Re: [ossec-list] Error installing OSSEC Agent in AIX 6.1

Dear cgzones, Can you please suggest where shall I add this option -qcpluscmt? Sorry, coz I am new to this stuff.. Regards Dipesh Maskey On Thursday, August 28, 2014 3:41:34 PM UTC+5:45, cgzones wrote: Can you try to add the option -qcpluscmt. I seems your compiler doesn't like //

Re: [ossec-list] Error installing OSSEC Agent in AIX 6.1

Dear cgzones, Can you please suggest me where shall I add option -qcpluscmt. Sorry coz I am new to this stuff... Regards Dipesh Maskey On Thursday, August 28, 2014 3:41:34 PM UTC+5:45, cgzones wrote: Can you try to add the option -qcpluscmt. I seems your compiler doesn't like // comments.

[ossec-list] Ossec High Availability

Dear all, I have a Ossec manager and some agents, and I would like to add a second manager in active-standby or active-active mode. Is possible to configure high availability in Ossec? Is there any documentation about it? I'm not able to find it. Thanks in advance Ricardo -- --- You

Re: [ossec-list] Custom Notification Method

On Fri, Aug 29, 2014 at 2:33 PM, dan (ddp) ddp...@gmail.com wrote: On Wed, Aug 27, 2014 at 11:09 PM, Aeo de Vera o9adev...@gmail.com wrote: Hello, I was wondering if there is a way to configure a custom notification method. Instead of just mailing, I'd like to send all alerts gathered in the

Re: [ossec-list] Custom Notification Method

On Wed, Aug 27, 2014 at 11:09 PM, Aeo de Vera o9adev...@gmail.com wrote: Hello, I was wondering if there is a way to configure a custom notification method. Instead of just mailing, I'd like to send all alerts gathered in the server to a cache. I've tried using active responses on the

Re: [ossec-list] Active response works - but no email

On Thu, Aug 28, 2014 at 9:05 PM, Tim Boyer boy...@gmail.com wrote: On Thursday, August 28, 2014 11:32:47 AM UTC-4, dan (ddpbsd) wrote: On Thu, Aug 28, 2014 at 11:08 AM, dan (ddp) ddp...@gmail.com wrote: On Thu, Aug 28, 2014 at 10:19 AM, Tim Boyer boy...@gmail.com wrote: We've got an

Re: [ossec-list] Dealing with Rule 31106 false positives

On Thu, Aug 28, 2014 at 12:53 PM, Paul Raines rai...@nmr.mgh.harvard.edu wrote: But I guess I don't see how to do what I want except with 3 rules (including the original 31103) so 2 new rules in local_rules.xml Then do it that way. rule id=100301 level=0 if_sid31103/if_sid /rule

Re: [ossec-list] rule test succeeds but fails to alert

On Fri, Aug 29, 2014 at 12:16 PM, velvin vel...@gmail.com wrote: Regardless of the rule ID it triggers, the issue I'm seeing is that while manually testing the rule using the ossec-logtest tells me alert to be generated but in actual testing (causing the event ID from a host with agent

[ossec-list] ossec crashes when adding this rule

Hello, I tested this with ossec server 2.8 and 2.7.1. When I added this rule to an ignorerules.xml (its at the bottom of rules list in ossec.conf): rule id=533 level=5 overwrite=yes if_sid530/if_sid matchossec: output: 'netstat -tan/match check_diff / descriptionListened ports

[ossec-list] Re: ossec con in europe?!

hi there, so who's attending this year's OSSEC CON in Cork? :) kind regards, theresa Am Donnerstag, 24. Oktober 2013 22:46:46 UTC+2 schrieb rocka...@gmail.com: hi there, i know recently there was an ossec conference in the US last summeri was wondering if there is any interest/demand

Re: [ossec-list] Ossec High Availability

thanks ricardo and dan, i was wondering the very same thing. @dan: what do you mean by rids checks in particular? Am Freitag, 29. August 2014 20:48:56 UTC+2 schrieb dan (ddpbsd): On Fri, Aug 29, 2014 at 2:43 AM, rsmar...@gmail.com javascript: wrote: Dear all, I have a Ossec