On Fri, 24 Jan 2014 09:42:04 -0500
"dan (ddp)" wrote:
> On Fri, Jan 24, 2014 at 9:38 AM, Bruno Andrade
> wrote:
> > On Fri, 24 Jan 2014 07:50:25 -0500
> > "dan (ddp)" wrote:
> >
> >> On Fri, Jan 24, 2014 at 5:41 AM, Bruno Andrade
> >> wrote:
> >> > Hey, I have a doubt about update file signatu
On Mon, Jan 27, 2014 at 4:33 AM, Bruno Andrade wrote:
>
> Hey, that's not what I thinking.
>
> Lets restart... I install OSSEC, he generate file signatures, I change
> a file, OSSEC trigger an alarm for that file because the signature
> change. What happens now?
>
That's really up to you. OSSEC d
On Mon, Jan 27, 2014 at 8:16 AM, Michiel van Es wrote:
> Hi,
>
> Is anyone using OSSEC => syslog => Logstash => Kibana for their setup?
> We found out that the netstat -tan diff ran by syscheck gives only the first
> line of the diff:
>
> <132>Jan 27 11:37:43 local-machine-001 ossec: Alert Level:
Hi,
Is anyone using OSSEC => syslog => Logstash => Kibana for their setup?
We found out that the netstat -tan diff ran by syscheck gives only the
first line of the diff:
<132>Jan 27 11:37:43 local-machine-001 ossec: Alert Level: 7; Rule: 533 -
Listened ports status (netstat)
changed (new port
On Mon, 27 Jan 2014 07:51:08 -0500
"dan (ddp)" wrote:
> On Mon, Jan 27, 2014 at 4:33 AM, Bruno Andrade
> wrote:
> >
> > Hey, that's not what I thinking.
> >
> > Lets restart... I install OSSEC, he generate file signatures, I
> > change a file, OSSEC trigger an alarm for that file because the
> >
On Mon, Jan 27, 2014 at 11:25 AM, Bruno Andrade wrote:
> On Mon, 27 Jan 2014 07:51:08 -0500
> "dan (ddp)" wrote:
>
>> On Mon, Jan 27, 2014 at 4:33 AM, Bruno Andrade
>> wrote:
>> >
>> > Hey, that's not what I thinking.
>> >
>> > Lets restart... I install OSSEC, he generate file signatures, I
>> >
On Mon, Jan 27, 2014 at 12:06 PM, Bruno Andrade wrote:
> On Mon, 27 Jan 2014 11:45:41 -0500
> "dan (ddp)" wrote:
>
>> On Mon, Jan 27, 2014 at 11:25 AM, Bruno Andrade
>> wrote:
>> > On Mon, 27 Jan 2014 07:51:08 -0500
>> > "dan (ddp)" wrote:
>> >
>> >> On Mon, Jan 27, 2014 at 4:33 AM, Bruno Andra
On Mon, 27 Jan 2014 11:45:41 -0500
"dan (ddp)" wrote:
> On Mon, Jan 27, 2014 at 11:25 AM, Bruno Andrade
> wrote:
> > On Mon, 27 Jan 2014 07:51:08 -0500
> > "dan (ddp)" wrote:
> >
> >> On Mon, Jan 27, 2014 at 4:33 AM, Bruno Andrade
> >> wrote:
> >> >
> >> > Hey, that's not what I thinking.
> >>
On Mon, 27 Jan 2014 12:08:44 -0500
"dan (ddp)" wrote:
> On Mon, Jan 27, 2014 at 12:06 PM, Bruno Andrade
> wrote:
> > On Mon, 27 Jan 2014 11:45:41 -0500
> > "dan (ddp)" wrote:
> >
> >> On Mon, Jan 27, 2014 at 11:25 AM, Bruno Andrade
> >> wrote:
> >> > On Mon, 27 Jan 2014 07:51:08 -0500
> >> > "
On Mon, Jan 27, 2014 at 1:47 PM, Bruno Andrade wrote:
> On Mon, 27 Jan 2014 12:08:44 -0500
> "dan (ddp)" wrote:
>
>> On Mon, Jan 27, 2014 at 12:06 PM, Bruno Andrade
>> wrote:
>> > On Mon, 27 Jan 2014 11:45:41 -0500
>> > "dan (ddp)" wrote:
>> >
>> >> On Mon, Jan 27, 2014 at 11:25 AM, Bruno Andra
On 27 January 2014 13:50, dan (ddp) wrote:
> On Mon, Jan 27, 2014 at 1:47 PM, Bruno Andrade wrote:
>> Hey, I found this http://centralwire.sourceforge.net/, that's
>> basically what I was asking if it is possible to do with OSSEC. With
>> this tool is possible to review the file changes and acc
Hello,
I'm having a Notification that keeps popping up :
OSSEC HIDS Notification.
