I haven't had a chance to ask dcid about the multi line log support.
I'm not convinced it would work the way we're hoping, because I'm
guessing the logs from multiple ldap sessions (conn=\d+) could be
mixed together (unlike multi-line logs from snort, which keep multiple
log entries separate from e
Afterwards, I tested by plugging in a USB key but I still didn't get
an alert. Sorry, I forgot to mention that.
On Wed, Nov 17, 2010 at 3:39 PM, dan (ddp) wrote:
> If the values aren't changing you won't see an alert.
>
> On Wed, Nov 17, 2010 at 3:30 PM, Peter Fraser wrote:
>> Hi All
>> I have r
Any ideas on this one?
Thanks,
Doug Burks
On Nov 12, 2:29 pm, "dan (ddp)" wrote:
> What happens on the list stays on the list. ;)
>
>
>
> On Thu, Nov 11, 2010 at 9:15 PM, Chris Decker wrote:
> > I'm interested in such a decoder as well, so any effort expended to help
> > Doug would also help me
If the values aren't changing you won't see an alert.
On Wed, Nov 17, 2010 at 3:30 PM, Peter Fraser wrote:
> Hi All
> I have read the manual and set things up as I understand them. My
> problem is that although I am seeing a file in diff, I am still not
> getting an alert.
>
> This is what I did
Hi All
I have read the manual and set things up as I understand them. My
problem is that although I am seeing a file in diff, I am still not
getting an alert.
This is what I did
In the local windows agent, I entered
full_command
reg QUERY HKLM\SYSTEM\CurrentControlSet\Enum\USBSTOR
A
On Wed, Nov 17, 2010 at 2:17 PM, wrote:
> On the OSSEC website it says download the latest snapshot below. My question
> is. Is that a whole install of 2.5.1 which I'm running with the addition of
> the src directory? So should I reinstall my management with that version
> of the software. Than
On the OSSEC website it says download the latest snapshot below. My question
is. Is that a whole install of 2.5.1 which I'm running with the addition of the
src directory? So should I reinstall my management with that version of the
software. Thank you Christian...
To get started, we created
Try the latest snapshot: http://ossec/net/files/snapshots
On Wed, Nov 17, 2010 at 3:58 AM, Henry wrote:
> I have tried to install ossec on hp-unix version 11.23 by running ./
> install.sh and have the following error.
>
>
> *** Making rootcheck ***
>
> gcc -g -Wall -I../ -I../headers -DDEFAULTD
Excellent, thanks Dan. After making the analysisd script executable,
the entire thing compiled flawlessly.
On Nov 15, 4:08 pm, "dan (ddp)" wrote:
> On Sun, Nov 14, 2010 at 11:24 PM, Scott Mortimer wrote:
> > Hello,
>
> > I am trying to install OSSEC on an Ubuntu 10.04 LTS server. I keep
> > ge
I have tried to install ossec on hp-unix version 11.23 by running ./
install.sh and have the following error.
*** Making rootcheck ***
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -
DUSE_OPENSSL -DHPUX -D_XOPEN_SOURCE_EXTENDED -DHIGHFIRST -
D_REENTRANT-DARGV0=\"ossec-rootche
10 matches
Mail list logo