Hi Joshua,
When I do this I get this error:
./logstash agent -f ./logstash.conf
Using milestone 2 input plugin 'file'. This plugin should be stable, but if
you see strange behavior, please let us know! For more information on
plugin milestones, see
http://logstash.net/docs/1.4.2-modified/plugi
On Mon, Dec 29, 2014 at 11:30 AM, Fred974 wrote:
> if(mysql_query("SELECT 1 from agent", $db_ossec)
> && mysql_query("SELECT 1 from alert", $db_ossec)
> && mysql_query("SELECT 1 from category", $db_ossec)
> && mysql_query("SELECT 1 from data", $db_ossec)
> && mysql_query("SELECT 1
if(mysql_query("SELECT 1 from agent", $db_ossec)
&& mysql_query("SELECT 1 from alert", $db_ossec)
&& mysql_query("SELECT 1 from category", $db_ossec)
&& mysql_query("SELECT 1 from data", $db_ossec)
&& mysql_query("SELECT 1 from location", $db_ossec)
&& mysql_query("SELECT 1 from
I did a quick search and some of the agent and data table are read from..
How can I find out why no data are saved into these tables?
I search the web for Analogi forum/support but could not find anything..
Do you know I can seek help for analogy?
Thank you
On Monday, 29 December 2014 14:15:10 U
On Mon, Dec 29, 2014 at 10:15 AM, Fred974 wrote:
> This the result of
> SHOW TABLE STATUS FROM OSSEC;
> +++-++--++-+-+--+---++-+--
This the result of
SHOW TABLE STATUS FROM OSSEC;
+++-++--++-+-+--+---++-+-++-+--+-
On Mon, Dec 29, 2014 at 9:45 AM, Glenn Ford wrote:
> Out of curiosity Dan what do you use?
>
I don't have any large OSSEC installations. I do like the elk stuff though.
> I was looking at logstash + elastic search. I don't have funds for a
> commercial feed via alient vault, splunk or the like.
Out of curiosity Dan what do you use?
I was looking at logstash + elastic search. I don't have funds for a
commercial feed via alient vault, splunk or the like. :(
On Monday, December 29, 2014 7:14:03 AM UTC-5, dan (ddpbsd) wrote:
>
> On Mon, Dec 29, 2014 at 6:11 AM, Fred974 >
> wrote:
> > Sor
Awesome Thanks! So #2 solution is I could pull source code and build..
Hrmm. :)
On Wednesday, December 24, 2014 1:42:49 PM UTC-5, Glenn Ford wrote:
>
> Hello All!
>
> Thanks to Dan I have a basic setup in place. I'd like to verify/test the
> IDS is working properly for my apache logs.
>
> Is th
On Mon, Dec 29, 2014 at 9:15 AM, Fred974 wrote:
> Hi,
>
> I have successfully installed ossec on my server but when accessing the
> AnaLogi web interface, I get the following message:
>
> Test 4 - Is there any data in your database? - no!
>Fix - Ensure agents are logging data.
>
> Could s
On Mon, Dec 29, 2014 at 9:11 AM, dan (ddp) wrote:
>
> On Dec 29, 2014 9:08 AM, "Glenn Ford" wrote:
>>
>>
>> Hi Dan,
>>
>> Can you run this log entry in your logtest with latest source build?
>>
>
> It'll take me a bit. If you don't see a response in a couple of hours,
> please remind me.
>
That
Hi,
I have successfully installed ossec on my server but when accessing the
AnaLogi web interface, I get the following message:
*Test 4 - Is there any data in your database? - no! Fix - Ensure
agents are logging data.*
Could someone please help me in solving this issue.
>From another
This appears to be an open issue since March 23rd 2014.
https://github.com/ossec/ossec-hids/issues/158
Also FYI a simple **temporary** solution I have implemented is I changed
the pregmatch and regex for pure-transfer decoder to bogus patterns that
will never match. This makes it so i don't h
On Dec 29, 2014 9:08 AM, "Glenn Ford" wrote:
>
>
> Hi Dan,
>
> Can you run this log entry in your logtest with latest source build?
>
It'll take me a bit. If you don't see a response in a couple of hours,
please remind me.
> TIA
>
> 10.10.10.1 - - [24/Dec/2014:14:39:46 -0500] "GET
/phpadmin/scri
Hi Dan,
Can you run this log entry in your logtest with latest source build?
