Re: [ossec-list] Logtest works, but prod instance does not...

Konrad, What version of Sysmon are you using? Are you using the decoders/OSSEC in Security Onion or standalone? -Josh On Saturday, November 7, 2015 at 1:16:11 AM UTC-5, Konrad W wrote: > > Hey Josh, > > I am using your sysmon decoder from your github site and have the same > issue. What

Re: [ossec-list] Windows OSSEC Agent 2.8.3 – cannot install on Windows server 2012 R2

On Nov 9, 2015 10:06 AM, "Andrei Duca" wrote: > > Hi guys, > > > > I downloaded the OSSEC agent 2.8.3 for Windows and when I run it nothing happens. > > From cmd it asks for a path as parameter and when one is added I get the following errors: > > > >

[ossec-list] Windows OSSEC Agent 2.8.3 – cannot install on Windows server 2012 R2

Hi guys, I downloaded the OSSEC agent 2.8.3 for Windows and when I run it nothing happens. >From cmd it asks for a path as parameter and when one is added I get the following errors: C:\ossec-agent-win32-2.8.3.exe C:\Ossec [SC] OpenService FAILED 1060: The specified service does

Re: [ossec-list] Will app get blocked on heavy mysql queries?

Sounds like you may want to look into fine tuning your active response and/or rules. On 11/9/2015 10:11 PM, frwa onto wrote: Hi Santiago, I am just running as standalone so its not a manager or agent. I have another machine for instance I am using the older ossec 2.7.1 in

Re: [ossec-list] Will app get blocked on heavy mysql queries?

Hi Santiago, I am just running as standalone so its not a manager or agent. I have another machine for instance I am using the older ossec 2.7.1 in that one I have tried say I got my phpymadmin and when I start browsing huge data ossec will block me an only after some time I

[ossec-list] Re: OSSEC - Windows Event Log - PowerShell Alerts

I have restarted OSSEC using the OSSEC Agent Manager on the ossec client computer. I have also restarted the OSSEC service on the OSSEC server. I'm not sure why I can't reply to your response, so I had to reply to mine @dan(ddpbsd) Also I am using OSSEC HIDS v2.8 on the client & server. --

[ossec-list] Re: OSSEC - Windows Event Log - PowerShell Alerts

I have restarted OSSEC using the OSSEC Agent Manager on the ossec client computer. I have also restarted the OSSEC service on the OSSEC server. I'm not sure why I can't reply to your response, so I had to reply to mine @dan(ddpbsd) On Friday, November 6, 2015 at 11:00:00 AM UTC-6, Phillipa

[ossec-list] Will app get blocked on heavy mysql queries?

Hi, I have centos server. I have managed to install ossec 2.8.1. It mainly runs a socket programming app. For every instance of a connection it will receive data and insert into mysql db. What I worried in what scenario will it block the access to this local mysql db as I can see there some

RE: [ossec-list] Ossec logrotate

I use logrotate to rotate the OSSEC log on the server. Below is my config in /etc/logrotate.conf. /var/ossec/logs/ossec.log { daily copytruncate create 660 ossec ossec rotate 10 } Thanks, Patrick From: ossec-list@googlegroups.com

Re: [ossec-list] Logtest works, but prod instance does not...

Josh, I am using Sysmon version 3.10 and I am running Security Onion distributed deployment Konrad On Monday, November 9, 2015 at 9:48:37 AM UTC-5, DefensiveDepth wrote: > > Konrad, > > What version of Sysmon are you using? Are you using the decoders/OSSEC in > Security Onion or standalone?

Re: [ossec-list] Windows OSSEC Agent 2.8.3 – cannot install on Windows server 2012 R2

I get the feeling this never worked but that is just me. Also, I don't think you have to put in a path if doing a slient install or anything and it should just work. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this

Re: [ossec-list] Windows OSSEC Agent 2.8.3 – cannot install on Windows server 2012 R2

Same issue here on Windows 7...package doesn't install...asking to specify the path and no go with the path either... On Monday, November 9, 2015 at 11:24:58 AM UTC-5, SoulAuctioneer wrote: > > I get the feeling this never worked but that is just me. Also, I don't > think you have to put in a

Re: [ossec-list] Windows OSSEC Agent 2.8.3 – cannot install on Windows server 2012 R2

Looks like the Windows agent file in ossec.net is corrupted. The file is only 207K, and Sha256 checksum doesn't match. We have a pre-compiled Windows agent at http://ossec.wazuh.com/windows/ This one is 1.1MB and works fine for us. I'll reach Vic so he can upload a new one to ossec.net Best

Re: [ossec-list] Package Debian Jessie 2.8.3 + Mysql

another recurring problem that has not been corrected, it's about the file: /var/ossec/active-response/bin/host-deny.sh you must remove the spaces of the equal sign (problem with debian): replace : TMP_FILE = `mktemp /var/ossec/ossec-hosts.XX` by TMP_FILE=`mktemp

Re: [ossec-list] Package Debian Jessie 2.8.3 + Mysql

Hi thank you for this package... but after the upgrade, ossec start and stop immediately (reinstall package, reboot server..) ossec.log : 2015/11/09 11:24:40 ossec-monitord: INFO: Started (pid: 2022). 2015/11/09 11:24:42 ossec-analysisd: INFO: Connected to '/queue/alerts/ar' (active-response

Re: [ossec-list] Package Debian Jessie 2.8.3 + Mysql

Thank you Regis for the feedback. Really appreciate it. Will work on those issues and generate new packages as soon as I can, most likely sometime in the next couple of days. On Mon, Nov 9, 2015 at 3:24 AM, Régis Houssin wrote: > another recurring problem that has

Re: [ossec-list] Will app get blocked on heavy mysql queries?

Are you running an agent or the manager? I don't think OSSEC would block access to your mysql db. On Mon, Nov 9, 2015 at 8:19 AM, frwa onto wrote: > Hi, > I have centos server. I have managed to install ossec 2.8.1. It mainly > runs a socket programming app. For every

Re: [ossec-list] Ossec logrotate

Afaik ossec-monitord rotates and compresses the logs (archives.log, alerts.log, ossec.log) every day (exactly at midnight). There are some monitord options at /var/ossec/etc/internal_options.conf No option to delete those logs automatically though. A cron task would be my way to go. On Mon,