On Apr 18, 11:12 am, Michael Starks
wrote:
> OSSEC can be administered with someone who has sudo access to
> impersonate/become the ossec user account. I tried this several years
> ago. I recall that there was one daemon that failed to start because it
> started asrootand then dropped privile
On Fri, May 6, 2011 at 2:26 PM, sempai wrote:
> On Apr 18, 11:12 am, Michael Starks
> wrote:
>
>> OSSEC can be administered with someone who has sudo access to
>> impersonate/become the ossec user account. I tried this several years
>> ago. I recall that there was one daemon that failed to sta
Hello Folks,
The exported syslog entries from our OSSEC agent hosts have the
following format
ossecserver ossec: Alert Level: 10; Rule: 5712 - SSHD brute force
trying to get access to the system.; Location:
(ossecclient.domain.com) 74.143.171.166->/var/log/secure; srcip:
72.55.156.23; Apr 12 22
Hi blacklight,
On Fri, May 6, 2011 at 3:48 PM, blacklight wrote:
> Hello Folks,
>
>
> The exported syslog entries from our OSSEC agent hosts have the
> following format
>
> ossecserver ossec: Alert Level: 10; Rule: 5712 - SSHD brute force
> trying to get access to the system.; Location:
> (ossecc