Thanks for the 2 replies and I will read the pdf.
On Tuesday, December 16, 2014 4:40:58 PM UTC-6, Brent Morris wrote:
>
> Personally, I wouldn't relegate OSSEC to run the syscheck components
> only. I would encourage you to keep the rules...
>
> OSSEC is noisy at first... but the goal is simpl
Hi Dan,
This is what I get in debug mode
2014/12/16 22:55:53 ossec-agentd: DEBUG: Starting ...
2014/12/16 22:55:53 ossec-agentd: INFO: Using notify time: 600 and max time
to reconnect: 1800
2014/12/16 22:56:36 ossec-syscheckd: INFO: Starting syscheck scan (forwarding
database).
2014/12/16 22:56
Personally, I wouldn't relegate OSSEC to run the syscheck components only.
I would encourage you to keep the rules...
OSSEC is noisy at first... but the goal is simple. Find ways to quiet
OSSEC without inhibiting its ability to detect and alert you of malicious
activity. That second part of
Thanks.
Since they are all empty files, nothing should break if they are all
deleted, right?
--
finid
On 2014-12-16 15:28, Brent Morris wrote:
I think what you're seeing is what is described in CVE-2014-5284 -
http://www.ossec.net/?p=1135
Basically, they were in /tmp, and then a vulnerab
I think what you're seeing is what is described in CVE-2014-5284
- http://www.ossec.net/?p=1135
Basically, they were in /tmp, and then a vulnerability was disclosed... so
those files were moved from /tmp to /var/ossec in 2.8.1
On Tuesday, December 16, 2014 1:19:15 PM UTC-8, finid wrote:
>
> On
I'm not sure what Google's requirements are to send email. Perhaps a bit
out of scope for this discussion group?
I can send non-fully qualified emails on servers I own! :)
Can you change it to send as yourself to yourself on gmail.com ??? seems
like an easy enough test.
On Tuesday, Decemb
On 2014-12-16 14:59, fi...@vivaldi.net wrote:
Hi,
I see a bunch of files in /var/ossec with names of the form
ossec-hosts.*. what are they and how can I stop the system from
creating them?
Here are a few examples.
ossec-hosts.1i6uugNQB3
ossec-hosts.BFHjPh9dwg
ossec-hosts.i4EvjkDXUh
ossec-hosts
Hi,
I see a bunch of files in /var/ossec with names of the form
ossec-hosts.*. what are they and how can I stop the system from creating
them?
Here are a few examples.
ossec-hosts.1i6uugNQB3
ossec-hosts.BFHjPh9dwg
ossec-hosts.i4EvjkDXUh
ossec-hosts.U3thtpzm6b
ossec-hosts.1MeJfr9MGt
TIA,
The address is the generic one set by OSSEC (the server
does not have a FQDN).
Just to clarify some points about the email credentials:
1. If the address is, for example, myname@gmail, and the
points to a Google SMTP server, can I have the
address be any arbitrary email address?
2. Must
what's your address? It should be fully
qualified if you're sending to gmail and the like...
On Tuesday, December 16, 2014 8:23:16 AM UTC-8, finid wrote:
>
> In further troubleshooting email issues I have with a couple of servers
> not being able to send emails to certain email providers, I ha
In further troubleshooting email issues I have with a couple of servers
not being able to send emails to certain email providers, I have found
that OSSEC is actually sending emails, but the other end is rejecting
them.
So after installing a local SMTP app for OSSEC to send emails, any
emails
On Tue, Dec 16, 2014 at 10:28 AM, Jacob W wrote:
> The rules we have right now are generating way too much traffic. My boss has
> asked that we rem or comment out the rules so we just have the syscheck
> running.
>
> **I am no Linux guru**
>
> I went into and made in each rule line. EXAMPLE
> -
The rules we have right now are generating way too much traffic. My boss
has asked that we rem or comment out the rules so we just have the syscheck
running.
**I am no Linux guru**
I went into and made in each rule line. EXAMPLE
-
When I restart the ossec-control then run the start I get:
Files LOCATION and init were already correct, I applied the modification on
src/headers/defs.h.
It is now operational on solaris, I am also going to operate the solution
on AIX and Linux RedHat.
Thank you Darin,
Christophe
Le jeudi 11 décembre 2014 20:16:16 UTC+1, Darin Perusich a écrit :
>
>
Ok, Thanks for the advice.
On Tuesday, December 16, 2014 7:54:01 AM UTC-6, dan (ddpbsd) wrote:
>
> I've been playing with it for a while and can't figure it out. You
> should probably post an issue to github
> (https://github.com/ossec/ossec-hids). The devs may pay attention to
> it there.
>
>
I've been playing with it for a while and can't figure it out. You
should probably post an issue to github
(https://github.com/ossec/ossec-hids). The devs may pay attention to
it there.
On Mon, Dec 15, 2014 at 2:12 PM, wrote:
> I decided to give gdb a try again. I can get it to segfault pretty
>
On Tue, Dec 16, 2014 at 8:21 AM, Bill Price wrote:
> Thanks, but I already tried that also
>
> On Tuesday, December 16, 2014 8:20:08 AM UTC-5, dan (ddpbsd) wrote:
>>
>> On Mon, Dec 15, 2014 at 4:51 PM, Bill Price wrote:
>> > Thanks, but still no joy
>> >
>> >
>> > On Monday, December 15, 2014 3:1
Thanks, but I already tried that also
On Tuesday, December 16, 2014 8:20:08 AM UTC-5, dan (ddpbsd) wrote:
>
> On Mon, Dec 15, 2014 at 4:51 PM, Bill Price > wrote:
> > Thanks, but still no joy
> >
> >
> > On Monday, December 15, 2014 3:18:43 PM UTC-5, Bill Price wrote:
> >>
> >>
> >> I'm tr
On Tue, Dec 16, 2014 at 12:35 AM, Huy Võ wrote:
> Dear every body,
>
> I am having problem with command: "$/var/ossec/bin/ossec-control
>
>
> I wonder how can I determine database/client-syslog/agentless/debug is
> enable or disable?
>
> I can not find command to determine they are enable or dis
On Tue, Dec 16, 2014 at 2:45 AM, wrote:
> Folks,
>
> Been testing a couple of servers over here.
>
> So far all seems well, but for some reason alerts to Google email addresses
> are not being received. There's nothing in the logs to tell me whether
> something or the other is failing. Alerts to
On Mon, Dec 15, 2014 at 4:51 PM, Bill Price wrote:
> Thanks, but still no joy
>
>
> On Monday, December 15, 2014 3:18:43 PM UTC-5, Bill Price wrote:
>>
>>
>> I'm trying to decode the following message:
>>
>> Dec 11 06:27:14 snmpd[1469]: last message repeated 23 times.
>>
>> The pre-coding phase o
Good morning all,
I have about 2,000 (heavily active) OSSEC agents sending logs to a Manager.
On the Manager side I've noticed that *ossec-remoted* is hovering around
98% to 100% of a CPU.
I was under the impression that *ossec-remoted* is multi-threaded, but I
only ever see one process run
Dear every body,
I am having problem with command: "*$/var/ossec/bin/ossec-control
I wonder how can I determine database/client-syslog/agentless/debug is
*enable* or *disable*?
I can not find command to determine they are enable or disable!
Can any body help me to solve this problem or solu
Folks,
Been testing a couple of servers over here.
So far all seems well, but for some reason alerts to Google email
addresses are not being received. There's nothing in the logs to tell me
whether something or the other is failing. Alerts to another address
work, but not to Google. Not even
24 matches
Mail list logo
