Looks like you are using the Sun Studio compiler instead of gcc which
may have different arguments for displaying all warnings. Perhaps
point cc to gcc and try again.
Haz
On 11/19/08, Thomas K. Rosin <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I tried to compile ossec-1.6 (not 1.6.1.) on this sol
Hi,
Does the current version of Ossec support or read the logs coming from
Cisco Advance Inspection Module logs. This is the module you're going to
insert in the Cisco ASA. Cisco MARS communicate this device using SDEE
protocol. Does Ossec support SDEE protocol?
Please help me, need to thro
Nice ! I needed that...
thankĀ“s
2008/11/19 Daniel Cid <[EMAIL PROTECTED]>:
>
> Hi Martin,
>
> It seems that you want some kind of reporting, instead of rule. Have
> you tried the ossec_report tool in
> the contrib directory? For example, if you want to get a list of all
> the user names that fail
I get a permission denied when running this? Any thoughts:
cat /var/ossec/logs/alerts/2008/Nov/ossec-alerts-20.log |grep -E
"\*\*.*authentication_failed" -A 6 | ./ossec_report_contrib.pl -t user
i get::: -bash: /var/ossec/logs/alerts/2008/Nov/ossec-alerts-20.log: Permission
denied
- Derek M
I saw some time ago that there is a relation between active-
responses.log and alerts.log by alert id. But the alert ids listed at
active-responses.log differs from alerts ids from alerts.log. By
example. this active response:
Thu Nov 20 15:17:46 CET 2008 /var/ossec/active-response/bin/host-
deny
Does the user running the command have read permission for the log file? Sounds
like the problem to me.
Jon
On Thu, Nov 20, 2008 at 08:00:32AM -0500, Derek J. Morris wrote:
>
> I get a permission denied when running this? Any thoughts:
>
> cat /var/ossec/logs/alerts/2008/Nov/ossec-alerts-20.lo
Also, I don't know if this still applies to the current version, but in
previous versions you needed to have the SUNWxcu4 package installed.
To see if you have it installed run:
pkginfo | grep SUNWxcu4
Fletch Hasues wrote:
> Looks like you are using the Sun Studio compiler instead of gcc which
So far, I have been unimpressed with the WUI and decided to use Splunk
as the interface to OSSEC. If you don't know what Splunk is, head to
www.splunk.com and check it out. It's a fantastic product for
correlating log data, and there's a free version that's perfect for
the volume of data output
I use OSSEC and splunk and find the output quite readable. The difference
being is that I use the OSSEC server to send syslog to the splunk server rather
than having it parse the files. For the few servers that I have been testing
OSSEC on (about 10), the output has been easy to parse for the
How do you get Splunk to parse the "categories" like
local,windows,authentication_failure, etc? I wrote a report
transform, but because there's no defined structure to these tags I
can't quite get all the information I want.
I'm looking for automatic event tagging using the OSSEC tags, but
can't
10 matches
Mail list logo