I'm using 2.5.1. There is no separate manager; OSSEC runs on and reports
from this system.
On 06/17/2011 03:04 PM, dan (ddp) wrote:
Hi Steven,
Those are keepalive messages from an agent to the manager. You can ignore them.
What version of OSSEC do you have installed? They're supposed to be
igno
Hi Steven,
Those are keepalive messages from an agent to the manager. You can ignore them.
What version of OSSEC do you have installed? They're supposed to be
ignored so they don't fire alerts...
On Fri, Jun 17, 2011 at 3:52 PM, Steven Stern
wrote:
> What does this mean? Where do I look for an e
What does this mean? Where do I look for an error?
Received From: ip-10-x->ossec-keepalive
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
--MARK--:
ggM6EJz3j+TNLDYHUgwX3-n_2esOyS6Eg0SLR(i1pjiiMpPOvufGY79ut]rR]FEc?-NRqd0GnqOhFMWioj.#y6OS1nd
Hi Chad,
18105
The Windows Filtering Platform has blocked a packet
Ignore WFP packet drops
On Fri, Jun 17, 2011 at 2:42 PM, Chad wrote:
> Hey guys, I know this has been covered at least a dozen times on the
> board, but I can't for the life of me figure this out. I'm hoping
> s
s/Microsoft/Windows/
--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Chad
Sent: Friday, June 17, 2011 12:42
To: ossec-list
Subject: [ossec-list] OSSEC False Posit
Hey guys, I know this has been covered at least a dozen times on the
board, but I can't for the life of me figure this out. I'm hoping
someone can help. I am trying to suppress alerts from "Multiple
Windows audit failure events." Below I have posted the entire alert:
Rule: 18153 fired (level 10)
Hi everyone,
Continuing with my enhancements to support agent configuration profiles (see
thread :
http://groups.google.com/group/ossec-list/browse_thread/thread/28a76c8180e28a4b),
I have added the feature that Jason Frisvold suggested i.e. combining of
profiles.
So now, in the agent.conf file, I
