On Mon, Jan 28, 2013 at 3:54 PM, C. L. Martinez carlopm...@gmail.com wrote:
Ok, I am using the following config in OSSEC server:
remote
connectionsecure/connection
local_ip10.55.10.1/local_ip
port47555/port
/remote
(This server has multiple IP's) ... and from agent side, I
hi,all
my ossec now integration to splunk,but some ossec-agent can not
connect,like this
https://lh4.googleusercontent.com/-V6B7wGTdA8c/UQj_VPpfNbI/AAM/H9T1JClMJo0/s1600/2013-01-30_190734.jpg
2013/01/30 18:40:51 ossec-agentd(4101): WARN: Waiting for server reply (not
started).
why?w i don't konw this options connectionsyslog/connection what
mean?
在 2013年1月28日星期一UTC+8下午9时29分50秒,dan (ddpbsd)写道:
On Mon, Jan 28, 2013 at 4:35 AM, root ro...@cnmoker.org javascript:
wrote:
hi,guys
in my ossec server's ossec.conf,i configure like this
remote
On Wed, Jan 30, 2013 at 6:00 AM, r...@cnmoker.org wrote:
why?w i don't konw this options connectionsyslog/connection what mean?
That option forces ossec-remoted to listen for syslog messages. The
secure option only allows agents to pass log messages on, so
allowed-ips doesn't matter.
在
Hi!
Of course it is indeed the only reasonable way to solve this issue, but
please let me know, where to start from.
Thanx.
Y.
W dniu czwartek, 20 grudnia 2012 22:58:52 UTC+1 użytkownik Jb Cheng
napisał:
The 2 came from etc/internal_options.conf
# Remoted compression averages
On Wed, Jan 30, 2013 at 8:06 AM, Jorge Gonzalez jo...@travelfusion.com wrote:
Hi!
Is there any way to use agentless via SSH in a non-standard port?
Modify the script to use the strange port.
Also, SSH passwords are in clear in the file .passlist and I am not
comfortable with it, any way to
On Wed, Jan 30, 2013 at 6:13 AM, r...@cnmoker.org wrote:
hi,all
my ossec now integration to splunk,but some ossec-agent can not
connect,like this
2013/01/30 18:40:51 ossec-agentd(4101): WARN: Waiting for server reply
(not started). Tried: '192.168.x.x'.
2013/01/30 18:55:17
Is there a way to set OSSEC to restore all of the active rules, including
iptables, on restart of the ossec server?
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an
On Wed, Jan 30, 2013 at 10:07 AM, Taylor Swartz anin...@gmail.com wrote:
Is there a way to set OSSEC to restore all of the active rules, including
iptables, on restart of the ossec server?
Not really. I just have my systems save the firewall settings and
configure it on boot.
--
---
You
I have just started getting this error on my OSSEC server which is running the
OSSEC WUI 0.3:
[Wed Jan 30 10:27:15 2013] [error] [client ipaddress] PHP Warning:
fopen(/var/ossec/logs/alerts/alerts.log): failed to open stream: Value too
large for defined data type in
But does that give OSSEC the ability to drop the firewall rule after the
expiration of the event?
On Wednesday, January 30, 2013 9:22:44 AM UTC-6, dan (ddpbsd) wrote:
On Wed, Jan 30, 2013 at 10:07 AM, Taylor Swartz
ani...@gmail.comjavascript:
wrote:
Is there a way to set OSSEC to
On Wed, Jan 30, 2013 at 10:56 AM, Taylor Swartz anin...@gmail.com wrote:
But does that give OSSEC the ability to drop the firewall rule after the
expiration of the event?
No idea, I don't generally care about unblocking.
On Wednesday, January 30, 2013 9:22:44 AM UTC-6, dan (ddpbsd) wrote:
Hi Robert,
I would need to see a picture of what is on screen to advise (permissions,
and absolute file paths come to mind). If anyone sees this again, screen
shot (including full URL) would help, and also consider checking the apache
logs, and the browser debugger (Firefox is ctrl+shift+j).
I have download the package, and although it says it will run on Solaris, I
immediately received an error in trying to install. Since I see messages
here regarding Solaris, I know it must run. I first tried the install
script:
OSSEC HIDS v2.7 Installation Script - http://www.ossec.net
You
On Wed, Jan 30, 2013 at 12:16 PM, brownwrap brownw...@gmail.com wrote:
I have download the package, and although it says it will run on Solaris, I
immediately received an error in trying to install. Since I see messages
here regarding Solaris, I know it must run. I first tried the install
I'm running Ossec 2.7 on a Centos 5.9 server. I have a Windows Agent on a
Windows 2008 R2 Server. I can get it to report changes to files and new
files, but I am unable to get it to report deleted files.
To test, I created a test directory under the folder I monitor and created
some random
Has nothing to do with splunk or not -- and my guess is this is not ossec
2.7?
You can check if you have a tool like netcat (default installed on Linux)
by doing
nc -u server-address 1514
then type a few lines to see if on the server you are seeing errors in the
log file (incorrectly
OK, thanks. The install.sh script still had the syntax error, but the make
all seems to have worked. I have a /var/ossec:
ls -larth /var/ossec/
total 30
drwxr-xr-x 46 root sys 1.0K Jan 30 09:47 ..
drwxr-x--- 2 ossecossec512 Jan 30 10:18 stats
dr-xr-x--- 11 root
having built/installed on numerous Solaris systems, even as recently as
last week - it does work. But yes, it can be a little touch. Most of it, I
have found, is related to the appropriate build environment and libraries.
Doublecheck the pre-reqs for things like openssl libraries, and all the
Just as an update to this, I've done some additional testing and checking
on my full debugged log. I've figured out that the numbers in the line
that was sent to the server is file size:New MD5sum:New Sha1sum
I've also figured out that since I deleted it, it sends that exact same
line during
that mean is i can configure like this?
remote
connectionsecure/connection
/remote
remote
connectionsyslog/connection
allowed-ips192.168.0.0/16/allowed-ips
local_ip192.168.224.94/local_ip
/remote
thanksBest Regards
hi
thank you reply it.
yes,my ossec server is ossec 2.7 and my ossec-agent is ossec 2.6,but my other
agent also is ossec 2.6 and work normal.i down konw why this.
thanksBest Regards
From: Kat
Date: 2013-01-31 03:18
thank you reply,i will read that.
thanksBest Regards
From: dan (ddp)
Date: 2013-01-30 21:51
To: ossec-list
Subject: Re: [ossec-list] splunk+ossec ossec-agent Disconnected?
On Wed, Jan 30, 2013 at 6:13 AM,
ok, I feel dumb. I've described the problem incorrectly. I was looking at
the wrong test file. I redid the entire process, and now I'm seeing that
after the file deletes, it no longer shows up on the syscheck again. Here
are the steps I took to test.
1) Restart Agent and let it run the
24 matches
Mail list logo