subject:"\[ossec\-list\] Agent with ip of network"

Re: [ossec-list] Agent with ip of network

2017-02-16 Thread dan (ddp)

On Thu, Feb 16, 2017 at 11:57 AM, Eduardo Reichert Figueiredo
 wrote:
> Hi all,
> i tested ossec with agents (windows) set ip 10.10.10.0/24, and alway
> computer within network response with your log (file integrity, evnt vwr).
> But, when i have alert of integrity file (syscheck) my alert not display the
> hostname of windows and only dispaly name of agent before configured (this
> is default ok)
>
> So, how i can change my rule in windows, for this log of syschek display
> hostname of S.O and not dispaly of Agent OSSEC.
>
> Also, in agentless for monitoring Linux, too is interesting adding hostname
> in log of syscheck.
>
> How anyone done this?
>
>
> Ex - Default:
> 2010 Jan 04 10:13:58,0 - C:\WINDOWS\system32\drivers\etc\Hostss
> File changed. - 1st time modified.
> Integrity checking values:
>Size: >28050
>Perm: rw-r--r--
>Uid:  0
>Gid:  0
>Md5:  >50da55def41bcede7d42ac5ee8fe12c9
>Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef
>
> What i want will take:
>
> 2010 Jan 05 10:11:58,0 - C:\WINDOWS\system32\drivers\etc\Hostss
> File changed. - 1st time modified.
> Integrity checking values:
>Hostname: myWinFileServer
>Size: >28050
>Perm: rw-r--r--
>Uid:  0
>Gid:  0
>Md5:  >50da55def41bcede7d42ac5ee8fe12c9
>Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef
>

You'll have to modify the source. OSSEC generally doesn't care about
the hostname, just the agent name.

> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Agent with ip of network

2017-02-16 Thread Eduardo Reichert Figueiredo

Hi all,
i tested ossec with agents (windows) set ip 10.10.10.0/24, and alway 
computer within network response with your log (file integrity, evnt vwr).
But, when i have alert of integrity file (syscheck) my alert not display 
the hostname of windows and only dispaly name of agent before configured 
(this is default ok)

So, how i can change my rule in windows, for this log of syschek display 
hostname of S.O and not dispaly of Agent OSSEC.

Also, in agentless for monitoring Linux, too is interesting adding hostname 
in log of syscheck.

How anyone done this?


Ex - Default:
2010 Jan 04 10:13:58,0 - C:\WINDOWS\system32\drivers\etc\*Hostss* 
File changed. - 1st time modified.
Integrity checking values:
   Size: >28050
   Perm: rw-r--r--
   Uid:  0
   Gid:  0
   Md5:  >50da55def41bcede7d42ac5ee8fe12c9
   Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef

What i want will take:

2010 Jan 05 10:11:58,0 - C:\WINDOWS\system32\drivers\etc\*Hostss* 
File changed. - 1st time modified.
Integrity checking values:
   Hostname: myWinFileServer
   Size: >28050
   Perm: rw-r--r--
   Uid:  0
   Gid:  0
   Md5:  >50da55def41bcede7d42ac5ee8fe12c9
   Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Agent with ip of network

[ossec-list] Agent with ip of network

2 matches

Site Navigation

Mail list logo

Footer information