OSSEC 2.7 for centos6.x
serveragent
THANKS
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options,
Sorry,
Forgot the period between killprocess and ps1.
Devon J. Greene
Sr. Information Security Engineer
Dacotah Bank
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Devon J. Greene
Sent: Tuesday, July 01, 2014 7:56 PM
To: ossec-list@googlegroups.com
Subject:
Nguyen,
I would suggest trying the following:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe –File
C:\killprocessps1
Devon J. Greene
Sr. Information Security Engineer
Dacotah Bank
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Nguy?n Van H?n
but i can run this without ossec it is running. :(
Vào 04:38:41 UTC+7 Thứ tư, ngày 02 tháng bảy năm 2014, Nguyễn Văn Hớn đã
viết:
>
> i have writed powershell script.
> this is content: ( it is detect new process)
>
> Clear-Content c:\old.txt;
> Clear-Content c:\new.txt;
> Clear-Content c:\compa
Nguyen,
This is not an OSSEC issue, this is a powershell error. Apparently either $A or
$B is null in this example. Test your code again in powershell and then try
again?
Devon J. Greene
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Nguy?n Van H?n
Sent: T
i have writed powershell script.
this is content: ( it is detect new process)
Clear-Content c:\old.txt;
Clear-Content c:\new.txt;
Clear-Content c:\compare.txt;
Get-Process | Select-Object name|Format-Wide -Column 1 >old.txt;
(gc old.txt) | Foreach {$_.TrimEnd()} | where {$_ -ne ""} | Set-Content
* dan (ddp) [2014-07-01 13:29:40 -0400]:
On Tue, Jul 1, 2014 at 11:54 AM, Kevin Kelly wrote:
The following rules worked before, but now I get an error:
18139
no_log
User name:\s+\.*\$\s+
Windows login failure for workstation - user name ends in $
(ignored)
[root@ossec etc]# /opt/ossec/b
On 2014-07-01 12:51, Jeremy Rossi wrote:
Just tested and confirmed this is fixed in master. I am going to start
the process of cutting a new release tonight to get this fix out.
Please also look at issue #236, which may be related.
--
---
You received this message because you are subscribed
The following rules worked before, but now I get an error:
18139
no_log
User name:\s+\.*\$\s+
Windows login failure for workstation - user name ends in $
(ignored)
[root@ossec etc]# /opt/ossec/bin/ossec-logtest
2014/07/01 08:53:27 ossec-testrule: INFO: Reading local decoder file.
2014/07/01
On Tue, Jul 1, 2014 at 11:54 AM, Kevin Kelly wrote:
> The following rules worked before, but now I get an error:
>
>
>
> 18139
> no_log
> User name:\s+\.*\$\s+
> Windows login failure for workstation - user name ends in $
> (ignored)
>
>
>
> [root@ossec etc]# /opt/ossec/bin/ossec-logtest
> 2014
Hi the list,
My understanding is clearing/init syscheck is on the server or could it be
initiated on client side?
it seems first as there is no syscheck_control on agent...
Because in the second case, on debian/ubuntu, you can use apt
Pre/Post-invoke [1].
I don't know if there is an equivalent fo
You can post the log?
Vào 23:02:55 UTC+7 Thứ ba, ngày 01 tháng bảy năm 2014, Kevin Kelly đã viết:
>
> The following rules worked before, but now I get an error:
>
>
>
> 18139
> no_log
> User name:\s+\.*\$\s+
> Windows login failure for workstation - user name ends in $
> (ignored)
>
>
>
> [ro
The following rules worked before, but now I get an error:
18139
no_log
User name:\s+\.*\$\s+
Windows login failure for workstation - user name ends in $
(ignored)
[root@ossec etc]# /opt/ossec/bin/ossec-logtest
2014/07/01 08:53:27 ossec-testrule: INFO: Reading local decoder fil
Hi Michael,
Thanx again for the response. As long as I don't answer any phone calls
there's no yelling here either ;) ... My servers are running several
Wordpress stacks. Allthough temporarily, load can influence website
response times.
In regards to the update question. When an update is alwa
14 matches
Mail list logo