Op 24/04/2011 22:22, moazami schreef:
I am beginner to ossec.
Is email alerts for server type only or it is for local type too?
why alerts log for me but don't email to me? can i placed email
address, my gmail address, and smtp server be gmail smtp server?
thanks a lot.
Hello,
ossec can
Hey Guys!
Is there any quick way to remove unwanted rules from ossec ? even i
don't want alert or log them in file. (In short totally ignore).. I
want to remove following unwanted rules like following and etc...
591 - Log file rotated.
On Apr 25, 2011 11:29 AM, satish patel satish...@gmail.com wrote:
Hey Guys!
Is there any quick way to remove unwanted rules from ossec ? even i
don't want alert or log them in file. (In short totally ignore).. I
want to remove following unwanted rules like following and etc...
591 - Log
Oh, add that to /var/ossec/rules/local_rules.xml and restart ossec.
On Apr 25, 2011 11:32 AM, dan (ddp) ddp...@gmail.com wrote:
On Apr 25, 2011 11:29 AM, satish patel satish...@gmail.com wrote:
Hey Guys!
Is there any quick way to remove unwanted rules from ossec ? even i
don't want alert or
Has anyone come up with and implemented a method of encrypting the
outgoing emails alerts with something like OpenPGP or the like? I
would like to have the content of the email alerts encrypted so they
can be sent to an external email address and protect the details of
the message.
Thanks, my ossec server is a router/firewall, my apologies for omitting
this detail. I was really
just trying to figure out how to get the server to trigger the script(s)
in the first place on the
windows events, since it was clearly getting notified about the events.
With help from Andy, I
Dan you are rock!
last week we have put ossec in full production to meet PCI requirement
and its rocking.. ( We have save 10 grand to cancelled TripWire quote
)
Thanks all of you who participate in my queries..
-S
On Mon, Apr 25, 2011 at 11:34 AM, dan (ddp) ddp...@gmail.com wrote:
Oh, add
I think this will have a rule on the ossec server, I am looking to do
this on an agent basis and have the same rule set for all the agents.
On Apr 22, 4:15 pm, dan (ddp) ddp...@gmail.com wrote:
Not what you're asking, but should provide very similar results.
rule id=ID_NUMBER level=0
Does syscheck control rootcheck?
On Apr 22, 12:28 pm, sameer nanda sameer.30...@gmail.com wrote:
hey doug,
y dont u increase the time of syscheck ..
that is what i mean to say is , set it at a time gap of around 21600
seconds.
i hope this will reduce cpu utilization.
On 22 April 2011
I have seen this posted, but not sure of the real problem/solution -
so I will try again. (with a lot more detail)
I have several agents. They had been working for over a month. Then
for some reason some of them started giving this fabulous error:
ossec-agentd(4101): WARN: Waiting for server
10 matches
Mail list logo