to port 1514
>>
>> in other cases for unable to bind port 1514, my error was my client.keys, 
>> but now i have a new error "getaddrinfo".
>>
>> Can you help me?
>>
>> Kind regards
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: Agentless ssh monitoring fails to connect every time

2017-03-21 Thread Eduardo Reichert Figueiredo

Valid your  permissions to keys "id_rsa id_rsa.pub".


Em terça-feira, 21 de março de 2017 09:59:57 UTC-3, Kat escreveu:
>
> Hi,
>
> Could you post the log entries? Also, an ssh -vvv output would help to see 
> what is going on. It is clearly a connection problem, but hard to diagnose 
> based on what you have posted.
>
> Kat
>
> On Friday, March 17, 2017 at 10:20:58 PM UTC-5, Marcin Gołębiowski wrote:
>>
>> I can't seem to make the agentless monitoring to work. I added two remote 
>> boxes with /var/ossec/agentless/register_host.sh and configured 
>> paswordless connection generating ssh keys for user ossec. However after 
>> restarting ossec the connection to remote server fails every time. 
>> Ossec.log shows: ossec-agentlessd: ERROR: ssh_integrity_check_linux: 
>> us...@remote.server.pl: Public key authentication failed to host: 
>> us...@remote.server.pl. I tried to connect wit a password but this time 
>> I got timeout: ERROR: ssh_integrity_check_linux: u...@remote.server.pl: 
>> Timeout while connecting to host: us...@remote.server.pl. I checked 
>> .passlist file and passwords are correct. What is more - I am able to ssh 
>> to remote server using id_rsa generated for ossec user so theoretically 
>> ossec should connect with NOPASS option. But it doesn't. I am in the dark. 
>> Server is Ubuntu Server 16.04, OSSEC verson 2.8.3, expect installed, 
>> firewall disabled. Any ideas?
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

2017-03-21 Thread Eduardo Reichert Figueiredo

When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and address) i have 
a problem to ossec-remoted and ossec-auth, this services cant bind ports 
1514, log error below.
I generated my certificated with commands "openssl genrsa -out" and 
"openssl req -new -x509 -key ".

##Log OSSEC.LOG
2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'.
2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0'
2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'.
2017/03/21 11:34:34 getaddrinfo: Name or service not known
2017/03/21 11:34:34 getaddrinfo: Name or service not known
2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind port '514'
2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck scan 
(forwarding database).
2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck database 
(pre-scan).
2017/03/21 11:35:47 ossec-authd: DEBUG: Starting ...
2017/03/21 11:35:47 ossec-authd: INFO: Started (pid: 24420).
2017/03/21 11:35:47 ossec-authd: DEBUG: Returning CTX for server.
2017/03/21 11:35:47 *getaddrinfo*: Name or service not known
2017/03/21 11:35:47 ossec-authd: Unable to bind to port 1514

in other cases for unable to bind port 1514, my error was my client.keys, 
but now i have a new error "getaddrinfo".

Can you help me?

Kind regards

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

2017-03-16 Thread Eduardo Reichert Figueiredo

Hi Dan, i have success when run this command below.

# su  ossec -s /bin/bash -c 'cd /var/ossec && expect 
 agentless/ssh_generic_diff user_ossec@SERVIDOR-01 ls -lah'
Connection to SERVIDOR-01 closed.
INFO: Finished.

this log error in first post is only "expect" don't run this command?



