Re: [ossec-list] db support for ossec

Did you recompile ossec? Did you run "make setdb" in the src directory before running install.sh? What isn't working? On Thu, Jun 10, 2010 at 1:52 PM, uifjlh wrote: > I'm backtracking to get db support for my OSSEC install ... and it's > not working :( > > I'm using Ubuntu 10.04, and OSSEC 2.4.1.

[ossec-list] Re: ossec logs redirect to local syslog

Thats what I am afraid of. Another questions, if I forward the ossec logs to a remote syslog host, does it still keep the local logs or does it stop logging locally and send everything wholesale to the remote syslog? On Jun 10, 3:56 pm, "dan (ddp)" wrote: > You could setup rsyslog to listen for u

[ossec-list] Re: How do you force the OSSEC agent to use a particular network interface

Hello, I have no socket programming experience, but I have been doing some digging: 1. ../src/config/client-config allows for an element within the element in the agent ossec.conf called local_ip. I have tried adding local_ip to the ossec.conf file but the agent doesn't bind to that address. W

Re: [ossec-list] repomd.xml

Hi Antony, This appears to be a RedHat box of some kind (RHEL/CentOS/Fedora). Check the yum repositories that are configured in /etc/yum.repos.d/ and verify that the host can access them. Thanks, -- Doug Burks, GPEN, GCIA, GSEC, CISSP http://securityonion.blogspot.com On Thu, Jun 10, 2010 at 1:

RE: [ossec-list] ossec logs redirect to local syslog

It will log in both places. Sent from my Nokia phone -Original Message- From: Ali Sent: 06/11/2010 5:29:50 AM Subject: [ossec-list] Re: ossec logs redirect to local syslog Thats what I am afraid of. Another questions, if I forward the ossec logs to a remote syslog host, does it still ke

[ossec-list] alerts_new_files not working as expected

I have added the following to the ossec.conf on the server. (using client / server setup) 79200 yes no /etc,/usr/bin,/usr/sbin /bin,/sbin /Data When I add a new file to the /Data directory (on another drive added via fstab) does not alert until next rootcheck. M

[ossec-list] Re: Agent Version

I downloaded and installed the latest code from the ossec.net site and it still shows 2.3 when queried from the OSSEC server. It looks like an typo in the code reporting the version to the server. the ossec- init.conf file and start/stop commands have the correct version (2.4 still). Thanks, Anto

[ossec-list] Re: Questions about agent.conf

I see the files/directories that are being monitored logged in the ossec.log file. It also reports about duplicate entries between ossec.conf and agent.conf entries. It doesn't log the 'ignore' entries though. It will be good if this can be added to the log during the agent start up. Thanks, Ant

[ossec-list] Re: repomd.xml

Hi Doug, You are right! This is a RHEL box and it looks like the YUM repository configuration is broken. This is not related to OSSEC. Thanks for the information. Thanks, Antony.

[ossec-list] Re: OSSEC.conf

I haven't tried it yet. I will experiment with this next week.

[ossec-list] Re: decoder.xml bug: decoder name="ssh-reverse-mapping"

Dan, That "W" in your decoder should be a "w". Other than that, your decoder works for all of our environments (Redhat, Solaris, SuSE & Mac). Cheers! Trevor On Jun 9, 3:35 pm, "dan (ddp)" wrote: > Thanks for pointing that out. I've submitted a couple of fixes > (including an addition similar t