Hello,
am trying to integrate Fluentd (td-agent) with OSSECs JSON syslog output but
having issues with how the message is emitted. When it arrives in td-agent it
looks like:
20140513T011505+0100ips.ossec.reformed {host:tstsrv1,
ident:ossec,message:{ \crit\: 7, \id\: 510,
Hi,
When setting up agent in the
* OSSEC HIDS v2.7.1 Agent manager. *
* The following options are available: *
(A)dd an agent (A).
you type the name and right after you need to type the IP address that
On Tue, May 13, 2014 at 5:08 AM, 'Bart Nukats' via ossec-list
ossec-list@googlegroups.com wrote:
Hi,
When setting up agent in the
* OSSEC HIDS v2.7.1 Agent manager. *
* The following options are available: *
On 2014-05-13 4:08, 'Bart Nukats' via ossec-list wrote:
Second question is about the security,
I want to have some log-in mechanism to the application on WUI, is the
best way of doing it setting up .htaccess? Or do you recommend any
other way of doing it?
There is no authentication or
I adjusted my rmem default and max and I still get send/receive errors. My
values are 16777216 and 26214400 (respectively). I think remoted isnt reading
the buffer fast enough to process.
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To
On 2014-05-13 9:18, BP9906 wrote:
I adjusted my rmem default and max and I still get send/receive
errors. My values are 16777216 and 26214400 (respectively). I think
remoted isnt reading the buffer fast enough to process.
This is what I have for an environment that bursts to maybe 1,000 EPS. I
On 2014-05-13 9:44, Darin Perusich wrote:
If you want reliable syslog retrieval I recommend you abandon using
OSSEC and use rsyslog with the RELP module enabled. Then if you want
to do post processing your logs looking for events use a tool 'sec',
simple event correlator, or splunk, or
On Tue, May 13, 2014 at 10:51 AM, Michael Starks
ossec-l...@michaelstarks.com wrote:
On 2014-05-13 9:44, Darin Perusich wrote:
If you want reliable syslog retrieval I recommend you abandon using
OSSEC and use rsyslog with the RELP module enabled. Then if you want
to do post processing your
Hi,
I'm trying to add some more rules into my company server : There is an
update job on our LBs that sometime fails, some times works. It is a daily
check.
I wonder how I could write a rule that would only alert on the third day of
failure for example.
I'm not sure how to do that actually.
On Tue, May 13, 2014 at 1:53 PM, Nguyễn Văn Hớn honi...@gmail.com wrote:
That is my config
syscheck
!-- Frequency that syscheck is executed - default to every 22 hours --
frequency300/frequency
!-- Directories to check (perform all possible verifications) --
!--
That is my config
syscheck
!-- Frequency that syscheck is executed - default to every 22 hours --
frequency300/frequency
!-- Directories to check (perform all possible verifications) --
!--directories check_all=yes/etc,/usr/bin,/usr/sbin/directories
directories
Thank for u. The alert have send to me. but it is delay very slow send
alert. how to optimize speed for intergrity
Vào 00:58:17 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Tue, May 13, 2014 at 1:53 PM, Nguyễn Văn Hớn
hon...@gmail.comjavascript:
wrote:
That is
On Tue, May 13, 2014 at 2:04 PM, Nguyễn Văn Hớn honi...@gmail.com wrote:
Thank for u. The alert have send to me. but it is delay very slow send
alert. how to optimize speed for intergrity
Make sure realtime actually works. I think the compilation silently
ignores it if the proper bits
How to config realtime?? i have added tag realtime in config you talk
about realtime in kernel or what else
Vào 01:09:15 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Tue, May 13, 2014 at 2:04 PM, Nguyễn Văn Hớn
hon...@gmail.comjavascript:
wrote:
Thank for u.
On Tue, May 13, 2014 at 2:20 PM, Nguyễn Văn Hớn honi...@gmail.com wrote:
How to config realtime?? i have added tag realtime in config you talk
about realtime in kernel or what else
Check the ossec.log to see if realtime checking is started. I don't
remember the exact log message off hand,
15 matches
Mail list logo