I tried to do my due diligence, but i could not find anything within this
forum. but below is my question.
I have someone that is looking at the web interface of OSSEC. When they
look at the stat, they see quite a number of hits for Rule 18102. After
doing some investigation, I found that all t
And open file max on the Manager system is set to?
Scott
On Oct 8, 2012, at 8:43 AM, Michael Barrett wrote:
>
> set to 2048
>
> Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
> Insurance Corporation
> 270 E. Kilbourn A
set to 2048
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7
1.888.601.4440 | * michael_barr...@mgic.com
This message is intended f
Hi,
How about using snort or greensql ?
Eero
2012/10/8 Alejandro Martinez :
> Hi all!
>
> I see that there are some rules to audit SQL Server logon/logoff.
>
> Is there any chance (maybe using profiler) to audit more things ? like
> triggers executed, sentences like create table, drop table, et
You could always dnat the traffic with iptables
Just another idea
On Friday, July 29, 2011 7:22:37 PM UTC+1, banjer wrote:
>
> Actually, using an environment variable had flaky behavior. Instead,
> I edited the source around line 287 in ossec-hids-2.5.1/src/os_dbd/
> db_op.c (see below), and r
OSSEC monitors files/logs. If you can make something log to a file, then
just write a decoder and share back with the community
On Monday, October 8, 2012 1:15:21 PM UTC+1, Alejandro wrote:
>
> Hi all!
>
> I see that there are some rules to audit SQL Server logon/logoff.
>
> Is there any chanc
http://www.ossec.net/doc/manual/rules-decoders/rule-lists.html
On Monday, October 8, 2012 9:01:36 AM UTC+1, Michiel van Es wrote:
>
> Hello,
>
> I was wondering if it is possible to filter on non RFC-1918 ip-adresses
> which login successful and unsuccessful ?
> We want to monitor extra on SSH an
Hi all!
I see that there are some rules to audit SQL Server logon/logoff.
Is there any chance (maybe using profiler) to audit more things ? like
triggers executed, sentences like create table, drop table, etc.
Thanks
Alejandro
Hello,
I was wondering if it is possible to filter on non RFC-1918 ip-adresses
which login successful and unsuccessful ?
We want to monitor extra on SSH and RDP logins from public ip-adresses (aka
over the internet).
Does anyone know if you can easily create a local_rule.xml entry for this?
Reg