Em quarta-feira, 15 de março de 2017 16:21:03 UTC-3, dan (ddpbsd) escreveu:
>
> On Mon, Mar 13, 2017 at 9:59 AM, Eduardo Reichert Figueiredo 
> > wrote: 
> > Dear all, 
> > i have the ERROR below in my ossec server, and not generated alerts from 
> > Linux (agentless) in ossec. 
> > I search more error similars in this foruns but i dont founded solution. 
> > 
> > Can you help me? 
> > 
> > 2017/03/13 10:42:35 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:42:35 ossec-agentlessd: ERROR: ssh_generic_diff: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 2017/03/13 10:52:01 ossec-agentlessd: DEBUG: buffer: spawn ssh 
> > ossec@SERVIDOR-01 
> > 2017/03/13 10:52:01 ossec-agentlessd: DEBUG: buffer: Last login: Mon Mar 
> 13 
> > 10:42:15 2017 from 192.168.140.84 
> > 2017/03/13 10:52:21 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:52:21 ossec-agentlessd: ERROR: ssh_integrity_check_linux: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 2017/03/13 10:52:22 ossec-agentlessd: DEBUG: buffer: spawn ssh 
> > ossec@SERVIDOR-01 
> > 2017/03/13 10:52:22 ossec-agentlessd: DEBUG: buffer: Last login: Mon Mar 
> 13 
> > 10:52:01 2017 from 192.168.140.84 
> > 2017/03/13 10:52:42 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:52:42 ossec-agentlessd: ERROR: ssh_generic_diff: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 
>
> Try running the script maually: 
> `cd /var/ossec && expect agentless/ssh_generic_diff AGENTLESSINFO ARGS` 
>
> Replace AGENTLESSINFO with the  information from your 
> ossec.conf, and ARGS with the  info. 
>
> > 
> > Kind regards 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

2017-03-16 Thread Eduardo Reichert Figueiredo

Hello Dan,
i try connect in my agentless, but i dont have success..

#su -s ossec -s /bin/bash -c 'cd /var/ossec && expect 
agentless/ssh_generic_diff user_ossec@SERVIDOR-01 ls -lt'
spawn ssh user_ossec@SERVIDOR-01
user_ossec@SERVIDOR-01's password:
ERROR: Public key authentication failed to host: user_ossec@SERVIDOR-01

but if i try connect in my agentless with command below, i have succes and 
access with key is functional
su - ossec -s /bin/bash -c 'ssh user_ossec@SERVIDOR-01 ls -lt'

You know this problem? Can be my spawn or expect?

Em quarta-feira, 15 de março de 2017 16:21:03 UTC-3, dan (ddpbsd) escreveu:
>
> On Mon, Mar 13, 2017 at 9:59 AM, Eduardo Reichert Figueiredo 
> > wrote: 
> > Dear all, 
> > i have the ERROR below in my ossec server, and not generated alerts from 
> > Linux (agentless) in ossec. 
> > I search more error similars in this foruns but i dont founded solution. 
> > 
> > Can you help me? 
> > 
> > 2017/03/13 10:42:35 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:42:35 ossec-agentlessd: ERROR: ssh_generic_diff: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 2017/03/13 10:52:01 ossec-agentlessd: DEBUG: buffer: spawn ssh 
> > ossec@SERVIDOR-01 
> > 2017/03/13 10:52:01 ossec-agentlessd: DEBUG: buffer: Last login: Mon Mar 
> 13 
> > 10:42:15 2017 from 192.168.140.84 
> > 2017/03/13 10:52:21 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:52:21 ossec-agentlessd: ERROR: ssh_integrity_check_linux: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 2017/03/13 10:52:22 ossec-agentlessd: DEBUG: buffer: spawn ssh 
> > ossec@SERVIDOR-01 
> > 2017/03/13 10:52:22 ossec-agentlessd: DEBUG: buffer: Last login: Mon Mar 
> 13 
> > 10:52:01 2017 from 192.168.140.84 
> > 2017/03/13 10:52:42 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:52:42 ossec-agentlessd: ERROR: ssh_generic_diff: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 
>
> Try running the script maually: 
> `cd /var/ossec && expect agentless/ssh_generic_diff AGENTLESSINFO ARGS` 
>
> Replace AGENTLESSINFO with the  information from your 
> ossec.conf, and ARGS with the  info. 
>
> > 
> > Kind regards 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

2017-03-16 Thread Eduardo Reichert Figueiredo

Hello Dan,
i try connect in my agentless, but i dont have success..

#su -s ossec -s /bin/bash -c 'cd /var/ossec && expect 
agentless/ssh_generic_diff user_ossec@SERVIDOR-01 ls -lt'
spawn ssh user_ossec@SERVIDOR-01
user_ossec@SERVIDOR-01's password:
ERROR: Public key authentication failed to host: user_ossec@SERVIDOR-01

but if i try connect in my agentless with command below, i have success and 
access with key is functional
su - ossec -s /bin/bash -c 'ssh svc_ossec@gn09 ls -lt'

You know this problem? Can be my spawn or expect?

