I have tested the multi-line stuff by using the forensic analysis feature of
log files (cat /tmp/foo.log | /var/ossec/bin/ossec-logtest -a) and it works.
That is what led me to believe this might be a non-issue or maybe a
syntactical issue.
Here is the config section in the ossec.conf file which i
On Wed, Dec 1, 2010 at 2:12 PM, wrote:
> I normally manage the clients from there local ossec.conf. I assume I can
> have the local ossec.conf and additional changes in the agent.conf on the
> management server. Is that correct. and if so do I need to restart all the
> local agents? Thank You Ch
On Wed, Dec 1, 2010 at 1:18 PM, Shaikat wrote:
> Yes I get the same error.
>
> Also, I want to configure my agents centrally so that is why I am
> using the agent.conf file.
>
Understood, it was just a test. I haven't tried the multiline stuff yet.
> However, as I stated above the error does not
I normally manage the clients from there local ossec.conf. I assume I
can have the local ossec.conf and additional changes in the agent.conf
on the management server. Is that correct. and if so do I need to
restart all the local agents? Thank You Christian..
You have to put it in the ossec.c
On the boxes it couldn't compile on:
gcc version 2.96 2731 (Red Hat Linux 7.x)
On Dec 1, 9:44 am, "dan (ddp)" wrote:
> On Wed, Dec 1, 2010 at 12:41 PM, jplee3 wrote:
> > Yep, same thing with the 11-25 snapshot:
>
> > *** Making shared ***
>
> > make[1]: Entering directory `/home/jlee/oss
Yes I get the same error.
Also, I want to configure my agents centrally so that is why I am
using the agent.conf file.
However, as I stated above the error does not prevent the agent from
restarting.
Maybe this is a non-issue. I just wanted to clarify whether this error
message can be safely igno
On the boxes it couldn't compile on:
gcc version 2.96 2731 (Red Hat Linux 7.x)
On Dec 1, 9:44 am, "dan (ddp)" wrote:
> On Wed, Dec 1, 2010 at 12:41 PM, jplee3 wrote:
> > Yep, same thing with the 11-25 snapshot:
>
> > *** Making shared ***
>
> > make[1]: Entering directory `/home/jlee/oss
On the boxes it couldn't compile on:
gcc version 2.96 2731 (Red Hat Linux 7.x)
On Dec 1, 9:44 am, "dan (ddp)" wrote:
> On Wed, Dec 1, 2010 at 12:41 PM, jplee3 wrote:
> > Yep, same thing with the 11-25 snapshot:
>
> > *** Making shared ***
>
> > make[1]: Entering directory `/home/jlee/oss
Yep, same thing with the 11-25 snapshot:
*** Making shared ***
make[1]: Entering directory `/home/jlee/ossec-hids-101125/src/shared'
gcc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -
DCLIENT -DUSE_OPENSSL -DARGV0=\"shared-libs\" -DXML_VAR=\"var\" -
DOSSECHIDS *.c
read-alert.c
On Wed, Dec 1, 2010 at 12:41 PM, jplee3 wrote:
> Yep, same thing with the 11-25 snapshot:
>
> *** Making shared ***
>
> make[1]: Entering directory `/home/jlee/ossec-hids-101125/src/shared'
> gcc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -
> DCLIENT -DUSE_OPENSSL -DARGV0=\"s
Yep, same thing with the 11-25 snapshot:
*** Making shared ***
make[1]: Entering directory `/home/jlee/ossec-hids-101125/src/shared'
gcc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -
DCLIENT -DUSE_OPENSSL -DARGV0=\"shared-libs\" -DXML_VAR=\"var\" -
DOSSECHIDS *.c
read-alert.c
Hi,
I was having the same issues as OP and tried the snapshot. But I get
this:
*** Making shared ***
make[1]: Entering directory `/home/jlee/ossec-hids-101124/src/shared'
gcc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -
DCLIENT -DUSE_OPENSSL -DARGV0=\"shared-libs\" -DXML_VA
On Wed, Dec 1, 2010 at 12:29 PM, Shaikat wrote:
> Hi,
>
> Thanks for answering my question.
