On Aug 20, 2012, at 1:45 PM, Michael Starks wrote:
> I'm trying to map the OSSEC ruleset, visually. It would help to understand
> where we are today and how best to (re)structure future rules. Can anyone
> suggest a tool that could take the rules and would understand a hierarchical
> structure (
I'm trying to map the OSSEC ruleset, visually. It would help to
understand where we are today and how best to (re)structure future
rules. Can anyone suggest a tool that could take the rules and would
understand a hierarchical structure (i.e. multiple child rules,
if_group), etc. We have the rul
looks like i fixed it. apparently there was no rids directory once I
created it agent starts
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.34
./shared/win_audit_rcl.txt
./shared/win_applications_rcl.txt
./shared/win_malware_rcl.txt
64800
no
%WINDIR%/system32
%WINDIR%/System32/LogFiles
%WINDIR%/system32/wbem/Logs
%WINDIR%/system32/config
%W
Check that your config file is existent and that it is readable, also if
yit exists paste it here.
On Mon, Aug 20, 2012 at 4:27 PM, Michael Barrett
wrote:
>
>
>
> Windows 2003
>
> Faulting application ossec-agent.exe, version 0.0.0.0, faulting module
> ossec-agent.exe, version 0.0.0.0, fault addr
Windows 2003
Faulting application ossec-agent.exe, version 0.0.0.0, faulting module
ossec-agent.exe, version 0.0.0.0, fault address 0x00030b6f.
ossec.log
2012/08/20 09:25:30 ossec-agent(1905): INFO: No file configured to
monitor.
2012/08/20 09:25:30 ossec-execd(1350): INFO: Active response
On Mon, Aug 20, 2012 at 9:38 AM, Shaka Lewis wrote:
> This is the error log in the ossec.log file when i restarted this morning
>
> ossec-logcollector(1950): INFO: Analyzing file:
> '/var/ossec/logs/alerts/alerts.log'.
> 2012/08/20 09:29:30 ossec-logcollector: INFO: Started (pid: 10978).
> 2012/0
This is the error log in the ossec.log file when i restarted this morning
ossec-logcollector(1950): INFO: Analyzing file:
'/var/ossec/logs/alerts/alerts.log'.
2012/08/20 09:29:30 ossec-logcollector: INFO: Started (pid: 10978).
2012/08/20 09:29:50 ossec-logcollector: socketerr (not available).
201
I ran the ls command and the file does exist. I just started recently
having problems. The system runs usaully about 30 minutes to an hour
then analysisd dies.
On Sun, Aug 19, 2012 at 7:49 PM, JB wrote:
> Looks like the Unix sockets do not work at all.
> Was OSSEC running OK before you restarte
On Fri, Aug 17, 2012 at 5:29 PM, Shaka Lewis wrote:
> I get the below errors after restarting ossec. This is version 2.6
> running on a Linux machine
>
> 2012/08/17 16:55:21 ossec-logcollector: socketerr (not available).
> 2012/08/17 16:55:21 ossec-logcollector(1224): ERROR: Error sending
> messa
On 08/17/2012 15:32, dan (ddp) wrote:
On Fri, Aug 17, 2012 at 2:52 AM, bw wrote:
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got the same result. I didn't rei
Hello,
I have three OSSEC servers running on three seperate machines (one for each
individual network). I was wondering how I can point those servers to my
Splunk server. The Splunk app appers to have the functionality to select by
"Server Name". This would then give me the ability to manage a
12 matches
Mail list logo