-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 16, 2010, at 6:23 PM, jplee3 wrote:
> Hi all,
>
> Just wondering if OSSEC has the ability to capture all commands run
> after sudoing or su'ing to root (or another privileged user, etc).
I think this is outside of the scope of ossec.. Sudo it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 12, 2010, at 11:38 AM, dan (ddp) wrote:
> ossec/etc/local_decoder.xml
> I can't remember how I learned that (probably this list). I will be
> looking to add it to the documentation though.
Doh! I never thought about this.. that's really usefu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 12, 2010, at 11:53 AM, David Porcello wrote:
> Hi all,
>
> I'm running OSSEC client 2.4.1 on a handful of RedHat EL 5.5 servers and I'm
> seeing the following behavior across the board: It appears that
> client-logcollector and client-syschec
Hi all,
Other than management via basic OSSEC centralized setup (agent/server
environment)], I know OSSECWUI exists, but it isn't quite all there
with actual management (more than it is with historical reference/
analysis at least). I wanted to know if any of you have gone one step
beyond and foun
On Wed, Aug 18, 2010 at 9:16 AM, Michael Whitehead
wrote:
> i have been having this report being triggered when there have not been any
> failed logins. it shows my IP address as the one that is failing. am i
> overlooking something really simple?
>
>
> authentication_failed
> srcip
> Daily rep
On Wed, Aug 18, 2010 at 5:20 AM, Mark F wrote:
> Hi All,
>
> I'm trying to find out if ossec can be used for my needs. Certain standards
> that need to be adhered to mean using great software like ossec for log
> parsing is a must.
>
> However the biggest thing is that I cannot have logs missed an
On Wed, Aug 18, 2010 at 4:24 AM, GeorgeY wrote:
> Thanks dan.
> i have configured those lines in ossec.conf on the server.
> Questions
> 1. if ossec and syslog-ng are both running on the same server
> (different ports) - will this work? read a post and it seems this is a
> bad idea.
I'm not using
On Tue, Aug 17, 2010 at 10:59 PM, Devendra Agrawal
wrote:
> dnotify support is available for 2.6.9-78.0.8.ELsmp kernel but not inotify.
> Can dnotify be used with OSSEC to do real time alerting for new files?
>
>
No. The only option is inotify for Linux hosts.
i have been having this report being triggered when there have not been any
failed logins. it shows my IP address as the one that is failing. am i
overlooking something really simple?
authentication_failed
srcip
Daily report: Faild logins
whitehea...@xx
___
authentication_success
sr
Try putting a
yes
within the ... section of the ossec.conf of your
server then restart. All log entries forwarded by the agents should
then be stored in the /var/ossec/logs/archives subdirectory.
Of course you have to make sure that the agents configuration includes
the desired logfiles.
Kind re
Thanks dan.
i have configured those lines in ossec.conf on the server.
Questions
1. if ossec and syslog-ng are both running on the same server
(different ports) - will this work? read a post and it seems this is a
bad idea.
2. Also correct me if i'm wrong, if i do not specify the
parameters under
Hi All,
I'm trying to find out if ossec can be used for my needs. Certain standards
that need to be adhered to mean using great software like ossec for log parsing
is a must.
However the biggest thing is that I cannot have logs missed and go un-noticed,
therefore my plan is to send all logs t
12 matches
Mail list logo