Em quarta-feira, 15 de março de 2017 16:21:03 UTC-3, dan (ddpbsd) escreveu:
>
> On Mon, Mar 13, 2017 at 9:59 AM, Eduardo Reichert Figueiredo 
> > wrote: 
> > Dear all, 
> > i have the ERROR below in my ossec server, and not generated alerts from 
> > Linux (agentless) in ossec. 
> > I search more error similars in this foruns but i dont founded solution. 
> > 
> > Can you help me? 
> > 
> > 2017/03/13 10:42:35 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:42:35 ossec-agentlessd: ERROR: ssh_generic_diff: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 2017/03/13 10:52:01 ossec-agentlessd: DEBUG: buffer: spawn ssh 
> > ossec@SERVIDOR-01 
> > 2017/03/13 10:52:01 ossec-agentlessd: DEBUG: buffer: Last login: Mon Mar 
> 13 
> > 10:42:15 2017 from 192.168.140.84 
> > 2017/03/13 10:52:21 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:52:21 ossec-agentlessd: ERROR: ssh_integrity_check_linux: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 2017/03/13 10:52:22 ossec-agentlessd: DEBUG: buffer: spawn ssh 
> > ossec@SERVIDOR-01 
> > 2017/03/13 10:52:22 ossec-agentlessd: DEBUG: buffer: Last login: Mon Mar 
> 13 
> > 10:52:01 2017 from 192.168.140.84 
> > 2017/03/13 10:52:42 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 
> ~]$ 
> > 2017/03/13 10:52:42 ossec-agentlessd: ERROR: ssh_generic_diff: 
> > ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 . 
> > 
>
> Try running the script maually: 
> `cd /var/ossec && expect agentless/ssh_generic_diff AGENTLESSINFO ARGS` 
>
> Replace AGENTLESSINFO with the  information from your 
> ossec.conf, and ARGS with the  info. 
>
> > 
> > Kind regards 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

2017-03-13 Thread Eduardo Reichert Figueiredo

Dear all,
i have the ERROR below in my ossec server, and not generated alerts from 
Linux (agentless) in ossec.
I search more error similars in this foruns but i dont founded solution.

Can you help me?

2017/03/13 10:42:35 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 ~]$
2017/03/13 10:42:35 ossec-agentlessd: ERROR: ssh_generic_diff: 
ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 .
2017/03/13 10:52:01 ossec-agentlessd: DEBUG: buffer: spawn ssh 
ossec@SERVIDOR-01
2017/03/13 10:52:01 ossec-agentlessd: DEBUG: buffer: Last login: Mon Mar 13 
10:42:15 2017 from 192.168.140.84
2017/03/13 10:52:21 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 ~]$
2017/03/13 10:52:21 ossec-agentlessd: ERROR: ssh_integrity_check_linux: 
ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 .
2017/03/13 10:52:22 ossec-agentlessd: DEBUG: buffer: spawn ssh 
ossec@SERVIDOR-01
2017/03/13 10:52:22 ossec-agentlessd: DEBUG: buffer: Last login: Mon Mar 13 
10:52:01 2017 from 192.168.140.84
2017/03/13 10:52:42 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 ~]$
2017/03/13 10:52:42 ossec-agentlessd: ERROR: ssh_generic_diff: 
ossec@SERVIDOR-01: Timeout while connecting to host: ossec@SERVIDOR-01 .


Kind regards

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Developer ossec

2017-03-13 Thread Eduardo Reichert Figueiredo

Hi pedro,
thanks, i had doubt about where github is official for development, butok.
Thanks.

Em segunda-feira, 13 de março de 2017 09:44:00 UTC-3, Pedro Sanchez 
escreveu:
>
> Hi Eduardo,
>
> Yes, it is written in C.
>
> The project is totally open source, hosted in Github, you could send pull 
> requests with your improvements / fixes.
> Repository URL: https://github.com/ossec/ossec-hids
> In case you are not familiar Github, some docs about sending pull 
> requests: https://help.github.com/articles/creating-a-pull-request/, 
> https://yangsu.github.io/pull-request-tutorial/.
>
> Best regards,
> Pedro Sanchez.
>
> On Mon, Mar 13, 2017 at 12:23 PM, Eduardo Reichert Figueiredo <
> eduardo@hotmail.com > wrote:
>
>> Hi all, 
>> this ossec is writed in C, correct?
>>
>> how development/contribute to ossec with development in C (or other 
>> language)?
>>
>> Kind regards,
>>
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Developer ossec

2017-03-13 Thread Eduardo Reichert Figueiredo

Hi all, 
this ossec is writed in C, correct?

how development/contribute to ossec with development in C (or other 
language)?

