Hey
Once I make changes to ossec config at windows client, it stops permanently?
What to do!
On Fri, Jun 29, 2012 at 6:26 AM, Michael Starks
ossec-l...@michaelstarks.com wrote:
On 06/28/2012 12:51 PM, Mike Disley wrote:
Thx. Also just noticed this link not working either;
And did anyone faced lost UDP packets problem?
пятница, 29 июня 2012 г., 15:59:49 UTC+4 пользователь dan (ddpbsd) написал:
On Fri, Jun 29, 2012 at 2:16 AM, kay kay kay.d...@gmail.com wrote:
Is it possible to use only TCP protocol? UDP packets are not reliable
and
frequently are being
Dan,
Thank you very much for all of your information. You've been very helpful.
I just have 1 more quick question then I'll stop bugging you, for now. :)
Is there any other way to manage the keys or do some sort of automated
agent key management? I know there is ossec-authd that would work on
On Fri, Jun 29, 2012 at 9:17 AM, Eric eric.luel...@gmail.com wrote:
Dan,
Thank you very much for all of your information. You've been very helpful. I
just have 1 more quick question then I'll stop bugging you, for now. :) Is
there any other way to manage the keys or do some sort of automated
Here's hoping there is a simple answer to this. I know of the technique to
run the forensics into ossec-logtest. And that is a fabulous tool/method.
But, I want to take a previous years data - BO - (before ossec) and run it
through and have ossec actually process it into the appropriate log
On 29.06.2012 01:16, kay kay wrote:
Is it possible to use only TCP protocol? UDP packets are not reliable
and frequently are being lost and some active-response not executed.
I've tried to find an option for ossec server to listen TCP port, but
found only TCP option for clients (syslog
I would like to determine the level to set Log Alerts in my OSSEC
installation. How was each event assigned a severity level? How have you
all decided the level to set your log alerts? I am concerned about logging
too many events but missing legitimate security events. Your opinions will
Hi,
You can try to pipe the data into ossec's syslog daemon with cat and netcat
On Fri, Jun 29, 2012 at 7:07 PM, Kat uncommon...@gmail.com wrote:
Here's hoping there is a simple answer to this. I know of the technique to
run the forensics into ossec-logtest. And that is a fabulous
Hello,
Any ideas what would cause HKLM to become locked? Possibly timed along
with the scheduled installation of OSSEC. Every installed just fine up to
and following OSSEC; then HKLM becomes locked or read only. Global problem
with two common user accounts. No other HIVE is locked, just