>
> Another related question to the agent.conf file. As you can see I am
> using the multi-line log_format introduced in version 2.5.1.
>
> When I try to recycle an agent I get this error:
>
> Started ossec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/29/2010 02:31 PM, dan (ddp) wrote:
> Since the SSH keys probably wouldn't have a passphrase to use them,
> it's basically just as risky as having the password (IMHO).
Slightly less overall risk as you don't expose a password that might be
used e
Hi,
Thanks for answering my question.
Another related question to the agent.conf file. As you can see I am
using the multi-line log_format introduced in version 2.5.1.
When I try to recycle an agent I get this error:
Started ossec-syscheckd...
Completed.
Killing ossec-logcollector ..
Killing os
2010/12/1 Shaikat Majumdar :
> I have created a agent.conf file for centralized agent configuration
> (/var/ossec/etc/shared/agent.conf). The file is attached.
>
> I am trying to test OSSEC rules/config before deploying these changes.
>
> So I followed the instructions posted on the link
> http://w
You have to put it in the ossec.conf on each agent or in
/var/ossec/etc/shared/agent.conf
On Wed, Dec 1, 2010 at 11:50 AM, wrote:
> Does the below statement work globally if put in the Management ossec.conf,
> or does it have to be on each client. Assuming the same directory on all the
> clients
I have created a agent.conf file for centralized agent configuration
(/var/ossec/etc/shared/agent.conf). The file is attached.
I am trying to test OSSEC rules/config before deploying these changes.
So I followed the instructions posted on the link
http://www.ossec.net/main/manual/creating-a-se
Does the below statement work globally if put in the Management
ossec.conf, or does it have to be on each client. Assuming the same
directory on all the clients.
/etc,/usr/bin,/usr/sbin
Thank You Christian...
I fix the error but now i'm getting "No agent available", how i can get
my local alert about my server ?
is it a permission problem ?
Le 01/12/2010 15:21, Jean-Paul Lesein a écrit :
Okay,
i see my log and i get this error
opendir(/var/ossec) [href='function.opendir'>function.opendir]: failed
i fix the bug, but now i get "No Agent Available"
On Dec 1, 3:21 pm, Jean-Paul Lesein wrote:
> Okay,
> i see my log and i get this error
>
> opendir(/var/ossec) [function.opendir]:
> failed to open dir: Operation not permitted in
> /var/www/vhosts/mydomain.com/subdomains/monitoring/httpdocs/oss
Okay,
i see my log and i get this error
opendir(/var/ossec) [function.opendir]:
failed to open dir: Operation not permitted in
/var/www/vhosts/mydomain.com/subdomains/monitoring/httpdocs/ossec-wui-0.3/lib/os_lib_handle.php
on line 94, referer:
http://monitoring.mydomain.com/ossec-wui-0.3/ind
On Wed, Dec 1, 2010 at 9:01 AM, Jean-Paul Lesein wrote:
> Thanks for your answer my
>
> SELinux status: disabled
> Ossec group is ok : ossec:x:2523:apache
>
> How i can verify apache isn't chrooted to another location ?
>
> Make sure you add the apache user to the ossec group (and restart apache).
Thanks for your answer my
SELinux status: disabled
Ossec group is ok : ossec:x:2523:apache
How i can verify apache isn't chrooted to another location ?
Make sure you add the apache user to the ossec group (and restart apache).
Make sure SELinux isn't blocking the access. : my
Make sure apache i
On Wed, Dec 1, 2010 at 8:48 AM, Jean-Paul Lesein wrote:
> Hi,
>
> OSSEC is installed successfully
> i try to use OSSEC webui on CentOS 5 with plesk but when i connect to OSSEC
> webui i get this error
>
> "Unable to access ossec directory"
>
> My safe_mode in "Off" and i fix the user who is apache
Hi,
OSSEC is installed successfully
i try to use OSSEC webui on CentOS 5 with plesk but when i connect to
OSSEC webui i get this error
"Unable to access ossec directory"
My safe_mode in "Off" and i fix the user who is apache on CentOS
dr-xr-x--- 3 root ossec16 Oct 13 16:06 active-respo
26 matches
Mail list logo