But I cannot change it, it's a log automatically generated from the
application.
On Tuesday, 7 May 2013 08:50:00 UTC+10, Jb Cheng wrote:
>
> Either use 'July 04' format, or add an extra space after 'July ' and it
> can be decoded correctly.
> - - -
> Jul 4 09:42:16 enigma sshd[11990]: Accep
Either use 'July 04' format, or add an extra space after 'July ' and it can
be decoded correctly.
- - -
Jul 4 09:42:16 enigma sshd[11990]: Accepted password for dcid from
192.168.2.10 port 35259 ssh2
On Thursday, May 2, 2013 7:14:19 PM UTC-7, Giovanni P wrote:
>
> Hi all,
>
> I am using "O
The queue/diff//535/ directory is used for rule ID 535 as shown in
etc/ruels/ossec-rules.xml.
For Unix-like systems, syscheck daemon uses the output of 'last -n 5' to
detect changes in logged-in users.
Windows systems use a different mechanism for this so you don't see them
under /diff/.
I do
Hi Dan,
Many Thanks for your quick response.. I have installed OSSEC HIDS
v2.7.1-alpha-1 (by Trend Micro Inc.)..., so far installation did not
complained. I was able to register the agent (Sol10) on the master/server
... imported the certificate key on the agent, but when attempting to start
OSSEC
Either use bash or try the 2.7.1 alpha. The Solaris shell is ancient.
On May 6, 2013 2:39 PM, "David Juarez" wrote:
> Hello All -
>
>
> I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I received
> the following error message..
>
> "./install.sh: syntax error at line 142: `$' unexpec
Hello All -
I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I received
the following error message..
"./install.sh: syntax error at line 142: `$' unexpected"
any idea?
I was able to install it successfully on RHEL v6.3..
Any recommendations are greatly appreciated it.
Thanks.
R
Hi all,
Just following up. inode usage continues to grow. I took a look at
/var/ossec/queue/diff/server1/535 (I've inserted server1 by replacing the
name of one of our agents) and there are thousands of files with the name
state.number (number looks like a random or incremented number?). I
check
