Re: [ossec-list] Re: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'

2020-06-22 Thread Zach Vanderbilt 
https://ossec-docs.readthedocs.io/en/latest/docs/faq/unexpected.html#what-does-1210-queue-not-accessible-mean

On Mon, Jun 22, 2020 at 9:40 AM Kerin Shah  wrote:

>
>
> On Monday, June 22, 2020 at 11:34:05 AM UTC-5, Kerin Shah wrote:
>>
>> Hi OSSEC- group,
>>
>> I have already set up the OSSEC and it was working fine for a long time
>> but I am not sure suddenly all the process of ossec were killed and when I
>> tried starting the services using: ./ossec-control start, it shows
>> following error:
>>
>>
>>
>> Can anyone help me with this?
>>
>> Thank you.
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/ff76d848-3325-41fa-9cb5-f35b32b41df9o%40googlegroups.com
> 
> .
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAPR9YNR1JM-%3DXThOLTDWLf1A%3Dthi5eo1-N00MyFPuDtf6YpF7w%40mail.gmail.com.

Re: [EXTERNAL] [ossec-list] Unable to install OSSEC Agent

2020-04-20 Thread Zach Vanderbilt 
Hey Andy,

You need to either need to rerun the install.sh with "PCRE2_SYSTEM=yes
./install.sh" or you can edit the makefile in /src. Since the build is
failing on that library already you probably just need to cd /src and "make
clean" and then reattempt installation. You could also delete the directory
you got after decompressing the tarball, decompress it again and then run
the installer.

Hope this helps!

On Mon, Apr 20, 2020 at 1:22 PM Andy  wrote:

> Where do I add this variable?
>
> On Monday, April 20, 2020 at 2:19:21 PM UTC-4, Vicente Munoz wrote:
>>
>> If I’m not mistaken you have to add the following variable before being
>> able to compile OSSEC in newer versions:
>>
>>
>>
>> PCRE2_SYSTEM=*yes*
>>
>>
>>
>> VR,
>>
>> *Vicente Muñoz (ACSE)*
>>
>> *From:* ossec...@googlegroups.com  *On Behalf
>> Of *Andy
>> *Sent:* Monday, April 20, 2020 11:10 AM
>> *To:* ossec-list 
>> *Subject:* [EXTERNAL] [ossec-list] Unable to install OSSEC Agent
>>
>>
>>
>> I am unable to install the ossec agent on a centos 7 server.  I get this
>> error:
>>
>> In file included from ./headers/shared.h:215:0,
>>
>>  from client-agent/sendmsg.c:10:
>>
>> ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such file or
>> directory
>>
>>  #include 
>>
>>
>> After installing pcre-devel, it still fails with this error.
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ossec...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com
>> 
>> .
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/c7fed188-a884-40cb-94be-59d01f2878df%40googlegroups.com
> 
> .
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAPR9YNRGvi3fmW%2BTQ2FnUGr1mYMVBmYgw6EYD84mC0kN%2B%2B_xBw%40mail.gmail.com.

Re: [ossec-list] Re: Stop alerting

2020-04-02 Thread Zach Vanderbilt 
There is no easy way to do this currently (
https://www.ossec.net/docs/manual/syscheck/index.html#how-do-i-stop-syscheck-alerts-during-system-updates
)

In the future you may be able to pull down the checksums for all package
updates listed in repodata (on at least rpm distros) and then use a list to
ignore changes matching those checksums.

On Thu, Apr 2, 2020 at 11:43 AM Carlos Islas 
wrote:

> Hello
>
> Somebody have any suggestion?
>
> El miércoles, 1 de abril de 2020, 8:12:08 (UTC-6), Carlos Islas escribió:
>>
>> Good day community.
>>
>> I need to stop the alerts for specific hosts , for example when we update
>> the OS or when we made maintenance window. How can we do that? I don't know
>> if I explain :)
>>
>> I appreciate your help
>>
>> Regards
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/e4bd7428-9571-479e-9ab4-aef559fdfcd9%40googlegroups.com
> 
> .
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAPR9YNQr23j-5HP2sjR_F9ZhDA4WaLuu1CjZRS-J4JFsKdigQA%40mail.gmail.com.

Re: [ossec-list] ossec-Maild CPU Usage 95% +

2020-04-01 Thread Zach Vanderbilt 
What is your mail server doing? Is that responding okay? You could try
running ossec-maild in the foreground with the debug flag ( -d) to see if
anything interesting appears.

On Wed, Apr 1, 2020 at 9:58 AM SHADO  wrote:

> Hi!
>
> Did a new install on Ubuntu 18.04 LTS and ossec-Maild is hogging the CPU.
>
>
> ossecmPID 1 78 Mar31 ?07:34:06 /var/ossec/bin/ossec-maild
>
>
>  PID USERPRI   NI  VIRT   RESSHR   S  CPU%  MEM%   TIME+
> Command
> PID ossecm 20   0 24756  2768  2512 R 96.0  0.0  7h38:20 /var/ossec/
> bin/ossec-maild
>
>
>
>
> Have stopped and restart.
>
>
> Have rebooted.
>
>
> CPU is low until ossec-maild kicks off.
>
>
>
> Suggestions?
>
>
> Regards
>
> SHADO
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/460a4b27-be7c-4c84-af3a-e1eaed037372%40googlegroups.com
> 
> .
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAPR9YNTK9nDkBL7xA%3D5U8er7nL%2BbHFdjbP62HNuxw3e5tvb9wg%40mail.gmail.com.