At least OSSEC is reporting it :) And yes, try to run it under gdb so
we can see where it is crashing. Or try the latest snapshot
to see if it works there.
Thanks,
On Mon, Jun 6, 2011 at 6:58 PM, dan (ddp) wrote:
> Please try running it under gdb:
>
> gdb ossec-csyslogd
>
> (gdb) set follow-fork
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jun 6, 2011, at 4:53 PM, Wei Zhang wrote:
> good point, Thanks
And, of course, if you do, please share it back with the community!
> On Mon, Jun 6, 2011 at 2:21 PM, dan (ddp) wrote:
> OSSEC is open source, so you should be able to add it.
>
> On
On Mon, 2011-06-06 at 14:16 -0400, dan (ddp) wrote:
> Add 31100 to your rule.
OK, I thought I missed something. Thank You.
Steve,
thanks for your hint, the solution in the link is
a good approach. Maybe I can figure out how to
modify it for my case.
Rainer.
Thanks Dan, that did it :)
Noah Grant
Systems Engineer
Ext. 3212
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: Monday, June 06, 2011 2:55 PM
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] how to change we
Please try running it under gdb:
gdb ossec-csyslogd
(gdb) set follow-fork-mode child
(gdb) run
On Mon, Jun 6, 2011 at 5:50 PM, Jefferson, Shawn
wrote:
> Hey, I had the same crash too!
>
> -Original Message-
> From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
>
cd to the wui directory.
htpasswd USERNAME
This should prompt you for a password
On Mon, Jun 6, 2011 at 5:47 PM, Noah Grant wrote:
> I’m new to using OSSEC…does anyone know how to change the Web UI default
> password? It’s installed as ‘ossec’ for the username and password but we’d
> like to ch
Hey, I had the same crash too!
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of blacklight
Sent: Monday, June 06, 2011 2:36 PM
To: ossec-list
Subject: [ossec-list] Concern about the ossec-csyslogd daemon
Hello Folks,
I have a concern
I'm new to using OSSEC...does anyone know how to change the Web UI
default password? It's installed as 'ossec' for the username and
password but we'd like to change it to something more secure.
Thanks!
Noah
Any chance you can run it under gdb in case it crashes again? I think
a backtrace might help find the issue.
On Mon, Jun 6, 2011 at 5:35 PM, blacklight wrote:
> Hello Folks,
>
> I have a concern about the csyslogd demon:
>
> 2011 Jun 04 13:51:03 Rule Id: 151601 level: 7
> Location: ossec-server->
Hello Folks,
I have a concern about the csyslogd demon:
2011 Jun 04 13:51:03 Rule Id: 151601 level: 7
Location: ossec-server->/var/log/messages
Grouping of kernel error rules.
Jun 4 13:51:02 ossec-server kernel: ossec-csyslogd[21507]: segfault at
rip 003dd8479a30 rsp 7fff
good point, Thanks
On Mon, Jun 6, 2011 at 2:21 PM, dan (ddp) wrote:
> OSSEC is open source, so you should be able to add it.
>
> On Fri, Jun 3, 2011 at 12:35 PM, Wei Zhang wrote:
> > Hello everyone,
> >
> > I just heard that sha1sum and md5sum is being deprecated as
> approved
> > hash al
When there's a conflict the agent's ossec.conf is generally used. I
find it's best to remove everything except the server-ip setting from
the agent ossec.conf files.
On Mon, Jun 6, 2011 at 8:50 AM, Christopher Moraes
wrote:
> Hi Frank,
> If I create an agent.conf file on the server, will it overw
Currently agents can only send messages to 1 ossec manager at a time.
On Fri, Jun 3, 2011 at 8:56 AM, Christopher Moraes
wrote:
> Hi,
> I would like to check if anyone has tried configuring an OSSEC agent to
> forward logs to 2 different managers simultaneously.
> Since OSSEC transports logs via
OSSEC is open source, so you should be able to add it.
On Fri, Jun 3, 2011 at 12:35 PM, Wei Zhang wrote:
> Hello everyone,
>
> I just heard that sha1sum and md5sum is being deprecated as approved
> hash algorithm for FIPS 140-2 compliance. Does anyone know if I can add
> sha224sum to integ
http://www.ossec.net/doc/syntax/head_ossec_config.syslog_output.html
Put the following inside of the section:
10
On Mon, Jun 6, 2011 at 7:48 AM, Walker, Barry wrote:
>
> Can I setup the output of syslog to send only alert level 10 and above?
> Below is what I have so far. The first syslog ser
Add 31100 to your rule.
On Sun, Jun 5, 2011 at 8:02 AM, Rainer wrote:
> Hi,
>
> I want to block a certain WWW bot called verticalpigeon; it is known
> to scan for Joomla! installations. You can also trigger it through the
> website manually. But the nice thing is, it says
> who it is:
>
> 66.103
You should put all the config in shared/agent.conf your ossec.conf on the
sensors/agents should be as minimal as xx..xxx.x
On Mon, Jun 6, 2011 at 2:50 PM, Christopher Moraes wrote:
> Hi Frank,
>
> If I create an agent.conf file on the server, will it overwrite the
> settings of the agent's lo
/etc,/usr/bin,/usr/sbin
/bin,/sbin
Hi Frank,
If I create an agent.conf file on the server, will it overwrite the settings
of the agent's local ossec.conf or are the two configs merged in some way?
On Mon, Jun 6, 2011 at 6:29 AM, Frank Stefan Sundberg Solli <
frankste...@gmail.com> wrote:
> Hi.
>
> The file can be found in shared
Hi.
The file can be found in shared/agent.conf
On Mon, Jun 6, 2011 at 3:42 AM, treydock wrote:
> What settings from the OSSEC server's etc/ossec.conf file are used to
> on the clients? For example I've defined rules and active responses
> on my server, and they are working fine, but what about
20 matches
Mail list logo