Kind regards,


-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: Windows override Audit Events. Decoder

2017-03-06 Thread Eduardo Reichert Figueiredo

Hi all,
exist possiblity of write source ip address in eventos of integrity check? 
For the alert display real IP?

Em sexta-feira, 3 de março de 2017 15:55:14 UTC-3, dan (ddpbsd) escreveu:
>
> On Fri, Mar 3, 2017 at 3:04 AM, Casimiro > 
> wrote: 
> > I solve my problem with this solution 
> > 
> > 
> https://www.alienvault.com/forums/discussion/5962/ossec-plugin-modification 
> > 
> > 
> >  
> > windows 
> > ^WinEvtLog:  
> >  
> > 
> >  
> > windows 
> > windows 
> > ^\.+: (\w+)\((\d+)\): (\.+): 
>  
> > (\.+): \.+: (\S+):  
> > status, id, extra_data, srcuser, system_name 
> > name, location, user, system_name 
> >  
> >  
> >  
> > windows 
> > windows 
> > Client 
> > Address:\s*\t*(\d+.\d+.\d+.\d+) 
> > srcip 
> >  
> > 
>
> This looks similar to what's in MASTER. 
>
> > 
> > I'm trying other solution, but this don't parse well 
> > 
> >  
> > windows 
> > windows 
> > ^\.+: (\w+)\((675)\): 
> > ^\.+: (\w+)\((675)\): \.+: \.+: 
> \.+: 
> > (\S+): \.+: \.+: (\S+) 
> > status, id, system_name, srcuser 
> >  
> >  
> > windows 
> > windows 
> > Client Address: 
> > (\d+.\d+.\d+.\d+) 
> > srcip 
> >  
> > 
> > 
> > El jueves, 2 de marzo de 2017, 19:58:30 (UTC+1), dan (ddpbsd) escribió: 
> >> 
> >> It continues to work with a fresh install of MASTER 
> >> **Phase 1: Completed pre-decoding. 
> >>full event: 'Mar  2 17:36:50 ossec-test2 WinEvtLog: Security: 
> >> AUDIT_FAILURE(5152): Microsoft-Windows-Security-Auditing: (no user): 
> >> no domain: WK034.dom.com: The Windows Filtering Platform blocked a 
> >> packet. Application Information: Process ID: 0 Application Name: - 
> >> Network Information: Direction: %%14592 Source Address: 10.20.10.55 
> >> Source Port: 55666 Destination Address: 255.255.255.255 Destination 
> >> Port: 1234 Protocol: 17 Filter Information: Filter Run-Time ID: 70713 
> >> Layer Name: %%14597 Layer Run-Time ID: 13' 
> >>hostname: 'ossec-test2' 
> >>program_name: 'WinEvtLog' 
> >>log: 'Security: AUDIT_FAILURE(5152): 
> >> Microsoft-Windows-Security-Auditing: (no user): no domain: 
> >> WK034.dom.com: The Windows Filtering Platform blocked a packet. 
> >> Application Information: Process ID: 0 Application Name: - Network 
> >> Information: Direction: %%14592 Source Address: 10.20.10.55 Source 
> >> Port: 55666 Destination Address: 255.255.255.255 Destination Port: 
> >> 1234 Protocol: 17 Filter Information: Filter Run-Time ID: 70713 Layer 
> >> Name: %%14597 Layer Run-Time ID: 13' 
> >> 
> >> **Phase 2: Completed decoding. 
> >>decoder: 'windows' 
> >>status: 'AUDIT_FAILURE' 
> >>id: '5152' 
> >>extra_data: 'Microsoft-Windows-Security-Auditing' 
> >>dstuser: '(no user)' 
> >>system_name: 'WK034.dom.com' 
> >>srcip: '10.20.10.55' 
> >> 
> >> **Phase 3: Completed filtering (rules). 
> >>Rule id: '18105' 
> >>Level: '4' 
> >>Description: 'Windows audit failure event.' 
> >> **Alert to be generated. 
> >> 
> >> On Thu, Mar 2, 2017 at 12:32 PM, dan (ddp)  wrote: 
> >> > On Thu, Mar 2, 2017 at 6:41 AM, Casimiro  wrote: 
> >> >> Thanks. 
> >> >> But don't work. It only decode srcip field. Attach the output: 
> >> >> 
> >> >> **Phase 1: Completed pre-decoding. 
> >> >>full event: 'WinEvtLog: Security: AUDIT_FAILURE(5152): 
> >> >> Microsoft-Windows-Security-Auditing: (no user): no domain: 
> >> >> WK034.dom.com: 
> >> >> The Windows Filtering Platform blocked a packet. Application 
> >> >> Information: 
> >> >> Process ID: 0 Application Name: - Network Information: Direction: 
> >> >> %%14592 
> >> >> Source Address: 10.20.10.55 Source Port: 55666 Destination Address: 
> >> >> 255.255.255.255 Destination Port: 1234 Protocol: 17 Filter 
> Information: 
> >> >> Filter Run-Time ID: 70713 Layer Name: %%14597 Layer Run-Time ID: 13' 
> >> >>hostname: 'USMCyberRange' 
> >> >>program_name: '(null)' 
> >> >>log: 'WinEvtLog: Security: AUDIT_FAILURE(5152): 
> >> >> Microsoft-Windows-Security-Auditing: (no user): no domain: 
> >> >> WK34.dom.com: The 
> >> >> Windows Filtering Platform blocked a packet. Application 
> Information: 
> >> >> Process ID: 0 Application Name: - Network Information: Direction: 
> >> >> %%14592 
> >> >> Source Address: 10.20.10.55 Source Port: 55666 Destination Address: 
> >> >> 255.255.255.255 Destination Port: 1234 Protocol: 17 Filter 
> Information: 
> >> >> Filter Run-Time ID: 70713 Layer Name: %%14597 Layer Run-Time ID: 13' 
> >> >> 
> >> >> **Phase 2: Completed decoding. 
> >> >>decoder: 'windows' 
> >> >>srcip: '10.20.10.55' 
> >> >> 
> >> >> **Rule debugging: 
> >> >> Trying rule: 6 - Generic template for all windows rules. 
> >> >>*Rule 6 matched. 
> >> >>*Trying child rules. 
> >> >> Trying rule: 7301 - Grouping of Syman

