On 10/26/2011 01:36 PM, dan (ddp) wrote:
On Wed, Oct 26, 2011 at 1:47 PM, James M Pulver wrote:
Well, not silently, it still pops up a command window for a second in my
experience.
If you can help fix that, it'd be appreciated.
If I recall correctly, I actually had it working completely s
On 10/26/2011 07:15 AM, carlopmart wrote:
b) Ability to use agent collectors. For example for remote locations,
one server acts a collector for a remote LAN and forwards all alerts,
logs, etc to the central OSSEC server.
You should be able do this now. Install a manager in one of your
downstre
On 10/26/2011 10:46 AM, sami zimbra wrote:
Hi,
I have noticed a problem when i was looking if OSSEC can meet PCI-DSS
requirements on detecting malicious modifications of log files 10.5.5.
The problem is that ossec-logcollector do it automatically and randomly
without any user contrôl over this b
Please also consider adding a /? and other command line parameter options for
installing Windows clients so that users don't have to go digging for help. It
also seems silly to not be able to specify a server address and key on the
command line during installation, and to not know if this opt
On Tue, Oct 25, 2011 at 2:42 PM, James M Pulver wrote:
> The big issue I’ve had is that if I use the built in syslog generation, all
> the events appear to come from the OSSEC server. So if it can fake the
> “location” to be where it actually comes from, then I could indeed use any
> syslog fronte
On Tue, Oct 25, 2011 at 11:42 AM, James M Pulver wrote:
> The big issue I’ve had is that if I use the built in syslog generation, all
> the events appear to come from the OSSEC server. So if it can fake the
> “location” to be where it actually comes from, then I could indeed use any
> syslog front
On Wed, Oct 26, 2011 at 3:56 PM, carlopmart wrote:
> On 10/26/2011 08:33 PM, dan (ddp) wrote:
>>
>> Please excuse my ignorance. I'll take notes. :)
>>
>> On Wed, Oct 26, 2011 at 8:15 AM, carlopmart wrote:
>>>
>>> On 10/26/2011 01:00 PM, Michael Starks wrote:
List the most annoying bugs.
On 10/26/2011 08:33 PM, dan (ddp) wrote:
Please excuse my ignorance. I'll take notes. :)
On Wed, Oct 26, 2011 at 8:15 AM, carlopmart wrote:
On 10/26/2011 01:00 PM, Michael Starks wrote:
List the most annoying bugs. What makes OSSEC difficult to use? What is
the biggest area for improvement?
Here are my contributions:
Parts 1 and 2 of OSSEC + logstash:
http://ddpbsd.blogspot.com/2011/10/3woo-you-got-your-ossec-in-my-logstash.html
http://ddpbsd.blogspot.com/2011/10/3woo-you-got-your-ossec-in-my-logstash_26.html
On Wed, Oct 26, 2011 at 8:25 AM, Michael Starks
wrote:
> http://www.immuta
On Wed, Oct 26, 2011 at 8:48 AM, James M Pulver wrote:
> I'm new to OSSEC, so maybe I'm missing something, but one of the tips is to
> use active response on Windows to restart the agents when ossec.conf changes.
> It doesn't really explain however how to do that. If I just enable active
> resp
On Wed, Oct 26, 2011 at 1:53 PM, Brown, Ryan David wrote:
> Please put that info here:
> http://www.ossec.net/doc/manual/installation/index.html#ossec-hids-manager-agent-installation
>
http://ddpbsd.blogspot.com/2011/10/3woo-ossec-documentation.html
> Please also consider adding a /? and other
Please excuse my ignorance. I'll take notes. :)
On Wed, Oct 26, 2011 at 8:15 AM, carlopmart wrote:
> On 10/26/2011 01:00 PM, Michael Starks wrote:
>>
>> List the most annoying bugs. What makes OSSEC difficult to use? What is
>> the biggest area for improvement? What are we missing? Any rules fp t
On Wed, Oct 26, 2011 at 8:21 AM, James M Pulver wrote:
> The biggest problem for me was the need to write scripts to deploy the
> agents, specifically on Windows clients. I expect the new auth-d would work
> on Linux but didn't seem to be supported on Windows.
>
Have you tried the post 2.6 Wind
On Wed, Oct 26, 2011 at 1:47 PM, James M Pulver wrote:
> Well, not silently, it still pops up a command window for a second in my
> experience.
>
If you can help fix that, it'd be appreciated.
> --
> James Pulver
> Information Technology Area Supervisor
> LEPP Computer Group
> Cornell Universit
Please put that info here:
http://www.ossec.net/doc/manual/installation/index.html#ossec-hids-manager-agent-installation
Please also consider adding a /? and other command line parameter options for
installing Windows clients so that users don't have to go digging for help. It
also seems sill
On Wed, 26 Oct 2011 17:47:19 +, James M Pulver wrote:
Well, not silently, it still pops up a command window for a second in
my experience.
Ok, non-interacively. :) I actually tried to make that go away but it
caused problems. Something for another day...
--
Michael Starks
[I] Immutable S
Well, not silently, it still pops up a command window for a second in my
experience.
--
James Pulver
Information Technology Area Supervisor
LEPP Computer Group
Cornell University
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Mich
On Wed, 26 Oct 2011 15:49:33 +, Brown, Ryan David wrote:
Lack of Windows command line install parameters and quiet install
makes it difficult/annoying to install for large organizations. This
is likely a deal-breaker for lots of large Windows shops.
The Windows agent can be installed silen
Lack of Windows command line install parameters and quiet install makes it
difficult/annoying to install for large organizations. This is likely a
deal-breaker for lots of large Windows shops.
On 10/26/2011 01:00 PM, Michael Starks wrote:
> List the most annoying bugs. What makes OSSEC diffic
Hi,
I have noticed a problem when i was looking if OSSEC can meet PCI-DSS
requirements on detecting malicious modifications of log files 10.5.5. The
problem is that ossec-logcollector do it automatically and randomly without
any user contrôl over this behavior.
It will be appreciated to add some
I'm new to OSSEC, so maybe I'm missing something, but one of the tips is to use
active response on Windows to restart the agents when ossec.conf changes. It
doesn't really explain however how to do that. If I just enable active
response, does Windows agents then automatically restart on changes
On 10/26/2011 01:00 PM, Michael Starks wrote:
List the most annoying bugs. What makes OSSEC difficult to use? What is
the biggest area for improvement? What are we missing? Any rules fp too
much? Now is the time to get it all out.
--
Michael Starks
[I] Immutable Security
http://www.immutablesecu
http://www.immutablesecurity.com/index.php/2011/10/26/3woo-day-4-five-tips-tricks-for-ossec-ninjas/
Enjoy!
The biggest problem for me was the need to write scripts to deploy the agents,
specifically on Windows clients. I expect the new auth-d would work on Linux
but didn't seem to be supported on Windows.
The second thing for me is the difficulty of getting the logs viewable in some
web based method
It seems to work for me on Windows 7.
--
James Pulver
Information Technology Area Supervisor
LEPP Computer Group
Cornell University
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Aleksey Lipatov
Sent: Wednesday, October 26, 2011 6:
List the most annoying bugs. What makes OSSEC difficult to use? What is
the biggest area for improvement? What are we missing? Any rules fp too
much? Now is the time to get it all out.
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
Hello!
I want to know when OSSEC agent will be support Micorsoft Windows 7
OS? Thx!
27 matches
Mail list logo