Konrad,
What version of Sysmon are you using? Are you using the decoders/OSSEC in
Security Onion or standalone?
-Josh
On Saturday, November 7, 2015 at 1:16:11 AM UTC-5, Konrad W wrote:
>
> Hey Josh,
>
> I am using your sysmon decoder from your github site and have the same
> issue. What
On Nov 9, 2015 10:06 AM, "Andrei Duca" wrote:
>
> Hi guys,
>
>
>
> I downloaded the OSSEC agent 2.8.3 for Windows and when I run it nothing
happens.
>
> From cmd it asks for a path as parameter and when one is added I get the
following errors:
>
>
>
>
Hi guys,
I downloaded the OSSEC agent 2.8.3 for Windows and when I run it nothing
happens.
>From cmd it asks for a path as parameter and when one is added I get the
following errors:
C:\ossec-agent-win32-2.8.3.exe C:\Ossec
[SC] OpenService FAILED 1060:
The specified service does
Sounds like you may want to look into fine tuning your active response
and/or rules.
On 11/9/2015 10:11 PM, frwa onto wrote:
Hi Santiago,
I am just running as standalone so its not a
manager or agent. I have another machine for instance I am using the
older ossec 2.7.1 in
Hi Santiago,
I am just running as standalone so its not a manager or
agent. I have another machine for instance I am using the older ossec 2.7.1
in that one I have tried say I got my phpymadmin and when I start browsing
huge data ossec will block me an only after some time I
I have restarted OSSEC using the OSSEC Agent Manager on the ossec client
computer. I have also restarted the OSSEC service on the OSSEC server.
I'm not sure why I can't reply to your response, so I had to reply to mine
@dan(ddpbsd)
Also I am using OSSEC HIDS v2.8 on the client & server.
--
I have restarted OSSEC using the OSSEC Agent Manager on the ossec client
computer. I have also restarted the OSSEC service on the OSSEC server.
I'm not sure why I can't reply to your response, so I had to reply to mine
@dan(ddpbsd)
On Friday, November 6, 2015 at 11:00:00 AM UTC-6, Phillipa
Hi,
I have centos server. I have managed to install ossec 2.8.1. It mainly
runs a socket programming app. For every instance of a connection it will
receive data and insert into mysql db. What I worried in what scenario will
it block the access to this local mysql db as I can see there some
I use logrotate to rotate the OSSEC log on the server. Below is my config in
/etc/logrotate.conf.
/var/ossec/logs/ossec.log {
daily
copytruncate
create 660 ossec ossec
rotate 10
}
Thanks,
Patrick
From: ossec-list@googlegroups.com
Josh,
I am using Sysmon version 3.10 and I am running Security Onion distributed
deployment
Konrad
On Monday, November 9, 2015 at 9:48:37 AM UTC-5, DefensiveDepth wrote:
>
> Konrad,
>
> What version of Sysmon are you using? Are you using the decoders/OSSEC in
> Security Onion or standalone?
I get the feeling this never worked but that is just me. Also, I don't
think you have to put in a path if doing a slient install or anything and
it should just work.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this
Same issue here on Windows 7...package doesn't install...asking to specify
the path and no go with the path either...
On Monday, November 9, 2015 at 11:24:58 AM UTC-5, SoulAuctioneer wrote:
>
> I get the feeling this never worked but that is just me. Also, I don't
> think you have to put in a
Looks like the Windows agent file in ossec.net is corrupted. The file is
only 207K, and Sha256 checksum doesn't match.
We have a pre-compiled Windows agent at http://ossec.wazuh.com/windows/
This one is 1.1MB and works fine for us.
I'll reach Vic so he can upload a new one to ossec.net
Best
another recurring problem that has not been corrected, it's about the file:
/var/ossec/active-response/bin/host-deny.sh
you must remove the spaces of the equal sign (problem with debian):
replace :
TMP_FILE = `mktemp /var/ossec/ossec-hosts.XX`
by
TMP_FILE=`mktemp
Hi
thank you for this package...
but after the upgrade, ossec start and stop immediately (reinstall
package, reboot server..)
ossec.log :
2015/11/09 11:24:40 ossec-monitord: INFO: Started (pid: 2022).
2015/11/09 11:24:42 ossec-analysisd: INFO: Connected to
'/queue/alerts/ar' (active-response
Thank you Regis for the feedback. Really appreciate it.
Will work on those issues and generate new packages as soon as I can, most
likely sometime in the next couple of days.
On Mon, Nov 9, 2015 at 3:24 AM, Régis Houssin
wrote:
> another recurring problem that has
Are you running an agent or the manager? I don't think OSSEC would block
access to your mysql db.
On Mon, Nov 9, 2015 at 8:19 AM, frwa onto wrote:
> Hi,
> I have centos server. I have managed to install ossec 2.8.1. It mainly
> runs a socket programming app. For every
Afaik ossec-monitord rotates and compresses the logs (archives.log,
alerts.log, ossec.log) every day (exactly at midnight). There are some
monitord options at /var/ossec/etc/internal_options.conf
No option to delete those logs automatically though. A cron task would be
my way to go.
On Mon,
18 matches
Mail list logo