Hi,
I use ossec to monitor all servers activities from my enterprise including
creation/modification of file.
I forward to each sysadmin (configured in ossec.conf) all alert from their
server.
Today i face a problem, i have many server wich generate mail alert, and
the global mail restriction
So, you are sending over in one hour?
Changing that requires patch and recompiling ossec server.
--
Eero
2016-01-28 11:10 GMT+02:00 Lionel Caignec :
> Hi,
>
> I use ossec to monitor all servers activities from my enterprise including
> creation/modification of file.
>
> I forward to each s
Yes periodically we have some burst, especially when executing "yum update"
on all server.
We get mail alert, but their delayed so we have problem to detect file
modification.
ok this is what I thought for the patch.
Le jeudi 28 janvier 2016 11:02:28 UTC+1, Eero Volotinen a écrit :
>
> So, you
correct, I think that it is.
On Wed, Jan 27, 2016 at 11:06 PM, Fredrik wrote:
> Hi Santiago!
>
>
> Thanks for your input. As you pointed out the \D+ is out of place and I
> couldn't figure out why that would match whereas the latter regex, that I
> believed to be more complete, wouldn't. With in
Hi,
I found that limit and it's hardcoded at function Read_Global(), in
src/config/global-config.c
if ((Mail->maxperhour <= 0) || (Mail->maxperhour > )) {
merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
return (OS_INVALID);
}
You may increase this limit as you need i
Is there a way to do monthly management reports in OSSEC if I have ELK
stack sitting on top of it?
I need to have be able to deliver monthly reports to management
Thanks,
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from
Dynamic log file names on Windows are indeed a bit challenging and will require
creative work arounds, unless you happen to know how to modify the source code.
One idea would be to script a scheduled task that looks for new log files when
you expect them to be created and edit the agent’s ossec.
Thanks for the reply, Santiago.
Here is what I am seeing. On agent:
2016/01/28 11:42:06 ossec-syscheckd: INFO: Monitoring directory:
'/var/www/vhosts/'.
2016/01/28 11:42:06 ossec-syscheckd: INFO: Directory set for real time
monitoring: '/var/www/vhosts/'.
2016/01/28 11:43:08 ossec-syscheckd: I
Thanks Santiago. I assume you are referring to the
"ssh_integrity_check_linux" script. I tried that but it seems to break
agentless monitoring on hosts that use port 22 for ssh connections, or for
that matter, other non standard ports. Is there any work around for this?
To put the question an
When testing agentless motioning noticed that agentless alerts do not
appear in the "alerts.log" nor in the WUI, why is that and can it be fixed?
I'm using ssh_integrity_check_linux
I do receive email alerts as shown below.
OSSEC HIDS Notification.
2016 Jan 28 10:46:22
Received From: (s
Dear Daniel,
I did the installation of integrator, but I do not understand why my
server had lost the connection with my agents. To service back works, I
need restart the ossec. Can you help me?
I have downloaded this: dcid-ossec-hids-d29f2859d5c6.tar.gz
PS: Apologize me for my poor english, my P
Hello OSSEC group, I've tried googling a lot of this information but I'm
unable to find what I need. (Probably from a lack of understanding).
Scenario: I have four agent servers and one master server. They are all
communicating and the logs are being transported.
Recently I created an SSL key a
On Jan 28, 2016 3:24 PM, wrote:
>
> Hello OSSEC group, I've tried googling a lot of this information but I'm
unable to find what I need. (Probably from a lack of understanding).
>
> Scenario: I have four agent servers and one master server. They are all
communicating and the logs are being transpo
Are you sure it is not in the alerts file? ossec-maild (the smtp agent)
reads the alerts.log file in order to send emails. See below:
root@vpc-ossec-manager:~# lsof /var/ossec/logs/alerts/alerts.log
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ossec-csy 506 ossecm3r REG 20
Haven't tested it but I guess a quick and dirty solution would be to copy
the script, renaming those like:
ssh_integrity_check_linux_22
ssh_integrity_check_linux_123
ssh_integrity_check_linux_456
And then have those triggered for the different agents depending on their
where their sshd service is
Issue submitted!
/x
On Wed, Jan 27, 2016 at 5:04 PM, Brent Morris
wrote:
> Is this worth submitting as an issue to github?
>
> https://github.com/ossec/ossec-hids/issues
>
>
> On Wednesday, January 27, 2016 at 12:08:54 AM UTC-8, Xavier Mertens wrote:
>>
>> I'll patch my analysisd to provide src
Hello list!
OSSEC can "cut" some data from 'full_command' output.
this is from ossec-alerts.log
ossec: output: 'tcp_netstat':
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign
Address State PID/Program name
tcp0
list,sorry for typo
the first example is not "from ossec-alerts.log" but "from ossec.log"
cheers.
On 29.01.2016 01:49, q wrote:
> Hello list!
>
> OSSEC can "cut" some data from 'full_command' output.
>
>
>
> this is from ossec-alerts.log
>
> ossec: output: 'tcp_netstat':
> Active Internet conn
Mind sending the last 20-30 lines of your ossec.log? It can give us an idea
to what is going on.
thanks,
On Thu, Jan 28, 2016 at 1:42 PM, Marcelo wrote:
> Dear Daniel,
>
> I did the installation of integrator, but I do not understand why my
> server had lost the connection with my agents. To se
The issue was in my branch there. Mind getting the latest again? Should be
working now:
https://bitbucket.org/dcid/ossec-hids/get/tip.tar.gz
Sorry for the waste of time :/
thanks,
On Thu, Jan 28, 2016 at 1:34 PM, Luke Hansey
wrote:
> Thanks for the reply, Santiago.
>
> Here is what I am seein
20 matches
Mail list logo