I'm wondering if it's possible to have multiple instances of server or client
running on the same host? Systems are x86 intel running x86 Solaris, no
windows systems involved.
We have two different groups of people using OSSEC for different issues. One
group are the system admins and just
did something similar using the smaller version of splunk (500 meg) -
stuck with a single server, but created dashboards inside splunk to
split the appropriate alerts.
Something to think about.
On Oct 19, 9:27 am, Sherman Butler sbut...@cequint.com wrote:
I'm wondering if it's possible to have
I have a client setup with an ossec manager (v2.6) and 10 ossec agents
(v2.6) using centralized configuration (agent.conf). My agent.conf
looks like this (server names and directories sanitized for public
forum):
agent_config
syscheck
alert_new_filesyes/alert_new_files
Thanks Kat
We had suggested splunk as being a better tool for scraping the logs for
their application stuff but the boss has already seen what OSSEC can do
and likes the output and hasn't been receptive to trying anything else.
I'll keep pushing it and hope for a better resolution to come our
All,
It's a bit embarrassing that I can't figure out how to stop this
particular alert, but I don't know how. Here's the situation:
I have Sophos anti-virus installed on some of my Linux boxes. I
keep getting Ossec alerts like the following:
2011 Oct 19 11:21:59 Rule Id: 1002 level: 2
How about Virtualisation using VMWARE?
Run as many instances of OSSEC as you want - within reason
Andy
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com]
On Behalf Of Sherman Butler
Sent: Thursday, 20 October 2011 7:25 a.m.
To:
Write a rule.
rule id=SET_AN_ID level=O
if_sid1002/if_sid
matchscan errors: 0, viruses detected: 0, infected files
detected: 0/match
descriptionAll is well./description
/rule
This one has fatal flaws, but if fixed it works.
On Wed, Oct 19, 2011 at 2:34 PM, Dimitri Yioulos
Yes, it's possible. Just try not to let them step on each other's toes.
http://www.immutablesecurity.com/index.php/2010/10/22/2woo-day-6-running-multiple-instances-on-one-box/
(first link in google)
On Wed, Oct 19, 2011 at 10:27 AM, Sherman Butler sbut...@cequint.com wrote:
I'm wondering if it's
On Wed, Oct 19, 2011 at 2:12 PM, brighamr glennbrobe...@gmail.com wrote:
I have a client setup with an ossec manager (v2.6) and 10 ossec agents
(v2.6) using centralized configuration (agent.conf). My agent.conf
looks like this (server names and directories sanitized for public
forum):
That works great for the server side and honestly I didn't consider the
server to be a huge issue since we could always run it on a different
host. The real issue in my mind is how to get the client to report to
both servers at the same time looking at different log files. But now
that I think
Dan,
I fixed the fatal flaws, and it does work. Many thanks!
Dimitri
On Wednesday 19 October 2011 2:46:24 pm dan (ddp) wrote:
Write a rule.
rule id=SET_AN_ID level=O
if_sid1002/if_sid
matchscan errors: 0, viruses detected: 0, infected files
detected: 0/match
it sucked up over 2G and was still running!
On Oct 19, 8:49 pm, dan (ddp) ddp...@gmail.com wrote:
# ls -l /var/ossec/queue
total 36
drwxr-xr-x 2 ossecr ossec 512 Oct 18 18:56 agent-info
drwxr-xr-x 2 ossec ossec 512 Feb 14 2011 agentless
drwxrwx--- 2 ossec ossec 512 Oct 17
Oh and re-install with Update does not fix it - it won't re-create
the folders, it only copies what it needs to - i.e. UPDATE. And of
course if you tell it NOT to update, you lose your client keys..
*sigh*
Is that a lot? I buy in bulk. And I figured some of /var/ossec/queue would
be ok to save. Maybe just get rid of the big files.
On Oct 19, 2011 10:12 PM, Kat uncommon...@gmail.com wrote:
it sucked up over 2G and was still running!
On Oct 19, 8:49 pm, dan (ddp) ddp...@gmail.com wrote:
# ls -l
Luckily I gave you most of the info you needed so you didn't have to go
through that.
On Oct 19, 2011 10:13 PM, Kat uncommon...@gmail.com wrote:
Oh and re-install with Update does not fix it - it won't re-create
the folders, it only copies what it needs to - i.e. UPDATE. And of
course if you
15 matches
Mail list logo