2014 Jan 27 12:35:59
Received From: (xibo) 192.168.0.126->/var/log/httpd/access_log
Rule: 31122 fired (level 5) -> "Web server 500 error code (Internal Error)."
Portion of the log(s):
192.168.56.13 - - [27/Jan/20
On Mon, Jan 27, 2014 at 1:58 PM, Kevin Wilcox wrote:
> On 27 January 2014 13:50, dan (ddp) wrote:
>
>> On Mon, Jan 27, 2014 at 1:47 PM, Bruno Andrade wrote:
>
>>> Hey, I found this http://centralwire.sourceforge.net/, that's
>>> basically what I was asking if it is possible to do with OSSEC. Wit
Dan: I think I know what he wants. He wants to change the signature
before the change is detected by ossec so he does not get an alert. This
is similar to the discussion last year about updating syscheck when
doing an apt-get upgrade.
Bruno: search within the archive of this group for "What's a go
On Mon, Jan 27, 2014 at 2:03 PM, Christian Beer
wrote:
> Dan: I think I know what he wants. He wants to change the signature
> before the change is detected by ossec so he does not get an alert. This
> is similar to the discussion last year about updating syscheck when
> doing an apt-get upgrade.
On Mon, Jan 27, 2014 at 1:59 PM, Ian Martinez wrote:
> Hello,
>
> I'm having a Notification that keeps popping up :
>
>
> OSSEC HIDS Notification.
> 2014 Jan 27 12:35:59
>
> Received From: (xibo) 192.168.0.126->/var/log/httpd/access_log
> Rule: 31122 fired (level 5) -> "Web server 500 error code (
Is it something i can fix or just let it go?
On Monday, January 27, 2014 1:05:49 PM UTC-6, dan (ddpbsd) wrote:
>
> On Mon, Jan 27, 2014 at 1:59 PM, Ian Martinez
> >
> wrote:
> > Hello,
> >
> > I'm having a Notification that keeps popping up :
> >
> >
> > OSSEC HIDS Notification.
> > 2014
On Mon, Jan 27, 2014 at 3:20 PM, Ian Martinez wrote:
> Is it something i can fix or just let it go?
>
That's not a question I can answer. You could find out why the client
is trying to post to that site, or check the log files to try and find
out why it's failing.
>
> On Monday, January 27, 2014
Thanks a lot
Bruno Andrade
Programador (I&D)
Eurotux Informática, S.A. | www.eurotux.com
(t) +351 253 680 300 (m) +351 936 293 858
No dia 27/01/2014, às 19:08, dan (ddp) escreveu:
> On Mon, Jan 27, 2014 at 2:03 PM, Christian Beer
> wrote:
>> Dan: I think I know what he wants. He wants to chang
Here are a list of HTTP status codes you can use as reference:
https://support.google.com/webmasters/answer/40132?hl=en
This is completely unrelated question to OSSEC in my opinion and doesn't
belong on this mailing list.
On Mon, Jan 27, 2014 at 2:24 PM, dan (ddp) wrote:
> On Mon, Jan 27, 201
On Jan 27, 2014 2:04 PM, "dan (ddp)" wrote:
>
> On Mon, Jan 27, 2014 at 1:58 PM, Kevin Wilcox
wrote:
> > I'm putting words into Bruno's mouth, so to speak, but my
> > interpretation of the problem is he wants a method to allow an admin
> > to run
> >
> > syscheck_update -u
> >
> > for their spe
This seems to be a MySQL connection issue.
You might be able to verify this by increasing the MySQL timeout.
On Tuesday, January 14, 2014 10:33:29 PM UTC-8, Lawrence Williams wrote:
>
> Is there anyway to get more out of the OSSEC log?
>
> i have set all the debug parameters to Level 2
> in /va
Dear All,
I saw this in my log file of ossec. For my case its
/var/www/log not logs. How to change this ?
2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available,
ignoring it: '/var/log/authlog'.
2014/01/24 23:50:19 ossec-logcollector(1904): INFO: File not available,
ign
Thank for your help and i agree, seems appropriated for another forum.
ill look into it.
On Monday, January 27, 2014 6:21:30 PM UTC-6, Saul Alanis wrote:
>
> Here are a list of HTTP status codes you can use as reference:
>
> https://support.google.com/webmasters/answer/40132?hl=en
>
> This is co
24 matches
Mail list logo