All,
I've been digging around trying to figure out what the problem is and I
have theory:
I didn't always have auto_ignore set to 'no'. I did get alerts for the
1st, 2nd and 3rd change to /tmp/demo/test. Perhaps I'm no longer getting
alerts because the fact that I already received my 3 alerts fo
On Wed, Mar 27, 2013 at 3:03 PM, Reg wrote:
> You may already know about this, but I thought I would pass this along. A
> recent audit of a Windows server discovered this issue.
> It's an easy fix(version 2.7)
>
Does this commit fix it?
https://bitbucket.org/jbcheng/ossec-hids/commits/05602f1f904
You may already know about this, but I thought I would pass this along. A
recent audit of a Windows server discovered this issue.
It's an easy fix(version 2.7)
Synopsis: The remote Windows host has at least one service installed that
uses an unquoted service path.
Description The remote Windows
Nope, that failed too. That is what I originally had. I thought I would
try it this way.
I am not sure if some are being filtered out or if all are getting
through. I do know sometimes I get alot of these and some days just a few.
On Wednesday, March 27, 2013 11:22:08 AM UTC-4, dan (ddpbsd)
On Wed, Mar 27, 2013 at 10:49 AM, stones2125 wrote:
> I have the following ignore statement in my client config file
>
> Enum$|Performance$|Names$
>
If you put these each in their own ignore, do they work?
> However, I am still getting these alerts
>
> File:
> HKEY_LOCAL_MACHINE\System\CurrentC
I have the following ignore statement in my client config file
Enum$|Performance$|Names$
However, I am still getting these alerts
*File:*HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ASP.NET_2.0.50727\Names
What am I missing here?
--
---
You received this message because you ar
All,
I just did a fresh, fairly vanilla install of OSSEC 2.7 (official release).
I'm getting mixed results with realtime alerts - sometimes it works fine,
sometimes the 'diff' file doesn't reflect the change minutes after I have
made it, while other times the 'diff' file is showing the change but
On Thursday, February 21, 2013 4:47:25 AM UTC+1, Jb Cheng wrote:
>
> I was able to recreate the issue on Ubuntu.
> Using 'gdb' it showed ossec-csyslogd crashed at line 59:
>
> merror("%s: INFO: File queue connected.", ARGV0 );
>
> This is kind of strange because I did not see it happening