[ossec-list] ossec-logcollector: socketerr (not available).

2017-03-06 Thread Eduardo Reichert Figueiredo

Dear all,
my ossec dont list agentless servers with command "agent_control -l" and in 
my ossec.log i have log below.

2017/03/06 11:27:54 ossec-logcollector: socketerr (not available).
2017/03/06 11:30:04 ossec-logcollector: socketerr (not available).
2017/03/06 11:32:14 ossec-logcollector: socketerr (not available).
2017/03/06 11:34:24 ossec-logcollector: socketerr (not available).
2017/03/06 11:36:34 ossec-logcollector: socketerr (not available).
2017/03/06 11:36:40 ossec-logcollector: DEBUG: Starting ...
2017/03/06 11:38:44 ossec-logcollector: socketerr (not available).

Can help me?

Kind regards

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: Is OSSEC 2.9.0 officially released?

2017-03-06 Thread Eduardo Reichert Figueiredo

i dont know, but good question...

Em segunda-feira, 6 de março de 2017 11:01:32 UTC-3, Kat escreveu:
>
> Hi all,
>
> It seems to me that 2.9.0 is released - at least no more RC# after the 
> last one. My question is, is this the case, and if so, could the website be 
> updated to reflect it? According t the github release is with 25 days ago, 
> but website still indicated 2.8.3?
>
> Thanks
> Kat
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2017-03-06 Thread Eduardo Reichert Figueiredo

Hi,
my problem is keys of agents, now are ok.

Thanks!!

