Hi All,
We have issues configuring Ossec server to receive Netscreen firewall logs.
Logs are decoded as syslog not netscreen firewall.
Here are my configuration steps;
First, firewalls are configured sending audit logs via syslog.
We changed ossec.conf file as below to allow syslog;
remote
HI Dan:
I did the following:
/usr/local/bin/hg pull /usr/local/bin/hg
update
What would I change above to include a merge or do a merge instead?
Thank you.
'
Hi JB:
/* Some Global names */
local
#define __name GSS HIDS
#define __version v2.6
===
#define __name OSSEC HIDS
#define __version v2012-08
Thank you.
Yep, that's definitely an incomplete merge. I'd get rid of the following:
local
#define __name GSS HIDS
#define __version v2.6
===
and try again. (hg resolve --mark src/headers/defs.h hg commit -m merge)
On Wed, Aug 15, 2012 at 7:38 AM, Peter M Abraham
peter.abra...@dynamicnet.net
On Wed, Aug 15, 2012 at 7:36 AM, Peter M Abraham
peter.abra...@dynamicnet.net wrote:
HI Dan:
I did the following:
/usr/local/bin/hg pull /usr/local/bin/hg update
What would I change above to include a merge or do a merge instead?
Thank you.
'
If you changed the source
On Wed, Aug 15, 2012 at 7:03 AM, Ozgur Orhan oor...@ford.com.tr wrote:
Hi All,
We have issues configuring Ossec server to receive Netscreen firewall
logs. Logs are decoded as syslog not netscreen firewall.
Here are my configuration steps;
First, firewalls are configured sending
On Sat, Aug 11, 2012 at 3:22 AM, Gil Vidals gvid...@gmail.com wrote:
I need in understanding why the frequency rule in proftpd_rules.xml isn't
triggering. I ran the following log line through ossec-logtest more than 15
times and yet active response isn't triggered:
Aug 10 23:22:54 184.5.70.39
On Sun, Aug 12, 2012 at 9:25 PM, Patrick mrp...@gmail.com wrote:
I don't know where I'm going wrong with this
Server 2k8 R2 running IIS
OSSEC 2.6, all installation and changes have been done using 'Run as
administrator'
We've moved the log files to: C:\inetpub\logs\LogFiles
We have a
On Mon, Aug 13, 2012 at 5:02 AM, Gil Vidals gvid...@gmail.com wrote:
How can I debug why the active response is failing for a rule with level 9
and active response is set to level 8?
Both the alert and ossec-logtest show the rule is triggering as expected and
yet no firewall-drop.sh is
Is there a way to tell OSSEC to use the timestamp of the actual logfile
entry rather than its own internal timestamp of when it sees the alert?
This should be a configuration option - *hint hint*
Unless there is already a way to do this.
thanks
K
On Wed, Aug 15, 2012 at 2:45 PM, Kat uncommon...@gmail.com wrote:
Is there a way to tell OSSEC to use the timestamp of the actual logfile
entry rather than its own internal timestamp of when it sees the alert?
This should be a configuration option - *hint hint*
Unless there is already a way
Yes, we could do some interesting rules there :)
The issue is that OSSEC stores the alerts in a sequential mode and it
wouldn't be able
to go back in time and store the alerts on the proper position based
on the log time. Plus,
it would be a big mess if servers are on a different timezone or do
We have the OK from Xavier to use his code...
Original Message
Subject:RE:GeoIP Patch
Date: Wed, 15 Aug 2012 16:40:30 + (UTC)
From: Xavier Mertens via LinkedIn mem...@linkedin.com
Reply-To: Xavier Mertens xav...@rootshell.be
To: Michael Starks
What about setting the frequency to something really low like 60? Will the
agent try to check in every minute? Will the time stamp then be more
accurate, assuming the core isnt too busy to handle the information.
I also assume that there will be a point where the number of agents trying
to
14 matches
Mail list logo