On 06/25/2012 11:14 AM, Sasse, Fred (DNR) wrote:
Hello everyone, what is the most popular tool to view the OSSEC logs in a
browser, if not the WUI?
What are the best alternatives while the community works on the WUI?
Thanks !
I am just about finished integrating the OSSEC csyslog format into E
On 06/26/2012 03:17 PM, Kat wrote:
Here is a problem I am trying to figure out a work-around.
Looking for files that might be unauthorized copies of files. For
example, /etc/passwd. But, if you add that to the rootkit_files in
etc/shared - you would want to list it as */passwd -- but how could yo
I get errors in my apache log that say "date() expects parameter 2 to be
long, string given in analogi/php/index_graph.php on line 127"
On Friday, June 15, 2012 5:40:51 AM UTC-7, techs...@ecsc.co.uk wrote:
>
> FYI Guys, AnaLogi v1.1 is now up. A few small tweaks, bug fixes, output
> to CSV and
I was able to figure it out. I think i used the wrong schema file, i
dropped the database and recreated it. all seems to work now
On Tuesday, June 26, 2012 1:42:52 PM UTC-7, Brett Y wrote:
>
> Very nice write-up! However, I'm getting:
>
> ERROR: Error connecting to database 'localhost'(ossec): ER
Very nice write-up! However, I'm getting:
ERROR: Error connecting to database 'localhost'(ossec): ERROR: Unknown
MySQL server host 'localhost' (0).
if i enter 127.0.0.1 in ossec.conf for the hostname the same error happens,
just with 127.0.0.1 instead of saying localhost
On Tuesday, June 26, 20
Here is a problem I am trying to figure out a work-around.
Looking for files that might be unauthorized copies of files. For example,
/etc/passwd. But, if you add that to the rootkit_files in etc/shared - you
would want to list it as */passwd -- but how could you get it to only
trigger if it fi
Sorry, anyways its ok.
Thanks for the help.
Bye!
On Wed, Jun 27, 2012 at 12:09 AM, dan (ddp) wrote:
> This will be my last email in this thread. I'm not interested in
> trying to help someone who is making that task as difficult as
> possible. You are unwilling to troubleshoot or apply any tho
This will be my last email in this thread. I'm not interested in
trying to help someone who is making that task as difficult as
possible. You are unwilling to troubleshoot or apply any thought to
the problem, or help me help you fix the problem.
Good luck!
On Tue, Jun 26, 2012 at 2:32 PM, sahil s
Ok, I guess you are very right. I guess I am a bit confused of terminology,
now getting step by step.
All I have is :
1) a central sever: ubuntu virtual machine.
2)a client : windows
I want to:
1)Detect when someone inserts USB into the client system.
>I am badly confused where to make cha
Perhaps you missed a step. This is a partial document I did earlier in the
year when enabling DB support on CentOS...
Steve
--
Cell: +1-317-840-9088
LinkedIn: http://www.linkedin.com/in/stevelodin
Twitter: http://twitter.com/stevelodin
Updating OSSEC to include MySQL capability Backup Local Con
Yeah we built custom binary RPM's, try the newer atomic ones, I hear good
things about those. We had a tight deadline to meet and had to improvise.
When I get a chance I intend to go back and redo our process with the
atomic RPM's.
Zate
On Tue, Jun 26, 2012 at 11:51 AM, dan (ddp) wrote:
> On
On Tue, Jun 26, 2012 at 12:47 PM, Brett Y wrote:
> Zate,
> Those RPMs don't work, and cause lots of frustration.
>
Zate made his own RPMs, in a different way than most had been made
before. Also, I think he and Nate solved the agent auth issues. Newer
atomic rpms should work (I haven't tested so
Zate,
Those RPMs don't work, and cause lots of frustration.
On Wednesday, June 13, 2012 7:17:55 AM UTC-7, Zate wrote:
>
> If you have one OSSEC server, this is actually pretty easy.
>
> Do the Binary Install - this creates all the binaries on one machine, and
> then lets you take that tar.gz to a
On Tue, Jun 26, 2012 at 12:36 PM, Dayco Telecom wrote:
> Hi People, I want to say Thanks!! to Ryan Who take the time to fix the
> WUI. Now it works so well. By the other side I think the WUI is the official
> tool from OSSEC to view the logs so I don't understand why should I need to
> look fo
I followed the same tutorials as well and it seems that nothing is going to
the database. select * from alert; returns nothing.
On Friday, June 15, 2012 2:34:03 PM UTC-7, Fred Sasse wrote:
>
> I am currently using the webui just fine in SLES11. I have ordered
> the OSSEC-HIDS book and it is on
Hi People, I want to say Thanks!! to Ryan Who take the time to fix the
WUI. Now it works so well. By the other side I think the WUI is the
official tool from OSSEC to view the logs so I don't understand why should
I need to look for other apps to do the job of the WUI.
In the meanwhile I sug
I cant seem to get Analogi to do anything but stare at a blank page. and it
doesnt look like OSSEC wants to log to a database (I followed the
tutorials).
On Tuesday, May 15, 2012 1:55:17 AM UTC-7, techs...@ecsc.co.uk wrote:
>
> Hi,
>
> I/We are very happy to announce the release of AnaLogi, an
ACK!
Sorry, I added 4101 on server.
2012/06/26 16:38:17 ossec-agentd: INFO: Trying to connect to server
(192.168.x.x:1514).
2012/06/26 16:38:17 ossec-agentd: INFO: Using IPv4 for: 192.168.x.x .
2012/06/26 16:38:18 ossec-agentd(4102): INFO: Connected to the server
(192.168.x.x:1514).
2012/06/26
Tom can you confirm UDP protocol for port 1514 on the UFW?
cheers
-thomas
Thomas Bartos
System Administrator | BoardVantage | p650.614.6041
On Jun 26, 2012, at 8:02 AM, Tom Barrett wrote:
> I've installed ossec server + 2 agents. Simple installation with install.sh.
> Server is working, dete
I've installed ossec server + 2 agents. Simple installation with
install.sh.
Server is working, detecting root login attempts within minutes, and
emailing me about it.
I have allowed port 1514 on ufw, but neither agent is reporting anything,
nor seem to working?
2012/06/26 15:58:36 ossec-agen
Thank you Dan.
I sure hope the WUI is not a show stopper for most of the people interested in
OSSEC HIDS.
With the other options for a browser front end there should be no reason to
complain.
FYI with the Splunk free edition and Splunk app you can continue to use both
Splunk and the OSSEC WUI.
On Jun 26, 2012 6:30 AM, "sahil sharma" wrote:
>
> Hi
>
> When I change config at client side, the OSSEC Agent Manager at client's
status is always :stopped.
> I tried re-installing, restarting it numerous times.
>
> Please help.
>
How? You didn't provide the error messages or configuration. With
Hi
When I change config at client side, the OSSEC Agent Manager at client's
status is always :stopped.
I tried re-installing, restarting it numerous times.
Please help.
On Mon, Jun 25, 2012 at 1:40 AM, dan (ddp) wrote:
>
> On Jun 24, 2012 3:36 PM, "sahil sharma" wrote:
> >
> >
> >
> > On Fri,
23 matches
Mail list logo