Em sábado, 4 de março de 2017 18:33:43 UTC-3, dan (ddpbsd) escreveu:
>
> On Sat, Mar 4, 2017 at 2:36 PM, Eduardo Reichert Figueiredo 
> > wrote: 
> > Hi All, 
> > i killed de process and take command "ossec-control start" and the 
> process 
> > of remoted stay up. 
> > But my agents "Windows" display "never connected" but the port 1514 stay 
> up 
> > and with tcpdump i see my agents send logs to server. 
> > 
> > strange... 
> > 
>
> Is there anything in the ossec.log on the server? 
> If not, try enabling debug on the server and check again: 
> `/var/ossec/bin/ossec-control enable debug && 
> /var/ossec/bin/ossec-control restart` 
>
> > Em quarta-feira, 1 de março de 2017 15:37:55 UTC-3, dan (ddpbsd) 
> escreveu: 
> >> 
> >> On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo 
> >>  wrote: 
> >> > Port 1514 is already, i received UPD packets (validated with 
> tcpdump), 
> >> > ossec 
> >> > is running (monitord, logcollector, syscheck, analysisd), only 
> remoted 
> >> > not 
> >> > running, but remoted is displayed for port 1514 (netstat -vandup). 
> >> > 
> >> 
> >> Shutdown ossec: 
> >> `/var/ossec/bin/ossec-control stop` 
> >> 
> >> Make sure no processes are still running: 
> >> `ps auxww | grep ossec` 
> >> 
> >> If there are any running processes still, kill them manually. 
> >> Try starting OSSEC again: 
> >> `/var/ossec/bin/ossec-control start` 
> >> 
> >> If that doesn't help, can you provide the  configuration? 
> >> 
> >> > Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen 
> >> > escreveu: 
> >> >> 
> >> >> Is something runnin on port 1514 already? or ossec already running? 
> >> >> 
> >> >> Eero 
> >> >> 
> >> >> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo 
> >> >> : 
> >> >>> 
> >> >>> Dear All, 
> >> >>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted 
> >> >>> not 
> >> >>> running, i do troubleshooting with commands bellow: 
> >> >>> #gdb /var/ossec-2.9/bin/ossec-remoted 
> >> >>> ###RESULT### 
> >> >>> <http://www.gnu.org/software/gdb/bugs/>... 
> >> >>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no 
> debugging 
> >> >>> symbols found)...done. 
> >> >>> (gdb) set follow-fork-mode child 
> >> >>> (gdb) run -df 
> >> >>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df 
> >> >>> [Thread debugging using libthread_db enabled] 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ... 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290). 
> >> >>> [New process 88293] 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'. 
> >> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
> >> >>> '1514' 
> >> >>> [Thread debugging using libthread_db enabled] 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'. 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: 
> >> >>> '0.0.0.0/0' 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: 
> >> >>> '0.0.0.0/0' 
> >> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
> >> >>> '1514' 
> >> >>> 
> >> >>> Program exited with code 01. 
> >> >>> Missing separate debuginfos, use: debuginfo-install 
> >> >>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 
> >> >>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 
> >> >>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 
> >> >>> zlib-1.2.3-29.el6.x86_64 
> >> >>> (gdb) Q 
> >> >>> 
> >> >>> Can you help me? 
> >> >>> 
> >> >>> -- 
> >> >>> 
> >> >>> --- 
> >> >>> You received this message because you are subscribed to the Google 
> >> >>> Groups 
> >> >>> "ossec-list" group. 
> >> >>> To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> >>> an 
> >> >>> email to ossec-list+...@googlegroups.com. 
> >> >>> For more options, visit https://groups.google.com/d/optout. 
> >> >> 
> >> >> 
> >> > -- 
> >> > 
> >> > --- 
> >> > You received this message because you are subscribed to the Google 
> >> > Groups 
> >> > "ossec-list" group. 
> >> > To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> > an 
> >> > email to ossec-list+...@googlegroups.com. 
> >> > For more options, visit https://groups.google.com/d/optout. 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2017-03-04 Thread Eduardo Reichert Figueiredo

Hi All, 
i killed de process and take command "ossec-control start" and the process 
of remoted stay up.
But my agents "Windows" display "never connected" but the port 1514 stay up 
and with tcpdump i see my agents send logs to server.

strange...

