Hi Guys,
I think OSSEC is an awesome product and it works very well. I was wondering
if you think to implement the possibility to split the alert based on
source IP or subnet. The reason I ask this is because in an integration
with splunk, it would be nice to be able to send logs to different i
Hi Guys,
I think OSSEC is an awesome product and it works very well. I was wondering
if you think to implement the possibility to split the alert based on
source IP or subnet. The reason I ask this is because in an integration
with splunk, it would be nice to be able to send logs to different i
The ossec-init.conf file in the CentOS RPMs I picked up has the TYPE set to
'server'. I don't need that - I only need a local installation, so I
removed those RPMs and installed from the tar ball, specifying 'local'.
However, given that I need to install on lots of machines I'd rather use
those
On Tue, Oct 21, 2014 at 8:09 AM, wrote:
> The ossec-init.conf file in the CentOS RPMs I picked up has the TYPE set to
> 'server'. I don't need that - I only need a local installation, so I removed
> those RPMs and installed from the tar ball, specifying 'local'. However,
> given that I need to in
Wow, it's a really good guide.
I'll try your guide soon.
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For
Hello, i'm currently using ossec-hids-2.8.1 and still have this problem in
the exact path (/opt/ossec/).
I try to change LOCATION file but still don't work any ideas?
Il giorno mercoledì 9 novembre 2011 22:10:51 UTC+1, alsdks ha scritto:
>
> Hello,
>
> I was testing binary installations ,
Dear Support,
I made a very small conf file for windows agents using the slides that
Michael Starks gave at OSSEC CON 2013. When I run verify-agent-conf I get
the error:
"ERROR: Invalid element in the configuration: 'ossec_config'".
Now I could have made a typing mistake but I can't see
On Tue, Oct 21, 2014 at 9:24 AM, Mario d'Aniello wrote:
> Hello, i'm currently using ossec-hids-2.8.1 and still have this problem in
> the exact path (/opt/ossec/).
> I try to change LOCATION file but still don't work any ideas?
>
Nothing is different between your issue and this 3 year old t
On Tue, Oct 21, 2014 at 9:31 AM, Colin Bruce wrote:
> Dear Support,
>
>
>
> I made a very small conf file for windows agents using the slides that
> Michael Starks gave at OSSEC CON 2013. When I run verify-agent-conf I get
> the error:
>
>
>
> "ERROR: Invalid element in the configuration: 'ossec_c
Dear Dan,
That's it thanks.
Best wishes..
Colin
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: 21 October 2014 14:51
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] verify-agent-conf query
On Tue, Oct 21,
I'm just did your exact procedure (i was same in my previous try), and the
problems still. Even with Manage_agent.
Ossec tell me that:
2014/10/21 16:11:42 manage_agents (1209): ERROR: Unable to chroot to
directory: '/var/ossec'.
If i try to start with ./ossec-control start it still stuck to search
Ok, i give it a try another time and there's no way to change path
directory in binary installation. I guess should be exist a bug somewhere
in makefile or make.
So the only viable choice to let it work is to:
- Download ossec.* from the site and untar.
- Perform a new "total" installation (respon
On Tue, Oct 21, 2014 at 11:59 AM, Mario d'Aniello wrote:
> Ok, i give it a try another time and there's no way to change path directory
> in binary installation. I guess should be exist a bug somewhere in makefile
> or make.
>
There are a lot of issues with installing it to odd locations. It's
so
Hello,
I installed OSSEC 2.8.1, WUI and Analogi. Everything works fine..
I noticed that the OSSEC server is also acting as a client. It logs
absolutely everything, accessing the WUI, Analogi, etc..
is there anyway to minimize some of the logging activity ?
Thank you
--
---
You received th
On Tue, Oct 21, 2014 at 12:34 PM, Brian wrote:
> Hello,
> I installed OSSEC 2.8.1, WUI and Analogi. Everything works fine..
> I noticed that the OSSEC server is also acting as a client. It logs
> absolutely everything, accessing the WUI, Analogi, etc..
> is there anyway to minimize some of the
Ok i'll wait for future fix of this issue. Meanwhile i'll try to figure out
where the problem is. Thx for the answer, i'd really appreciate your
kindness and availability
Il 21/ott/2014 18:28 "dan (ddp)" ha scritto:
> On Tue, Oct 21, 2014 at 11:59 AM, Mario d'Aniello
> wrote:
> > Ok, i give it a
Hello,
I am replying to myself as I now don't understand the suggestion which was
to use instead of . That passed the
verify-agent-conf okay but the agent doesn't like it and it complains with:
"ERROR: Invalid element in the configuration file: 'agent_config'
And then gives up. It works
On Tue, Oct 21, 2014 at 1:08 PM, Colin Bruce wrote:
> Hello,
>
> I am replying to myself as I now don't understand the suggestion which was
> to use instead of . That passed the
> verify-agent-conf okay but the agent doesn't like it and it complains with:
>
> "ERROR: Invalid element in th
Hi Dan,
The correct answer is: "I don't know". I've installed the agent on a windows
server and there is no file called agent.conf there. There is a file called
ossec.conf there which the agent is using. I know this because if I
introduce an error into to it the agent complains when I start it.
I
On Tue, Oct 21, 2014 at 1:23 PM, Colin Bruce wrote:
> Hi Dan,
>
> The correct answer is: "I don't know". I've installed the agent on a windows
> server and there is no file called agent.conf there. There is a file called
> ossec.conf there which the agent is using. I know this because if I
> intro
Hi there. We have a series of routers that require keys with a passphrase
for authentication. Just wondering what the best method to use, if any,
that would allow OSSEC agentless monitoring to work in this scenario? I’ve
seen mention, not related to OSSEC specifically, of using various
combin
Nope nighting I have tried nor heard of. I would guess the ssh-agent is the
way to go. If you get it working and think it's a problem more people possible
need. Let us know and submit a github.com/ossec/ossec-docs pull request to add
it for everyone.
> On Oct 21, 2014, at 11:19 PM, Scot
The fix needs to happen in c code. Currently the full paths are compiled into
ossec binaries. So build compile you set the location path for the binary
forever.
This is something we are working on but please don't expect something right
away as I stopped working on this to deal with othe is
> On Oct 21, 2014, at 8:11 AM, dan (ddp) wrote:
>
>> On Tue, Oct 21, 2014 at 8:09 AM, wrote:
>> The ossec-init.conf file in the CentOS RPMs I picked up has the TYPE set to
>> 'server'. I don't need that - I only need a local installation, so I removed
>> those RPMs and installed from the ta
24 matches
Mail list logo
