Re: [ossec-list] Re: Unknown problem somewhere in the system

On Tue, Jan 6, 2015 at 6:03 AM, Fred974 wrote: > Hi Dan, > > Is there any chances, you could give me simple example please? > Is this rule any good for my need? > > > > 31101 > > > 1002 > do not send by email This rule is a bad idea. Maybe something closer

Re: [ossec-list] Syslog forwarding doesn't work with custom_alert_output

On Tue, Jan 6, 2015 at 10:12 AM, Chris H wrote: > It's the default OSSEC install in OSSIM, rather than one I installed myself. > It's 2.8 though. > Does it work with a standard 2.8.1 installation? > Thanks > > On Monday, January 5, 2015 3:17:09 PM UTC, dan (ddpbsd) wrote: >> >> On Mon, Jan 5, 20

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

On Mon, Jan 5, 2015 at 10:56 PM, Ming wrote: > Hi all, > > I received alert for port change, however, there is no change, but only > change on "Recv-Q", how can I correct it for properly detect port change? > Thank you all. > > OSSEC version: 2.8.1 > > > OSSEC HIDS Notification. > 2015 Jan 06 11:2

Re: [ossec-list] Syslog forwarding doesn't work with custom_alert_output

I can confirm this to be true, we did an extensive testing running a stock 2.7 and 2.8.1 OSSEC install feeding an Alienvault platform and syslog, when custom alert is configured, did not work. On Wednesday, January 7, 2015 8:04:25 AM UTC-5, dan (ddpbsd) wrote: > > On Tue, Jan 6, 2015 at 10:12 AM

Re: [ossec-list] Syslog forwarding doesn't work with custom_alert_output

On Wed, Jan 7, 2015 at 8:18 AM, wrote: > I can confirm this to be true, we did an extensive testing running a stock > 2.7 and 2.8.1 OSSEC install feeding an Alienvault platform and syslog, when > custom alert is configured, did not work. > Does the alerts.log file contain alerts in the custom fo

[ossec-list] How to ensure ossec is logging to database

Hi all, After i reinstall ossec, ossec work fine but no data entry in database I do all config need to ossec connect to database such as make setdb before install, insert mysql.schema to database, add database_output directive to ossec.conf and enable database and restart but tables are empty, A

Re: [ossec-list] How to ensure ossec is logging to database

On Wed, Jan 7, 2015 at 10:43 AM, Mohsen Saberi wrote: > Hi all, > > After i reinstall ossec, ossec work fine but no data entry in database > I do all config need to ossec connect to database such as make setdb before > install, insert mysql.schema to database, add database_output directive to > os

Re: [ossec-list] Syslog forwarding doesn't work with custom_alert_output

Great point. We do see the custom alert in alerts.log Should we put in a request or just modify csyslogd ourselves? Grant Leonard Castra Consulting, LLC 919-949-4002 On Wed, Jan 7, 2015 at 8:58 AM, dan (ddp) wrote: > On Wed, Jan 7, 2015 at 8:18 AM, wrote: >

Re: [ossec-list] Syslog forwarding doesn't work with custom_alert_output

On Wed, Jan 7, 2015 at 12:14 PM, Grant L wrote: > Great point. > > We do see the custom alert in alerts.log > > Should we put in a request or just modify csyslogd ourselves? > Feel free to open an issue for it. It's something I'm looking at, but I don't consider it a high priority at the moment.

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

Thanks Dan, It works! Do you think it will be included in coming update of ossec? dan (ddpbsd)於 2015年1月7日星期三UTC+8下午9時12分29秒寫道： > > On Mon, Jan 5, 2015 at 10:56 PM, Ming > > wrote: > > Hi all, > > > > I received alert for port change, however, there is no change, but only > > change on "Rec