Em quarta-feira, 1 de março de 2017 15:37:55 UTC-3, dan (ddpbsd) escreveu:
>
> On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo 
> > wrote: 
> > Port 1514 is already, i received UPD packets (validated with tcpdump), 
> ossec 
> > is running (monitord, logcollector, syscheck, analysisd), only remoted 
> not 
> > running, but remoted is displayed for port 1514 (netstat -vandup). 
> > 
>
> Shutdown ossec: 
> `/var/ossec/bin/ossec-control stop` 
>
> Make sure no processes are still running: 
> `ps auxww | grep ossec` 
>
> If there are any running processes still, kill them manually. 
> Try starting OSSEC again: 
> `/var/ossec/bin/ossec-control start` 
>
> If that doesn't help, can you provide the  configuration? 
>
> > Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen 
> escreveu: 
> >> 
> >> Is something runnin on port 1514 already? or ossec already running? 
> >> 
> >> Eero 
> >> 
> >> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo 
> >> : 
> >>> 
> >>> Dear All, 
> >>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted 
> not 
> >>> running, i do troubleshooting with commands bellow: 
> >>> #gdb /var/ossec-2.9/bin/ossec-remoted 
> >>> ###RESULT### 
> >>> <http://www.gnu.org/software/gdb/bugs/>... 
> >>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging 
> >>> symbols found)...done. 
> >>> (gdb) set follow-fork-mode child 
> >>> (gdb) run -df 
> >>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df 
> >>> [Thread debugging using libthread_db enabled] 
> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ... 
> >>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290). 
> >>> [New process 88293] 
> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'. 
> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
> >>> '1514' 
> >>> [Thread debugging using libthread_db enabled] 
> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'. 
> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: 
> >>> '0.0.0.0/0' 
> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: 
> >>> '0.0.0.0/0' 
> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
> >>> '1514' 
> >>> 
> >>> Program exited with code 01. 
> >>> Missing separate debuginfos, use: debuginfo-install 
> >>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 
> >>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 
> >>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 
> >>> zlib-1.2.3-29.el6.x86_64 
> >>> (gdb) Q 
> >>> 
> >>> Can you help me? 
> >>> 
> >>> -- 
> >>> 
> >>> --- 
> >>> You received this message because you are subscribed to the Google 
> Groups 
> >>> "ossec-list" group. 
> >>> To unsubscribe from this group and stop receiving emails from it, send 
> an 
> >>> email to ossec-list+...@googlegroups.com. 
> >>> For more options, visit https://groups.google.com/d/optout. 
> >> 
> >> 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2017-03-01 Thread Eduardo Reichert Figueiredo

Port 1514 is already, i received UPD packets (validated with tcpdump), 
ossec is running (monitord, logcollector, syscheck, analysisd), only 
remoted not running, but remoted is displayed for port 1514 (netstat 
-vandup).

Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen escreveu:
>
> Is something runnin on port 1514 already? or ossec already running?
>
> Eero
>
> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo <
> eduardo@hotmail.com >:
>
>> Dear All,
>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted not 
>> running, i do troubleshooting with commands bellow:
>> #gdb /var/ossec-2.9/bin/ossec-remoted
>> ###RESULT###
>> <http://www.gnu.org/software/gdb/bugs/>...
>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging 
>> symbols found)...done.
>> (gdb) set follow-fork-mode child
>> (gdb) run -df
>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df
>> [Thread debugging using libthread_db enabled]
>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ...
>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290).
>> [New process 88293]
>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'.
>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
>> [Thread debugging using libthread_db enabled]
>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'.
>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0
>> '
>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0
>> '
>> *2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
>> '1514'*
>>
>> Program exited with code 01.
>> Missing separate debuginfos, use: debuginfo-install 
>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 
>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 
>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 
>> zlib-1.2.3-29.el6.x86_64
>> (gdb) Q
>>
>> Can you help me?
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] ossec-remoted not running

