Okay, per microsoft, when XP and 2008 co-mingle the handshake always
starts with an AUDIT_FAILURE(4769) event, Failure Code 0xe. The old
systems just don't speak the new Kerberos language. This is filling
up my IDS logs as OSSEC doesn't like the big bold FAILURE there. So I
put in some version
Greetings,
Having trouble installing OSSEC on HPUX 11. Searched the archives and tried
the snapshot (ossec-hids-101014) as well as ver 2.5.1 but no joy. Tried
editing the install.sh script to force the loc for CC (CC=/usr/bin/cc) but no
joy.
snip
os_xml_writer.c:
*** Error exit code 5
We'll need the actual errors to try and troubleshoot this. You snipped too
much. :)
On Apr 1, 2011 10:04 AM, Mike Disley mike.a.dis...@tpsgc-pwgsc.gc.ca
wrote:
Greetings,
Having trouble installing OSSEC on HPUX 11. Searched the archives and
tried the snapshot (ossec-hids-101014) as well as ver
Hey Guys!
what is the default threshold of auto-ignore ? And if it start ignore
then is there any time period it reset and start alerting again ?
Otherwise it could be dangerous...
-S
OK, my bad. How's this?
5- Installing the system
- Running the Makefile
*** Making zlib (by Jean-loup Gailly and Mark Adler) ***
cc -c -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\/opt/ossec\
-DCLIENT -DUSE_OPENSSL -DHPUX -D_XOPEN_SOURCE_EXTENDED -DHIGHFI
RST -D_REENTRANT
The error is coming from zlib, not even from the OSSEC code. Can you
install gcc in there to try?
thanks,
On Fri, Apr 1, 2011 at 11:44 AM, Mike Disley
mike.a.dis...@tpsgc-pwgsc.gc.ca wrote:
OK, my bad. How's this?
5- Installing the system
- Running the Makefile
*** Making zlib (by
Working on that now. Thanks.
-Original Message-
From: Daniel Cid [mailto:daniel@gmail.com]
Sent: Friday, April 01, 2011 11:04 AM
To: ossec-list@googlegroups.com
Cc: Mike Disley
Subject: Re: [ossec-list] HPUX 11 Install Problem
The error is coming from zlib, not even from the
Hi all...
I did some searching and only found a windows related post that I
don't think is the same. Are there any known problems with agents
coming/going with showing as inactive and then returning back to
active? Is this something that has been discussed before? Trying to
understand in a small
OK, found a machine with GCC installed. I got further this time. No errors
until this point;
*** Making rootcheck ***
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\/opt/ossec\ -DCLIENT
-DUSE_OPENSSL -DHPUX -D_XOPEN_SOURCE_EXTENDED -DHIGHFIRST -D_REENTRANT
Which version of HPUX? Which version of gcc? Which version/distribution of make?
There are a lot of hits for setjmp.h:45: redefinition of `struct
label_t' in google. Seems to be a popular error...
On Fri, Apr 1, 2011 at 11:58 AM, Mike Disley
mike.a.dis...@tpsgc-pwgsc.gc.ca wrote:
OK, found a
Yes, it's been an issue for people in the past.
The network could be the issue.
High cpu usage on the manager could use an issue.
On Fri, Apr 1, 2011 at 12:12 PM, Kat uncommon...@gmail.com wrote:
Hi all...
I did some searching and only found a windows related post that I
don't think is the
3 file changes and it's auto ignored.
It does not become unignored automatically. Pay attention to your
system or turn off auto-ignoring.
On Fri, Apr 1, 2011 at 10:38 AM, satish patel satish...@gmail.com wrote:
Hey Guys!
what is the default threshold of auto-ignore ? And if it start ignore
Modify the source?
On Thu, Mar 31, 2011 at 4:05 PM, Nate Woodward
nate.woodw...@the-connection.com wrote:
I finally got around to investigating this a bit more today. Instead of
just removing a few lines from a log, this time I clobbered the whole
thing:
root@muon:log# cp
Thanks Dan. I think I found the biggest problem. The sid is incorrect.
Web_dirs is setup for our different web directories such as /usr/apache, etc.
The rule numbers were a mis-translated quotes, but thanks for pointing it out.
I will look at the decoder.xml file. I was pointing it to
Thanks for inform!
I would like to have unignored option (Like timeout) in future version.
-Satish
On Fri, Apr 1, 2011 at 3:53 PM, dan (ddp) ddp...@gmail.com wrote:
3 file changes and it's auto ignored.
It does not become unignored automatically. Pay attention to your
system or turn off
On Thu, 31 Mar 2011 15:05:38 -0500, Nate Woodward
nate.woodw...@the-connection.com wrote:
I finally got around to investigating this a bit more today. Instead
of
just removing a few lines from a log, this time I clobbered the whole
thing:
root@muon:log# cp /var/log/secure{,.back}
16 matches
Mail list logo