You can set the cron up on the master and have it send a restart to all
the connected agents with agent_control
(quick&dirty would be something like "for id in
$(/var/ossec/bin/agent_control -lc|cut -d, -f1|cut -d: -f2); do
/var/ossec/bin/agent_control -R ${id};done")
On 7/18/2014 8:59 AM,
On Fri, Jul 18, 2014 at 12:29 PM, Kevin M wrote:
>
> We are looking to suppress these alerts and only these alerts
>
>
>
> Jul 18 12:25:04 Oracle-server sshd[2072]: pam_unix(sshd:session): session
> opened for user oracle by (uid=0
>
>
>
>
>
>
> --and--
> Jul 18 12:25:04 Oracle-server sshd[2072]:
We are looking to suppress these alerts and only these alerts
Jul 18 12:25:04 Oracle-server sshd[2072]: pam_unix(sshd:session): session
opened for user oracle by (uid=0
--and--
Jul 18 12:25:04 Oracle-server sshd[2072]: pam_unix(sshd:session): session
closed for user oracle
Yeah your right but in our infrastructure we have Windows-Clients and it is
a step more to set up a cronjob on every system.
Am Freitag, 18. Juli 2014 13:59:36 UTC+2 schrieb dan (ddpbsd):
>
> On Fri, Jul 18, 2014 at 6:25 AM, Alexander Pietrasch
> > wrote:
> > Hey everyone,
> >
> > is it possi
On Fri, Jul 18, 2014 at 8:59 AM, dan (ddp) wrote:
> On Fri, Jul 18, 2014 at 8:28 AM, Mahieddine Yaker
> wrote:
>> Hi,
>>
>> I would use "if_matched_level", found here :
>> http://ossec-docs.readthedocs.org/en/latest/syntax/head_rules.html#element-if_matched_level
>>
>> But it seems it does not w
On Fri, Jul 18, 2014 at 8:28 AM, Mahieddine Yaker
wrote:
> Hi,
>
> I would use "if_matched_level", found here :
> http://ossec-docs.readthedocs.org/en/latest/syntax/head_rules.html#element-if_matched_level
>
> But it seems it does not work with ossec version 2.8.
>
> have you already implemented
Hi,
I would use "if_matched_level", found here :
http://ossec-docs.readthedocs.org/en/latest/syntax/head_rules.html#element-if_matched_level
But it seems it does not work with ossec version 2.8.
have you already implemented it and how can I use it ?
Thanking you in advance.
--
---
You r
On Wed, Jul 16, 2014 at 10:55 PM, Lance A. Brown wrote:
> I have a request to tune the output of Rule 18152: Multiple Windows Logon
> Failures. They would like:
>
> 1. More than 5 failed logins to a single user should be identified so we can
> act on it.
>
> 2. More than 10 failed logins to a sin
On Fri, Jul 18, 2014 at 6:25 AM, Alexander Pietrasch
wrote:
> Hey everyone,
>
> is it possible to set a timer, that the agents restart herself or you can
> set a clocktime where the agents restart?
>
> I didnt't find something like that but maybe you can implement this in a new
> version?
>
man c
On Fri, Jul 18, 2014 at 5:11 AM, Alexander Pietrasch
wrote:
> Hallo all together,
>
> i want to make mass deployment and i found in the
> "/opt/ossec-hids-2.8/src/InstallAgent.sh" at Line 226 the Line "cp -pr
> ../etc/ossec.mc ${DIR}/etc/ossec.conf"
> It copies the file ossec.mc to a directory ot
On Thu, Jul 17, 2014 at 4:34 PM, Darren Patterson
wrote:
> On 2.7.1 when running "./syscheck_control -i #" for my servers, recently I
> started seeing lots of messages:
>
> System Audit: File '/dev/.blkid.tab' present on /dev. Possible hidden file.
>
> Is there a way to suppress/ignore this?
>
Is
On Fri, Jul 18, 2014 at 5:09 AM, Nick Souza wrote:
> Am using ossec 2.6. Have to restart the ossec server almost everyday without
> which the clients wont report. Has anyone faced a similar problem? Any help
> would be appreciated.
>
Start by looking at the ossec.log on both the agents and the ma
Hey everyone,
is it possible to set a timer, that the agents restart herself or you can
set a clocktime where the agents restart?
I didnt't find something like that but maybe you can implement this in a
new version?
Best regards,
Alex
--
---
You received this message because you are subscr
Hello there,
here is a small commandline for restarting all Clients at the same time:
#!/bin/bash
for i in `/var/ossec/bin/agent_control -lc | cut -d: -f2 | cut -d, -f1`
;do /var/ossec/bin/agent_control -R $i ;done
First step run var/ossec/bin/agent_control -lc and cut all ServerIDs, for
each
Hallo all together,
i want to make mass deployment and i found in the
"/opt/ossec-hids-2.8/src/InstallAgent.sh" at Line 226 the Line "cp -pr
../etc/ossec.mc ${DIR}/etc/ossec.conf"
It copies the file ossec.mc to a directory ot /etc/ossec.conf.
So my Question is, can i change the ossec.mc, transf
Am using ossec 2.6. Have to restart the ossec server almost everyday
without which the clients wont report. Has anyone faced a similar problem?
Any help would be appreciated.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe f
16 matches
Mail list logo