This gets postgresql almost working:
alter table alert add column alertid varchar(255) default null;
alter table data add column timestamp timestamp
Trying to add an index of time gets the following:
ossecdb=> create index time on data (timestamp);
ERROR: relation "time" already exists
STATEMENT
http://www.ossec.net/doc/syntax/head_ossec_config.reports.html#element-email_maxperhour
It goes in the global section.
On Tue, Jul 26, 2011 at 7:22 PM, Chris Phillips wrote:
> Perfect, thanks!
>
> I haven't found an option to tweak max emails per hour, but I'm hoping to
> tune out "noise" so th
Perfect, thanks!
I haven't found an option to tweak max emails per hour, but I'm hoping to tune
out "noise" so the number of emails should be minimal.
Cheers,
--
ChrisP
Chris Phillips
Service Designer, intY Ltd.
+44 (0)1454 640 532
-Original Message-
From: ossec-list@googlegroups.com
Hi Dan,
Its one of those items that sometimes slips the net. An upgrade SQL script
between releases, if required, would be a great addition. Keep up the excellent
work.
--
Thanks, Phil
- Original Message -
> On Tue, Jul 26, 2011 at 4:10 PM, --[ UxBoD ]--
> wrote:
> > Cheers Dan, disap
On Tue, Jul 26, 2011 at 4:10 PM, --[ UxBoD ]-- wrote:
> Cheers Dan, disappointed not mentioned anywhere. To fix but still checking
> other tables I ran:
>
I think these types of changes should be publicized a lot more than
they have been. It's something we'll work on in the future.
Thanks for t
made the changes to the files works like, reran install.sh as upgrade
works like a charm! thanks!
On Tue, Jul 26, 2011 at 3:55 PM, dan (ddp) wrote:
> That's been fixed. Thanks for the report!
> https://bitbucket.org/dcid/ossec-hids/changeset/6e752b612937
>
> On Tue, Jul 26, 2011 at 3:28 PM, Kelly
Cheers Dan, disappointed not mentioned anywhere. To fix but still checking
other tables I ran:
mysql
use ossec
alter table alert add (alertid tinytext default null);
alter table data add (timestamp timestamp);
create index time on data (timestamp);
--
Thanks, Phil
- Original Message -
>
That's been fixed. Thanks for the report!
https://bitbucket.org/dcid/ossec-hids/changeset/6e752b612937
On Tue, Jul 26, 2011 at 3:28 PM, Kelly Fitzgerald
wrote:
> after upgrading from ossec 2.6 i noticed the following error...
>
> OSSEC HIDS v2.5.1 Stopped
> Starting OSSEC HIDS v2.6 (by Trend Micr
after upgrading from ossec 2.6 i noticed the following error...
OSSEC HIDS v2.5.1 Stopped
Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)...
OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
Started ossec-csyslogd...
Started ossec-agentlessd...
Started ossec-maild...
Started osse
It (the mysql schema) appears to have changed:
https://bitbucket.org/dcid/ossec-hids/diff/src/os_dbd/mysql.schema?diff2=6e752b612937&diff1=071c2fa74389
I don't think the postgresql one has changed, but I don't know if it
works either.
On Tue, Jul 26, 2011 at 12:13 PM, --[ UxBoD ]-- wrote:
> Has
What do you mean by "group" them? In what?
On Tue, Jul 26, 2011 at 10:42 AM, gopal krishnan
wrote:
> Hi Dan,
>
> I need a help on how to group the OSSEC agents?
>
> For Example,
>
> I have a OSSEC server already installed and up
>
> Now i want to install OSSEC agents on nearly 300 servers
>
> I w
I don't see it on my Windows install. So I'm guessing it doesn't work there yet.
On Mon, Jul 25, 2011 at 10:29 AM, 2secureit <2secur...@gmail.com> wrote:
> Does this feature work with the Windows agent deployment in 2.6? If so
> how do you set this up as I do not see agent-auth in the Windows 2.6
Does appear to have blown the integration with OSSIM too for that reason.
Turn off email grouping. In /var/ossec/etc/internal_options.conf set:
maild.groupping=0
You may need to bump the max emails per hour, depending on how many
alerts you normally get.
On Tue, Jul 26, 2011 at 10:59 AM, Chris Phillips
wrote:
> Hi All,
>
> I have set up a central “server” and several
Also seeing:
2011/07/26 17:44:23 ossec-dbd(5202): ERROR: Error connecting to database
'localhost'(ossec): ERROR: Unknown MySQL server host 'localhost' (0).
2011/07/26 18:18:31 ossec-dbd(5208): ERROR: Multiple database errors. Exiting.
Any thoughts please as I could not see anything in the releas
I think I found an answer: http://www.ossec.net/wiki/Know_How:MultipleLogs
"For Windows Agents
For the Windows agent, the built-in globing doesn't work. At time of
writing (OSSEC version 1.5) you have to use a script to auto-generate
ossec.conf if you want to monitor many log files without having
Has the database schema for 2.6 change from 2.5 as I am now seeing:
2011/07/26 17:10:16 ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO
alert(id,server_id,rule_id,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid)
VALUES ('95043', '1', '502','1311696616', '1', '0', '6080',
On the website (http://www.ossec.net/main/ossecteam) there is a "Join Mailing
List" link, which opens an email (mailto:) but I received the following bounce
message upon making my submission to that list.
I eventually joined successfully, via: http://groups.google.com/group/ossec-list
--
ChrisP
Hi All,
I have set up a central "server" and several "agent" OSSEC hosts and OSSEC-WUI
and I can see them in the UI, but I have a question relating to alerts.
Previously I had the agents configured as "local" OSSEC hosts and the alerts
from them were obviously from each individual host, but now
Hi Dan,
I need a help on how to group the OSSEC agents?
For Example,
I have a OSSEC server already installed and up
Now i want to install OSSEC agents on nearly 300 servers
I want to group all these agents like the following,
Production Application
Production Web
Production SQL
Production Ora
20 matches
Mail list logo
