Dear support,
if i do /var/ossec/bin/agent_control -R 22
this line is to run the agent on the machine distant or on local?
Best regards
On Wednesday, November 14, 2012 8:49:10 AM UTC-6, Michiel van Es wrote:
Hello,
I am trying to set up a local_decoder.xml entry to decode our Clavister
log entries.
The clavister logfiles show only outgoing dropped traffic, for example:
Nov 14 12:19:53 10.170.80.3 [2012-11-14 12:20:08]
On Sun, Nov 25, 2012 at 7:29 PM, Kristy Truong asiannbarb...@gmail.com wrote:
how do you use this?
Add the decoders to /var/ossec/etc/local_decoder.xml, rules to
/var/ossec/rules/local_rules.xml, and restart the OSSEC processes.
On Wednesday, November 14, 2012 8:49:10 AM UTC-6, Michiel van
On Mon, Nov 26, 2012 at 5:39 AM, rezgui mohamed rezgui...@gmail.com wrote:
Dear support,
if i do /var/ossec/bin/agent_control -R 22
this line is to run the agent on the machine distant or on local?
Best regards
You run that command on the OSSEC server.
i know ,this command is to restart the agent on the remote machine?
Best regards
On Mon, Nov 26, 2012 at 9:14 AM, rezgui mohamed rezgui...@gmail.com wrote:
i know ,this command is to restart the agent on the remote machine?
Best regards
agent_control
OSSEC HIDS agent_control: Control remote agents.
-R id Restarts agent.
so on the background ossec server connect through ssh to the remote
machine then start the agent
On Mon, Nov 26, 2012 at 9:21 AM, rezgui mohamed rezgui...@gmail.com wrote:
so on the background ossec server connect through ssh to the remote machine
then start the agent
No. Why would it use SSH? The server and the agent already
communicate. The OSSEC server will trigger a restart of the
How to unsubscribe from this group sucks
Alfredo Tapia Sabogal
Enviado desde mi BlackBerry de Claro.
-Original Message-
From: dan (ddp) ddp...@gmail.com
Date: Mon, 26 Nov 2012 14:26:57
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] /var/ossec/bin/agent_control -R 22
On Mon,
LOL. where's the LIKE button when you need one. :)
documentation is fine. people just need to read it more carefully.
Frank
On Monday, November 26, 2012 8:27:08 AM UTC-6, dan (ddpbsd) wrote:
On Mon, Nov 26, 2012 at 9:21 AM, rezgui mohamed
rezg...@gmail.comjavascript:
wrote:
so on the
I don't understand how that's such a problem; or at least why it's a
problem to at least merely include the original timestamps. I'm trying to
use OSSEC in conjunction with Logstash, and am using Logstash to parse out
the timestamp. When pulling Windows event logs, OSSEC doesn't even appear
Thanks for your consideration. Without the report_changes option can I
still get an alert if there is a diff in a file? Using a rule perhaps? If
so, how do I go about seeing what the change was?
On Monday, November 26, 2012 7:44:23 AM UTC-6, dan (ddpbsd) wrote:
On Fri, Nov 23, 2012 at 3:46
On Mon, Nov 26, 2012 at 12:48 PM, Sue susan.hes...@gmail.com wrote:
Thanks for your consideration. Without the report_changes option can I still
get an alert if there is a diff in a file? Using a rule perhaps? If so, how
do I go about seeing what the change was?
You will still get alerts that
On 26.11.2012 11:42, jponsano wrote:
I don't understand how that's such a problem; or at least why it's a
problem to at least merely include the original timestamps.
I don't think it's a problem, either. The Windows decoder would likely
have to be changed, too, but that's not hard. Remember,
I've spent a few months fine tuning and correcting problems with a new
feature I required to analyze logs from OpenLDAP. I'm now looking for
comments and testers as the patch has been running stably and has been
invaluable to me.
The write-up is
here:
From dcid's patch posted by dan on ossec-dev, change install.sh line 372:
-if [[ X${USER_AGENT_SERVER_IP} = X X${USER_AGENT_SERVER_NAME}
= X ]]; then
+if [ X${USER_AGENT_SERVER_IP} = X -a X${USER_AGENT_SERVER_NAME}
= X ]; then
On Thursday, November 22, 2012 7:54:19 PM UTC-8, Michael
Hi, Scott Klauminzer
Many thanks, about this method described in
automatically-creating-and-setting-up-the-agent-keyshttp://dcid.me/2011/01/automatically-creating-and-setting-up-the-agent-keys/
,I has been tried but I got a trouble that agent unable to connect to ossec
server.
this is my
how to use -f ? i have some error:
# ./manage_agents -f test.csv
Bulk load file: test.csv
Opening: [test.csv]
Failed.: No such file or directory
2012/11/27 11:45:14 manage_agents(1103): ERROR: Unable to open file
'test.csv'.
in test.csv
#vi test.csv
192.168.1.1,IDS1
Is that something wrong ?
Put the file in the ossec dir somewhere, and rederence it by that chroot
point. For instance, put it in /var/ossec and run
/var/ossec/bin/manage_agents -f /FILE
The documentation has been updated to reflect this, but hasn't been pushed
live yet.
On Nov 26, 2012 11:15 PM, peng lin
19 matches
Mail list logo