Hi Group - I'd like to increase the max agents allowed on an already
built and active ossec server. All the documentation I've read states
to do this before you install or update ossec. Is there a way to do
this on an operating box? I really don't want to break this box as it
appears to be function
Nope. You'll have to recompile the code.
On Wed, Dec 29, 2010 at 9:34 AM, Maahkus wrote:
> Hi Group - I'd like to increase the max agents allowed on an already
> built and active ossec server. All the documentation I've read states
> to do this before you install or update ossec. Is there a way t
I have the SNARE Windows agent running in my environment and I need to
be able to support a larger syslog message size than 1024. It appears
I just need to change the buffer size in the "src/remoted/syslog.c"
from OS_SIZE_1024 to OS_SIZE_8192. I have made the change, compiled
and updated my install
OK - so as long as I backup the servers client-keys file I shouldn't
have to worry about any of the agents breaking?
On Dec 29, 9:48 am, "dan (ddp)" wrote:
> Nope. You'll have to recompile the code.
>
> On Wed, Dec 29, 2010 at 9:34 AM, Maahkus wrote:
> > Hi Group - I'd like to increase the max a
Hi,
On Tue, Dec 28, 2010 at 5:53 AM, Js Opdebeeck
wrote:
>
> Dec 28 06:54:36 1.1.1.1 MSWinEventLog;1;Security;23875316;Tue: Dec 28
> 06:54:34 2010;680;Security;DOMAINUSER;User;Success
> Audit;ADSERVER;Account Logon;;Logon attempt by:
> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0Logon account: DOM
Hi,
I am trying to forward the OSSEC logs to a syslog server.
I know it stores the logs in /ossec/logs/ossec.log file and
/ossec/logs/alerts/alerts.log
But, is there a way to send these logs to a syslog server?
Thanks,
Saket
You should backup the configs and rules too (out of good practice).
The upgrade process is pretty easy. The install.sh takes care of most
of the issues and leave the important stuff alone.
On Wed, Dec 29, 2010 at 3:18 PM, Maahkus wrote:
> OK - so as long as I backup the servers client-keys file I
The alerts can be forwarded using the client syslog functionality in ossec.
On Wed, Dec 29, 2010 at 3:34 PM, Saket wrote:
> Hi,
>
> I am trying to forward the OSSEC logs to a syslog server.
>
> I know it stores the logs in /ossec/logs/ossec.log file and
> /ossec/logs/alerts/alerts.log
>
> But, is
Seems you can forward alerts to a syslog server:
http://www.ossec.net/dcid/?p=139
Not sure about the actual ossec.log entries.
On Wed, Dec 29, 2010 at 12:34 PM, Saket wrote:
> Hi,
>
> I am trying to forward the OSSEC logs to a syslog server.
>
> I know it stores the logs in /ossec/logs/ossec.lo
Perfect.
You found the source of my cumulative problems. Thanks
Summary: So I had 2 'issues':
1. Syslog format (duplicate host, IP and Name) - Must *CHECK* "Enable
SYSLOG Header?" in Snare. - p22
2. Wrong supported separator format ";" versus TAB (for Ossec) -
p23
More technical details and r
This is what I was looking for.
Can you tell me where to find
192.168.4.1
10
10.1.1.1
I looked up ossec.conf , should I include it there?
Thanks,
Saket
On Dec 29, 3:42 pm, Jeremy Lee wrote:
> Seems you can forward alerts to a syslog
> server:http://www.ossec.
11 matches
Mail list logo