Re: [ossec-list] Re: Consolidating ossec.log and active-responses.log into alert.log and exporting it to a syslog server

Hi Saket, On Wed, Jan 12, 2011 at 9:14 PM, Saket wrote: > Hi, > > I noticed that when I send alerts to a syslog server all the logs show > up in the following format: > > Date Time Hostname ossec: Alert Level etc > > I need to know if its possible to change ossec: to something else? >

[ossec-list] Re: Consolidating ossec.log and active-responses.log into alert.log and exporting it to a syslog server

Hi, I noticed that when I send alerts to a syslog server all the logs show up in the following format: Date Time Hostname ossec: Alert Level etc I need to know if its possible to change ossec: to something else? Looks like every log has this static text and I want to know if we can c

Re: [ossec-list] Filter email alerts by text

On Wed, 12 Jan 2011 18:00:58 - "Hugo Ferreira" wrote: > Hello, > > Is it possible to filter which alerts are send to the email by the > alert text? > > Example: > > Send via email every alert with level 10 or higher except those who > have the string “XPTO” in the text. > > Thanks in adva

Re: [ossec-list] Filter email alerts by text

No, this isn't possible in OSSEC currently. On Wed, Jan 12, 2011 at 1:00 PM, Hugo Ferreira wrote: > Hello, > > Is it possible to filter which alerts are send to the email by the alert > text? > > Example: > > Send via email every alert with level 10 or higher except those who have the > string “X

Re: [ossec-list] ERROR: Error reading XML file 'etc/decoder.xml' -> No sense

On Wed, Jan 12, 2011 at 9:59 AM, NewRules wrote: > Hi, > > I just make a fresh install the version 2.5.1 of ossec on an AIX > server. But when I try to start OSSEC i get this : > >> ./bin/ossec-control start >> Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... >> 2011/01/12 15:49:03 ossec-analys

Re: [ossec-list] Re: high availability solution

Interesting, but not the method I had in mind. Your method would have the data split between two locations. I was thinking along the lines of: 1 server as master with a volume containing /var/ossec which is mirrored/copied to 2nd site. A second standby server with the mirrored disk mounted rea

[ossec-list] Filter email alerts by text

Hello, Is it possible to filter which alerts are send to the email by the alert text? Example: Send via email every alert with level 10 or higher except those who have the string “XPTO” in the text. Thanks in advance,

[ossec-list] ERROR: Error reading XML file 'etc/decoder.xml' -> No sense

Hi, I just make a fresh install the version 2.5.1 of ossec on an AIX server. But when I try to start OSSEC i get this : > ./bin/ossec-control start > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > 2011/01/12 15:49:03 ossec-analysisd(1226): ERROR: Error reading XML file > 'etc/decoder.xml'

Re: [ossec-list] Re: high availability solution

Yes, and it has worked well for me. One caveat is that the rids (message ids) will have to be exchanged/synced between each manager in the HA. A simple solution is to disable the id check, so it should just work without any sync... A good setup is like this: [group of agents 1] -> manager 1 (bac

[ossec-list] Re: Unstable ossec connections

I have edited the agent's internal_options.conf and enable the debug mode, the messages that I received is as follows: The ids server is able to bring up, but it is down within one hour of operation, any suggestions, thanks. 2011/01/10 06:28:05 ossec-logcollector: Message not complete. Trying aga

Re: [ossec-list] Re: high availability solution

Has anyone set up a high-availability solution?