TIA
10.10.10.1 - - [24/Dec/2014:14:39:46 -0500] "GET
/phpadmin/scripts/setup.php HTTP/1.1" 404 204 "-" "Mozilla/5.0 (Windows NT
6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"
On Monday, December 29, 2014 8:56:50
On Sun, Dec 28, 2014 at 5:17 PM, Ryan Schulze wrote:
> On 12/24/2014 2:54 PM, dan (ddp) wrote:
>
>
> On Dec 24, 2014 3:48 PM, "Glenn Ford" wrote:
>>
>> You are saying it's NOT working? Umm, so how do I proceed to figure out
>> whats wrong?
>>
>
> Remove the pure transfer decoder.
>
> Since 'pure-
It seems very odd to me that no one else is in a negative offset timezone.
I was looking at combined versus common logs and both output the same wrt
identitycheck (where you put "foo"), userid (the 2nd hyphen), and the
standard time output (%t).
I am very puzzled to this being a first instance
Hi Ryan,
Thanks for looking into this. Is there anything on my end I can configure
for Apache to get this working?
On Sunday, December 28, 2014 5:41:33 PM UTC-5, Ryan Schulze wrote:
>
> On 12/24/2014 2:54 PM, dan (ddp) wrote:
>
>
> On Dec 24, 2014 3:48 PM, "Glenn Ford" >
> wrote:
> >
> > You
On Sun, Dec 28, 2014 at 5:32 PM, Christian Beer
wrote:
> This is fixed in current OSSEC master on github. If you don't want to
> upgrade to an experimental version you can manually copy the portions of
> the decoder.xml and apache.xml rules file.
>
> There are log samples and tests for apache 2.4
On Mon, Dec 29, 2014 at 6:11 AM, Fred974 wrote:
> Sorry one more question..
> Does it need to have read-write access or would read-only suffice?
>
I don't know for sure. I don't use the WUI. I believe it needs read
permissions to the /var/ossec/tmp directory, but again, I don't use
the WUI.
> On
On Mon, Dec 29, 2014 at 5:42 AM, Fred974 wrote:
> So it has to be installed on the same server?
>
That's probably the easiest solution.
>
> On Monday, 29 December 2014 10:24:07 UTC, Fred974 wrote:
>>
>> Hello,
>>
>> My web server and the ossec server are on 2 different machines.
>>
>> When tryin
Sorry one more question..
Does it need to have read-write access or would read-only suffice?
On Monday, 29 December 2014 10:24:07 UTC, Fred974 wrote:
>
> Hello,
>
> My web server and the ossec server are on 2 different machines.
>
> When trying to setup the ossec web interface on my web server by
So it has to be installed on the same server?
On Monday, 29 December 2014 10:24:07 UTC, Fred974 wrote:
>
> Hello,
>
> My web server and the ossec server are on 2 different machines.
>
> When trying to setup the ossec web interface on my web server by running
> the ./setup.sh, it asked me for the
Hello,
I have a problem in monitoring windows registry. I see when a new registry
is added but not deleted. does anyone know where can be the problem?
the newest 2.8 agent is instaled on Windows servers 2012 and 2012 R2 (both
64-bit). Everything works except that.
regards
Jozef
--
---
You r
On Dec 29, 2014 5:31 AM, "Fred974" wrote:
>
> Hello,
>
> My web server and the ossec server are on 2 different machines.
>
> When trying to setup the ossec web interface on my web server by running
the ./setup.sh, it asked me for the 'OSSEC install directory path'
> As the ossec install is not loc
Hello,
My web server and the ossec server are on 2 different machines.
When trying to setup the ossec web interface on my web server by running
the ./setup.sh, it asked me for the 'OSSEC install directory path'
As the ossec install is not local to the machine, how do I tell it to look
on the r
Ok thank you
On Friday, 19 December 2014 16:06:16 UTC, Fred974 wrote:
>
> Hello,
>
> I I have set ossec to output the data to MySQL but I have no data in it..
> After doing a few digging on the server, I realized that I had the
> following in my mysql-slow.log file:
> Tcp port: 2596 Unix socket:
On Dec 29, 2014 5:03 AM, "Fred974" wrote:
>
> Hi Dan,
>
> I am sorry but I do not understand your reply.
> Could you please rephrase?
>
The agent table is currently unused.
> Thank you
> Fred
>
>
> On Friday, 19 December 2014 16:06:16 UTC, Fred974 wrote:
>>
>> Hello,
>>
>> I I have set ossec to
Hi Dan,
I am sorry but I do not understand your reply.
Could you please rephrase?
Thank you
Fred
On Friday, 19 December 2014 16:06:16 UTC, Fred974 wrote:
>
> Hello,
>
> I I have set ossec to output the data to MySQL but I have no data in it..
> After doing a few digging on the server, I realize
29 matches
Mail list logo
