Re: [ossec-list] OSSEC tirggering wrong rule set.

On Wed, Jul 1, 2015 at 2:15 PM, Sean Fagan seanfaga...@gmail.com wrote: Hi there, New to OSSEC and I am trying use Drupal and ModSecurity rule sets but the logs alerts keep coming up as syslog alerts and I keep getting a Alert Level: 2; Rule: 1002 Unknown problem somewhere in the system.

[ossec-list] Re: OSSEC tirggering wrong rule set.

Alert Level: 7; Rule: 104150 - Drupal access denied error (permissions rejected).; Location: (proxy01) xxx.xxx.xxx.xxx -/var/log/httpd/www.xxx-error_log; [Mon Jun 29 13:54:44.413481 2015] [:error] [pid 1075] [client 54.176.229.159] ModSecurity: Access denied with code 403 (phase 2). Operator

[ossec-list] OSSEC tirggering wrong rule set.

Hi there, New to OSSEC and I am trying use Drupal and ModSecurity rule sets but the logs alerts keep coming up as syslog alerts and I keep getting a Alert Level: 2; Rule: 1002 Unknown problem somewhere in the system. Drupal rules are also picking up ModSecurity logs and reporting them as

[ossec-list] file, argument 7 passed to AR command?

Field 7 passed to an AR command is supposed to be file. Triggering off of rule 550 (syscheck file integrity changed) and logging arguments 1 through 7, I would expect argument 7 to show the file that changed. Instead I see this: add - - 1435510407.21426431 550 (foo.our.com)

Re: [ossec-list] AR command executing when it should not be

good idea for a test - Mail original - De: LostInTheTubez lostinthetu...@gmail.com À: ossec-list@googlegroups.com Envoyé: Mardi 30 Juin 2015 21:57:43 Objet: RE: [ossec-list] AR command executing when it should not be Could you add a custom rule to achieve what you’re looking for?

[ossec-list] Re: How to isntall without prompts

Hi David Montgomery what about ossec server ? child.expect ('1- What kind of installation do you want (server, agent, local, hybrid or help)*') child.sendline ('server') below pexcept is not working. Thankyou Nandaraj -- --- You received this message because you are subscribed to the

Re: [ossec-list] Re: OSSEC tirggering wrong rule set.

On Wed, Jul 1, 2015 at 2:32 PM, Sean Fagan seanfaga...@gmail.com wrote: Alert Level: 7; Rule: 104150 - Drupal access denied error (permissions rejected).; Location: (proxy01) xxx.xxx.xxx.xxx -/var/log/httpd/www.xxx-error_log; [Mon Jun 29 13:54:44.413481 2015] [:error] [pid 1075] [client

Re: [ossec-list] #*#*#*#*#*# in client.keys on server. Is it hosed?

On 07/01/2015 04:50 PM, Jon Price wrote: Ive had ~1000 agents connected to a single ossec server for the past 18 months. About ~2 months ago agents started dropping like flies. I noticed many lines in the client.keys on the server have been replaced with #*#*#*#*#*#*#. I believe this is