2017-03-01 Thread Eduardo Reichert Figueiredo

Dear All,
i doing installing ossec server in RHEL 6.8, but just ossec-remoted not 
running, i do troubleshooting with commands bellow:
#gdb /var/ossec-2.9/bin/ossec-remoted
###RESULT###
...
Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging 
symbols found)...done.
(gdb) set follow-fork-mode child
(gdb) run -df
Starting program: /var/ossec-2.9/bin/ossec-remoted -df
[Thread debugging using libthread_db enabled]
2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ...
2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290).
[New process 88293]
2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'.
2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
[Thread debugging using libthread_db enabled]
2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'.
2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0'
2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0'
*2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port '1514'*

Program exited with code 01.
Missing separate debuginfos, use: debuginfo-install 
glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 
krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 
libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 
zlib-1.2.3-29.el6.x86_64
(gdb) Q

Can you help me?

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Agent with ip of network

2017-02-16 Thread Eduardo Reichert Figueiredo

Hi all,
i tested ossec with agents (windows) set ip 10.10.10.0/24, and alway 
computer within network response with your log (file integrity, evnt vwr).
But, when i have alert of integrity file (syscheck) my alert not display 
the hostname of windows and only dispaly name of agent before configured 
(this is default ok)

So, how i can change my rule in windows, for this log of syschek display 
hostname of S.O and not dispaly of Agent OSSEC.

Also, in agentless for monitoring Linux, too is interesting adding hostname 
in log of syscheck.

How anyone done this?


Ex - Default:
2010 Jan 04 10:13:58,0 - C:\WINDOWS\system32\drivers\etc\*Hostss* 
File changed. - 1st time modified.
Integrity checking values:
   Size: >28050
   Perm: rw-r--r--
   Uid:  0
   Gid:  0
   Md5:  >50da55def41bcede7d42ac5ee8fe12c9
   Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef

What i want will take:

2010 Jan 05 10:11:58,0 - C:\WINDOWS\system32\drivers\etc\*Hostss* 
File changed. - 1st time modified.
Integrity checking values:
   Hostname: myWinFileServer
   Size: >28050
   Perm: rw-r--r--
   Uid:  0
   Gid:  0
   Md5:  >50da55def41bcede7d42ac5ee8fe12c9
   Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] AGENT WINDOWS 2012 R2 NOT COMUNICATE WITH OSSEC SERVER

2016-09-29 Thread Eduardo Reichert Figueiredo

Hi,
i have a serious problem with ossec. Windows 2012 r2 servers not comunicate 
with ossec server. I am use ossec  just integrity check, only! So i need 
that my agent to send logs of syscheck for ossec server, only, but is not 
ok. I viewed many foruns about this, but i dont found solution.

- Client.keys OK
- Agent Windows send logs for OSSEC server OK
- OSSEC proccess running OK

The ossec not created automatically file in /var/ossec/queue/syscheck

Can someone help me?

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: Unable to connect to remoted

2016-09-29 Thread Eduardo Reichert Figueiredo

you have a solution for this?

Em segunda-feira, 30 de abril de 2012 04:52:29 UTC-3, Mike Sievers escreveu:
>
> Hi List,
>
> I am always getting the following error:
>
> agent_control -r -a
> 2012/04/30 09:44:19 agent_control(1210): ERROR: Queue '/queue/alerts/ar' 
> not accessible: 'Queue not found'.
>
> 2012/04/30 09:44:34 agent_control(1301): ERROR: Unable to connect to 
> active response queue.
>
> ** Unable to connect to remoted.
>
> What could it be? It is the newest version running in linux. Inst type is 
> local.
>
> ???
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

[ossec-list] Re: install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

[ossec-list] Re: install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

[ossec-list] Re: Agentless ssh monitoring fails to connect every time

[ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

[ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

Re: [ossec-list] Developer ossec

[ossec-list] Developer ossec

Re: [ossec-list] Re: Windows override Audit Events. Decoder

[ossec-list] ossec-logcollector: socketerr (not available).

[ossec-list] Re: Is OSSEC 2.9.0 officially released?

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

[ossec-list] ossec-remoted not running

[ossec-list] Agent with ip of network

[ossec-list] AGENT WINDOWS 2012 R2 NOT COMUNICATE WITH OSSEC SERVER

[ossec-list] Re: Unable to connect to remoted

24 matches

Site Navigation

Mail list logo

Footer information