Many thanks,
I've been playing around with ossec-logtest, and think I have
discovered these facts:
1. If two (or more?) rules match the same log line
then the one with the lowest level wins. They
will not both be activated. The rule id doesn't matter.
1a. If the levels are the same,
Does anyone have the agentless OSSEC configured to then dump logs to a
syslog server for later analysis?
Phil
Hi
It's ossec 2.4-1 coming with Centos 5.6 (Final) distribution.
ossec-hids-server-2.4-1.el5.art
ossec-hids-2.4-1.el5.art
kernel version is 2.6.18-238.9.1.el5 x86_64 GNU/Linux
Regards,
Bruno
-Message d'origine-
De : ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] De
On Tue, Jan 10, 2012 at 9:16 AM, Bruno Plantier
bruno.plant...@lyra-network.com wrote:
Hi
It's ossec 2.4-1 coming with Centos 5.6 (Final) distribution.
That's pretty old. You should look into upgrading.
ossec-hids-server-2.4-1.el5.art
ossec-hids-2.4-1.el5.art
What repository did you get
Hello Dan. ossec-makelists does report that it is making a new .cdb:
* File lists/employees.cdb need to be updated
The longest I was waiting was 3-5 minutes.
On a related note, I was trying to figure out if there was a format for
comments in the text version of the list. ossec-makelists
Hi,
I have just sent up a specific email alert in ossec.conf but the recipient is
receiving every alert! What have I mis-configured ?
email_alerts
email_tou...@domain.com/email_to
rule_id10201,10202/rule_id
event_locationa.client.server.com/event_location
do_not_delay/
do_not_group/
Try putting a space between rule id's
rule_id10201, 10202/rule_id
Make sure the ossec server ossec.conf has no extra carriage returns in
it too.
On Jan 10, 8:02 am, --[ UxBoD ]-- ux...@splatnix.net wrote:
Hi,
I have just sent up a specific email alert in ossec.conf but the recipient is
So removing and reinstalling ossec altogether on my second ossec
server that will communicate with my cloud servers should work?
On Jan 9, 5:16 pm, dan (ddp) ddp...@gmail.com wrote:
On Mon, Jan 9, 2012 at 7:16 PM, rmarquez rommelmarq...@gmail.com wrote:
A little background because I am an
rm -f /var/log/ossec_import.log
touch /var/log/ossec_import.log
/var/ossec/bin/ossec-control restart
while read line
do
echo -e ${line} /var/log/ossec_import.log
sleep 2
done /var/log/customlog.tab
customlog.tab is a file that gets copied from another machine.
Ossec.conf on agent is
i have to install server and sgent on my network.
as new to this as per my understanding
1- have to instll one server
2-agent to be instll rest of system
please let me know rest of stage,
sorry for trouble .
10 matches
Mail list logo