Thank you the tutorial is unfortunately very small.
Do you know in which file I have to configure this ? (its not mentioned)
And what is the commend to filter per host ? ( on the tuto only rule_id,
format and level are mentioned as filter)
Thank you again ! :)
On 24 June 2010 00:56, Nerijus
Great, thanks for the advice, the ignore rules seem to be working now.
since your email is the one in the
global
email_notification
you will get all emails being sent out by the ossec .
Change that setting to a different email and then you will only get the
emails for the level you specified in the second definition.
Assaf
Vlad wrote:
Thanks, but have
sudo generally logs in syslog format. You'd probably want:
localfile
log_formatsyslog/log_format
location/var/adm/sudo.log/location
/localfile
If that doesn't seem to work, post a couple of entried from sudo.log.
You can also run the log entries from sudo.log through ossec-logtest
to see how
On Tue, Jun 22, 2010 at 2:46 PM, Richard Geddes rged...@bluegolf.com wrote:
Hello,
The OSSEC PCI Solution pdf says that ossec can help with, among other
sections, section 10.5.
From PCI:
10.5.5 Use file-integrity monitoring or change-detection software on logs
to ensure that existing log
Do you get all level 2 alerts, or only the ones where the rule
specifies that it will send an email?
On Wed, Jun 23, 2010 at 9:33 AM, Vlad theli...@optusnet.com.au wrote:
Thanks, but have set the level to 3 and still get level 2 alerts.
Cheers,
Leo
On Apr 11, 7:31 pm, Paul Southerington sout...@gmail.com wrote:
snip
I've actually been considering making it do that out-of-the-box. If other
people want that, please let me know.
Right now, you can search on 'reporting_host' instead, or you can try the
following. I haven't really tested
After upgrading my server to OSSEC Version 2.4.1, the ossec-maild daemon
dies frequently each day. Nothing else I am aware of in my system has
changed. Is anyone else experiencing ossec-maild dying? Is there a solution
to this problem you are aware of?
Thanks,
Gil Vidals
VM Racks - ESX Hosting
Hello,
My organization is currently under an ssh brute force attack (over a
week in duration, so far). We are encountering a problem with the
firewall-drop.sh script and iptables under RHE and SuSE.
First, we have increased the active response duration from 10 minutes
to 24 hours because the
Please, I need to install the Windows agent on 100's of xp clients that don't
have a real desktop. Is there any non GUI install out there or examples of a
way to copy the files reg change and create and Start the service. Thanks
Christian
10 matches
Mail list logo