Hi, modifying the src/addagent/validate.c file --
{
i = 1024;
snprintf(nid, 6, "%d", i);
while(IDExist(nid))
{
i++;
snprintf(nid, 6, "%d", i);
if(i >= 9000)
{
return(NULL);
}
}
Hi: I just ran into this issue over the weekend - did you find a solution?
On 2/14/12 9:54 AM, "Swartz, Patrick H"
wrote:
>Hi Dan,
>Yes we use the -D option. I have reason to believe that we are hitting a
>hard-coded limit of 4000 in the addagent/validate.c file. Our current
>client.keys file
So here is my plan for a global cloud arch (systems very volitile)
- "Local" install
- Alert via Syslog to central server on dedicated "facility"
- Local Syslog go to central server
- Central console (Graylog2?) parsing all syslog for custom correlation
Should scale to 10's of thousands. We'll se
/var/ossec/bin/logtest -t
Try troubleshooting the issue.
On Apr 2, 2012 6:31 AM, "C. L. Martinez" wrote:
> Hi all,
>
> I have an strange problem. I have defined a custom rule to trigger an
> alert when a RBN IP comes as a srcip in my logs file. For example:
>
>
>
>100202,100203,100201
>
On Mon, Apr 2, 2012 at 9:56 AM, C. L. Martinez wrote:
> Hi all,
>
> I have an strange problem. I have defined a custom rule to trigger an
> alert when a RBN IP comes as a srcip in my logs file. For example:
>
>
>
> 100202,100203,100201
> 108.60.159.33
> Connection from RBN IP
>
>
>
hi,
Thanks for the quick answer.
This is the content of my compiled_rules.h:
/* This file is auto generated by ./register_rule.sh. Do not touch it. */
/* Adding the function definitions. */
void *check_id_size(Eventinfo *lf);
void *comp_mswin_targetuser_calleruser_diff(Eventinfo *lf);
void *comp
Can you take a look at the file
src/analysisd/compiled_rules/compiled_rules.h to see if your new
function
is there?
Also, did you re-run make and copied the new analysisd binary to /var/ossec/bin?
*Btw, your current function is actually slower than using the
from OSSEC. It is doing
a open+read+r
Hi all,
I need a rule for Apache to check if a "bad useragent" like Nikto, Zeus,
WebReaper etc is crawling a webserver. Additionally I need a file where all
my forbidden useragents are listed. My first thought was to use the
tag in a rule like this:
31100
rules/bad_useragents
AP
Hi Chris,
You mention logstash and Splunk, but have you looked at ELSA?
http://code.google.com/p/enterprise-log-search-and-archive/
Regards,
Doug
On Sun, Apr 1, 2012 at 8:45 PM, Decker Christopher
wrote:
> All,
>
> I'm running MySQL + Apache/PHP on a very beefy box but using the out-of-box
> OS
Hi all,
I have an strange problem. I have defined a custom rule to trigger an
alert when a RBN IP comes as a srcip in my logs file. For example:
100202,100203,100201
108.60.159.33
Connection from RBN IP
When I try to load these type of rules, this error occurred:
2012/04/
10 matches
Mail list logo
