After upgrading my server to OSSEC Version 2.4.1, the ossec-maild daemon
dies frequently each day. Nothing else I am aware of in my system has
changed. Is anyone else experiencing ossec-maild dying? Is there a solution
to this problem you are aware of?
Thanks,
Gil Vidals
VM Racks - ESX Hosting
Hello,
My organization is currently under an ssh brute force attack (over a
week in duration, so far). We are encountering a problem with the
firewall-drop.sh script and iptables under RHE and SuSE.
First, we have increased the active response duration from 10 minutes
to 24 hours because the att
Please, I need to install the Windows agent on 100's of xp clients that don't
have a real desktop. Is there any non GUI install out there or examples of a
way to copy the files reg change and create and Start the service. Thanks
Christian
On Apr 11, 7:31 pm, Paul Southerington wrote:
>
> I've actually been considering making it do that out-of-the-box. If other
> people want that, please let me know.
>
> Right now, you can search on 'reporting_host' instead, or you can try the
> following. I haven't really tested this yet, so let m
Are there any errors in ossec.log regarding email? Have you tried
running the daemon in debug mode?
OSSEC's email daemon is pretty bare bones, so it might be worth while
to route it through the system's smtpd.
On Tue, Jun 22, 2010 at 3:19 AM, Ivan Lezhnjov Jr.
wrote:
> Hey guys!
>
> I've been us
Configuration for the ossec server is generally done in ossec.conf.
Try:
qwerty
where qwerty is the agent name of the system sending the alert.
On Thu, Jun 24, 2010 at 4:01 AM, Mathieu D wrote:
> Thank you the tutorial is unfortunately very small.
> Do you know in which file I have to configure t
sudo generally logs in syslog format. You'd probably want:
syslog
/var/adm/sudo.log
If that doesn't seem to work, post a couple of entried from sudo.log.
You can also run the log entries from sudo.log through ossec-logtest
to see how they are decoded.
On Tue, Jun 22, 2010 at 3:38 PM, dassel
On Tue, Jun 22, 2010 at 2:46 PM, Richard Geddes wrote:
> Hello,
>
> The "OSSEC PCI Solution" pdf says that ossec can help with, among other
> sections, section 10.5.
>
> From PCI:
> "10.5.5 Use file-integrity monitoring or change-detection software on logs
> to ensure that existing log data cannot
Do you get all level 2 alerts, or only the ones where the rule
specifies that it will send an email?
On Wed, Jun 23, 2010 at 9:33 AM, Vlad wrote:
> Thanks, but have set the level to 3 and still get level 2 alerts.
>
> Cheers,
>
> Leo
>
>
Thank you the tutorial is unfortunately very small.
Do you know in which file I have to configure this ? (its not mentioned)
And what is the commend to filter per host ? ( on the tuto only rule_id,
format and level are mentioned as filter)
Thank you again ! :)
On 24 June 2010 00:56, Nerijus Krukau
Great, thanks for the advice, the ignore rules seem to be working now.
since your email is the one in the
you will get all emails being sent out by the ossec .
Change that setting to a different email and then you will only get the
emails for the level you specified in the second definition.
Assaf
Vlad wrote:
Thanks, but have set the level to 3 and stil
12 matches
Mail list logo
