On Mon, Mar 4, 2013 at 2:46 AM, Umair Mustafa wrote:
> I installed Ossec Server and some agents on other servers. But the thing is
> that out of 10 agents only 7 servers are able to communicate with Ossec
> Server and 3 are not.
>
> This is the Ossec Server information
>
>> DIRECTORY="/var/ossec"
On Wed, Feb 27, 2013 at 1:49 PM, wrote:
> I want to monitor the integrity of the configuration of the firewalls. In
> looking at the SonicWALL CLI, I'm thinking that if OSSEC can run a "show
> all" then run that again to alert me to any deltas, that would meet our
> needs.
>
Modify one of the e
On Mon, Mar 4, 2013 at 5:58 AM, Chris H wrote:
> Hello. I am running OSSEC 2.6. I am pushing logs from Windows Domain
> Controllers
>
> I only want certain level alerts to generate emails, and different alerts to
> go to different groups. For example, all network alerts above 8 go to the
> netw
On Mon, Mar 4, 2013 at 4:45 PM, TWAD wrote:
> Hey everybody,
> I have a task that I'm struggling with; could you help?
>
> Task: I need to have a blacklist capability on all of my agents ( to alert,
> not block)
>
Alerts are only created by the server, not the agents.
> Issue 1: The blacklist co
On Mon, Mar 4, 2013 at 12:39 PM, Kat wrote:
> Just wondering if I am missing something. I have an agent that has used too
> much space for syscheck changes. I want to re-init with new rules. If I run
> syscheck_control with -u it says it will INIT the database, but the "old"
> stuff is still there
On Mar 4, 2013 5:41 AM, "root" wrote:
>
>
> hi
>
> i write rule like this
>
>
>
>
> rsyslog-pstats
> ^0
> rsyslog is right
>
>
>
> rsyslog-pstats
> ^1
> rsyslog is wrong
>
>
You'll have to replace rule [12] with the correct information. The
basic idea is to matc
On Tue, Mar 5, 2013 at 7:16 AM, Jean-Pierre Zurbrugg
wrote:
> Ok, looks like this is definitely an error on my side and not a bug since I
> have not received any replies yet.
>
That's all it takes to make it not a bug? I don't know why no one else
has responded, but I don't use OSSEC to monitor f
On Tue, Mar 5, 2013 at 12:49 AM, Андрей Шевченко wrote:
> Is it possible to add this functionality in a future version of ossec-agent
> for win?
>
Definitely.
>
> среда, 27 февраля 2013 г., 10:11:21 UTC+6 пользователь Андрей Шевченко
> написал:
>>
>> It looks like this feature was not included i
On Tue, Mar 5, 2013 at 12:17 PM, Willen Borges Coelho
wrote:
> Hi,
>
>
>
> I'm new using Ossec and I'm trying to configure email alerts, but with no
> success.
>
> I would like to only be notified by email alerts about events id 5715, 5501
> and 5402, but after I configure this granular alert edit
On Mon, Mar 4, 2013 at 11:30 PM, root wrote:
>
> now, i wrote like this
>
>
>
>
>
> rsyslog-pstats
> ^main\sQ
>
>
>
>
> rsyslog-pstats-main
> ^\.*discarded\pfull=(\d+)\.*
> extra_data
>
>
>
> rsyslog-pstats-main
> ^\.*discarded\pnf=(\d+)\.*
> extra_data
>
>
>
> but server say
>
^rsyslogd-pstats
rsyslog-pstats
^\S+\p\S+:\d+\p: submitted=
^(\d+)
extra_data
rsyslog-pstats
^main Q:
^\.+ discarded.full=(\d+)
discarded.nf=(\d+)
extra_data, extra_data
rsyslog-pstats
^action
^(\d+): processed=(\d+) failed=(
Ok, looks like this is definitely an error on my side and not a bug since I
have not received any replies yet.
Can anyone confirm this is not happening to them on version 2.7 ? I'll try
to setup a VM and test this on a clean 2.7.
On Friday, March 1, 2013 4:44:51 PM UTC-4, Jean-Pierre Zurbrugg w
Hmm, there are various ways to accomplish this.
Since you want alerts from a specific set of alerts, I would suggest the
following: add the rules you want to be notified of to a additional
group and make sure they will trigger sending an email regardless of
their level. Then just have ossec sen
I am trying to deploy agents to my windows desktop and server after
following the procedure at
http://philipshramko.blogspot.com/
Everything seems to work but I keep getting this error message:
Custom Action “wrapInstall1_U” FAILED (could not start it). Location:
C:\windows\sysWOW64\, COMMAN
Hi,
I'm new using Ossec and I'm trying to configure email alerts, but with no
success.
I would like to only be notified by email alerts about events id 5715, 5501 and
5402, but after I configure this granular alert editing ossec.conf, it doesn't
work.
Whenever I edit the email_alert_level to
15 matches
Mail list logo