[ossec-list] How/where does one get a version of the OSSEC agent-auth application that will run on Windows?

I have successfully configured an OSSEC server running on Ubuntu in AWS. I have also successfully automated Ubuntu AWS instances automatically installing the OSSEC agent and connecting to the OSSEC server via this command /var/ossec/bin/agent-auth -m ossec.myprivatedomain.local -p 1515 I

Re: [ossec-list] Re: logs level 0 and level 1

no luni, 21 decembrie 2015, 15:07:06 UTC+2, dan (ddpbsd) a scris: > > On Mon, Dec 21, 2015 at 8:03 AM, Maxim Surdu > wrote: > >> but in ossec-wui in stats is showing me what i have alert with level 0 > and > >> 1 > > > > Are level 0 and level 1 alerts showing up in the

Re: [ossec-list] File Integrity Monitoring through OSSEC

Guys , any comments ? On Fri, Dec 18, 2015 at 7:06 PM, Nishant Porwal wrote: > Hi Santiago/Dan, > > Thanks for the inputs ,i am able to track the changes. > One more suggestion is needed , > > I want to track the file changes and need to alert only on specific >

Re: [ossec-list] Re: logs level 0 and level 1

On Dec 21, 2015 8:32 AM, "Maxim Surdu" wrote: > > no > Then I have no idea where the wui is getting that stat from. > luni, 21 decembrie 2015, 15:07:06 UTC+2, dan (ddpbsd) a scris: >> >> On Mon, Dec 21, 2015 at 8:03 AM, Maxim Surdu wrote: >> >> but in

Re: [ossec-list] Clients authenticate, but don't connect (Corp env)

Hi Dan, When we use manage_agents and export the key to the agent, the agent works fine. We've had success this way, but obviously it's tedious for over 5000 servers. Isn't this similar how authd works? I'm wondering if there's something we're not executing after the agent gets a key. I've

Re: [ossec-list] Re: logs level 0 and level 1

> > i check ossec.conf and i have > 1 but in ossec-wui or kibana is showing just alerts with minum 2, but i know what i have alerts with level 0 and 1 and i need them to be showed ossec-wui or kibana -- --- You received this message because you are subscribed to the Google Groups

[ossec-list] ossec for apache access log on ubuntu - not generating alerts

Hello experts, I want to monitor apache access.log on ubunu using ossec. Have configured local_rules.xml as below, in addition to adding the log file /var/log/apache2/acces.log to ossec.conf file. Entry in local_rules.xml: apache, 31100 Web server 400 error code. When I hit

Re: [ossec-list] Re: logs level 0 and level 1

On Mon, Dec 21, 2015 at 3:27 AM, Maxim Surdu wrote: >> i check ossec.conf and i have > > > > 1 > > but in ossec-wui or kibana is showing just alerts with minum 2, but i know > what i have alerts with level 0 and 1 and i need them to be showed ossec-wui > or kibana >

Re: [ossec-list] ossec for apache access log on ubuntu - not generating alerts

On Mon, Dec 21, 2015 at 7:40 AM, Venkata Venamma wrote: > Hello experts, > > I want to monitor apache access.log on ubunu using ossec. Have configured > local_rules.xml as below, in addition to adding the log file > /var/log/apache2/acces.log to ossec.conf file. > > Entry in

Re: [ossec-list] Re: logs level 0 and level 1

On Mon, Dec 21, 2015 at 8:03 AM, Maxim Surdu wrote: >> but in ossec-wui in stats is showing me what i have alert with level 0 and >> 1 > Are level 0 and level 1 alerts showing up in the alerts.log file? > -- > > --- > You received this message because you are subscribed to

Re: [ossec-list] Re: logs level 0 and level 1

> but in ossec-wui in stats is showing me what i have alert with level 0 and > 1 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To

Re: [ossec-list] Clients authenticate, but don't connect (Corp env)

On Thu, Dec 17, 2015 at 1:21 PM, Jamey B wrote: > Hi, > > SELINUX isn't enabled, we also looked at all the permissions and they appear > fine. > > We manually added an agent on the server and manually imported a fresh > client key, then restarted the agent. It successfully

Re: [ossec-list] ossec-maild Error Sending email to 127.0.0.1

On Sun, Dec 20, 2015 at 7:50 AM, theresa mic-snare wrote: > Hi everyone, > > today I've noticed a problem with the ossec-maild process. > The ossec.log keeps saying > > ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server) > > Of course I started

Re: [ossec-list] Trouble matching hash from 550 alert for CDB lookup

On Thu, Dec 17, 2015 at 3:36 PM, Jon Schipp wrote: > Hey all, my goal is to lookup the sha1 hash from the 550 syscheck alert in a > CDB database but I'm not having any luck. > I've tried the following things to get an alert to happen on a hash from the > 550 alert > > 1.

RE: [ossec-list] ossec for apache access log on ubuntu - not generating alerts

You may very well have to download the latest rule files from the github repository in order to recognize the latest apache log format. You can verify by copy/pasting a line from your apache log into ossec-logtest and seeing if it knows how to decode it. > -Original Message- > From: