thanks,
have an idea hw do teh configuration of agent : past the key, change the
file ossec.conf for the agent trough puppet?
Best regards
Thanks,
i have a puppet and the OS of client is debian.
Best regards
Hi,
Can anyone response this ticket?Still i am facing this issue.
Regards,
Yesodha Prabhu
On Wednesday, October 10, 2012 2:23:23 PM UTC+5:30, Yesodha wrote:
No,I didn't do any syscheck tuning.
Regards,
Yesodha P
On Thursday, October 4, 2012 6:35:02 PM UTC+5:30, dan (ddpbsd) wrote:
On
Are you sure your CPU is your bottleneck? How does it behave after
tuning the syscheck options?
On 11/28/2012 5:11 AM, Yesodha wrote:
Hi,
Can anyone response this ticket?Still i am facing this issue.
Regards,
Yesodha Prabhu
On Wednesday, October 10, 2012 2:23:23 PM UTC+5:30, Yesodha wrote:
All,
Apologies if this has been covered, but I sure couldn't find it :-)
In my lab I have a central ossec 2.6 server on Ubuntu and one client on
Centos, set them up with active response and followed procedure here:
http://www.ossec.net/doc/manual/agent/agent-configuration.html
On Tue, Nov 27, 2012 at 7:29 PM, funwithossec h...@donobi.net wrote:
All,
Apologies if this has been covered, but I sure couldn't find it :-)
In my lab I have a central ossec 2.6 server on Ubuntu and one client on
Centos, set them up with active response and followed procedure here:
On Wed, Nov 28, 2012 at 6:11 AM, Yesodha yeso...@easylinkindia.com wrote:
Hi,
Can anyone response this ticket?Still i am facing this issue.
Regards,
Yesodha Prabhu
This isn't a ticket, and the response was to tune syscheck.
On Wednesday, October 10, 2012 2:23:23 PM UTC+5:30, Yesodha
Hi,
During the syscheck tuning,the cpu load becomes 97 and gradually it goes to
normal load.During that time,sometimes server itself went down or sometimes
apache down.
Regards,
Yesodha
On Wed, Nov 28, 2012 at 6:11 PM, Ryan Schulze r...@dopefish.de wrote:
Are you sure your CPU is your
Greetings,
Under Supported Systems, Operating systems, on the OSSEC site there is a
reference to VMWare ESX 3.0,3.5 (including CIS checks).
Is there a list online of those CIS checks for VMWare that OSSEC does?
Please and Thanks,
Mike
I am using following socat commands to meet my requirement : to route logs
via TCP to server
Agent machine : socat udp4-recvfrom:1514,reuseaddr,fork
tcp4:10.85.203.175:
Server machine : socat tcp4-listen:,reuseaddr,fork udp4:localhost:1514
Sets the ossec server ip as
On Wed, Nov 28, 2012 at 9:00 AM, Mike Disley
mike.a.dis...@tpsgc-pwgsc.gc.ca wrote:
Greetings,
Under Supported Systems, Operating systems, on the OSSEC site there is a
reference to VMWare ESX 3.0,3.5 (including CIS checks).
Is there a list online of those CIS checks for VMWare that OSSEC
On Wed, Nov 28, 2012 at 9:57 AM, Mike Disley
mike.a.dis...@tpsgc-pwgsc.gc.ca wrote:
Excellent, thanks Dan. Last question
I see the RHEL5 file (cis_rhel5_linux_rcl.txt) in the /etc/shared directory.
Are there any plans to expand the CIS checks to include SUSE or SLES
distributions or
On Wed, Nov 28, 2012 at 10:01 AM, mcrane0 mathew.cr...@gmail.com wrote:
ossec.conf on server, relevant portion:
directories report_changes=yes
check_all=yes/etc,/var/ossec/etc/directories
directories check_all=yes/usr/bin,/usr/sbin/directories
directories
Bah, it must not have pushed out the agent.conf on the server. Thanks.
On Wed, Nov 28, 2012 at 9:35 AM, dan (ddp) ddp...@gmail.com wrote:
On Wed, Nov 28, 2012 at 10:01 AM, mcrane0 mathew.cr...@gmail.com wrote:
ossec.conf on server, relevant portion:
directories report_changes=yes
Upon review, that's the non-testing env. Apologies for the confusion.
Here is where it's not working:
/agent_config
agent_config os=Linux
syscheck
frequency86400/frequency
scan_on_startyes/scan_on_start
scan_time03:00/scan_time
auto_ignoreno/auto_ignore
!-- Directories
If I am reading your problem - you are saying ossec.conf on the AGENT is
not being overwritten -- if this is correct - then yes, it is not - it
won't. Only agent.conf gets pushed to the agents. ossec.conf is set
manually on agents, so if you expect it to get changes - you need to use
puppet or
On Wednesday, November 28, 2012 8:45:04 AM UTC-8, Kat wrote:
If I am reading your problem - you are saying ossec.conf on the AGENT is
not being overwritten -- if this is correct - then yes, it is not - it
won't. Only agent.conf gets pushed to the agents. ossec.conf is set
manually on
On Tuesday, November 27, 2012 4:29:54 PM UTC-8, funwithossec wrote:
All,
Apologies if this has been covered, but I sure couldn't find it :-)
In my lab I have a central ossec 2.6 server on Ubuntu and one client on
Centos, set them up with active response and followed procedure
FYI - agent.conf extends the settings in ossec.conf.
You should have a minimal set of instructions in ossec.conf, usually the server
and those that will not function in agent.conf, i.e. full_command, etc.
Scott
On Nov 28, 2012, at 9:45 AM, funwithossec h...@donobi.net wrote:
On Wednesday,
19 matches
Mail list logo