Hi Saket,
On Wed, Jan 12, 2011 at 9:14 PM, Saket wrote:
> Hi,
>
> I noticed that when I send alerts to a syslog server all the logs show
> up in the following format:
>
> Date Time Hostname ossec: Alert Level etc
>
> I need to know if its possible to change ossec: to something else?
>
Hi,
I noticed that when I send alerts to a syslog server all the logs show
up in the following format:
Date Time Hostname ossec: Alert Level etc
I need to know if its possible to change ossec: to something else?
Looks like every log has this static text and I want to know if we can
c
On Wed, 12 Jan 2011 18:00:58 -
"Hugo Ferreira" wrote:
> Hello,
>
> Is it possible to filter which alerts are send to the email by the
> alert text?
>
> Example:
>
> Send via email every alert with level 10 or higher except those who
> have the string “XPTO” in the text.
>
> Thanks in adva
No, this isn't possible in OSSEC currently.
On Wed, Jan 12, 2011 at 1:00 PM, Hugo Ferreira wrote:
> Hello,
>
> Is it possible to filter which alerts are send to the email by the alert
> text?
>
> Example:
>
> Send via email every alert with level 10 or higher except those who have the
> string “X
On Wed, Jan 12, 2011 at 9:59 AM, NewRules wrote:
> Hi,
>
> I just make a fresh install the version 2.5.1 of ossec on an AIX
> server. But when I try to start OSSEC i get this :
>
>> ./bin/ossec-control start
>> Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)...
>> 2011/01/12 15:49:03 ossec-analys
Interesting, but not the method I had in mind. Your method would have the
data split between two locations.
I was thinking along the lines of:
1 server as master with a volume containing /var/ossec which is
mirrored/copied to 2nd site.
A second standby server with the mirrored disk mounted rea
Hello,
Is it possible to filter which alerts are send to the email by the alert text?
Example:
Send via email every alert with level 10 or higher except those who have the
string “XPTO” in the text.
Thanks in advance,
Hi,
I just make a fresh install the version 2.5.1 of ossec on an AIX
server. But when I try to start OSSEC i get this :
> ./bin/ossec-control start
> Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)...
> 2011/01/12 15:49:03 ossec-analysisd(1226): ERROR: Error reading XML file
> 'etc/decoder.xml'
Yes, and it has worked well for me.
One caveat is that the rids (message ids) will have to be
exchanged/synced between each manager in the
HA. A simple solution is to disable the id check, so it should just
work without any sync...
A good setup is like this:
[group of agents 1] -> manager 1 (bac
I have edited the agent's internal_options.conf and enable the debug
mode, the messages that I received is as follows:
The ids server is able to bring up, but it is down within one hour of
operation, any suggestions, thanks.
2011/01/10 06:28:05 ossec-logcollector: Message not complete. Trying
aga
Has anyone set up a high-availability solution?
11 matches
Mail list logo