I have a batch script I wrote that could be used in replacement of
PowerShell...
@echo off
for /f "tokens=2 delims==" %%d in ('wmic logicaldisk where "drivetype=2"
get name /format:value') do ( set var=%%d
)
echo
dir /s %var% > C:\temp\test.txt
type C:\temp\test.txt
pause
The output is this
Hi,
Trying to configure OSSEC for our mail server I noticed that our postfix log
format is different from what ossec expects with the default rules.
The postfix-reject decoder reads the source ip and and an error id, but in our
logs there is also a port present (instead of "[x.x.x.x]: id" we
Wonder if I could wrap it into a test.ps1 and execute threw
powershell.exe
-noprofile -executionpolicy bypass -file .\test.ps1
On Tuesday, April 19, 2016 at 2:23:39 PM UTC-5, Jacob Mcgrath wrote:
>
> I have a basic Windows agent setting to alert me when a storage device is
> detected using
I think has a character limitation, try to remove empty spaces or
make shorter the test.txt content.
On Wed, Apr 20, 2016 at 12:39 AM, Jacob Mcgrath wrote:
> Will try droping the | select -Skip 2 from the Get-Content see if that
> works or maby a -Raw output arg
>
Service restarts did not clear the defunct process. I ended up killing them
off and restarting. The server is healthy now and processing rules
correctly. Thanks for all the help.
On Wednesday, April 20, 2016 at 8:46:21 AM UTC-4, dan (ddpbsd) wrote:
>
> On Mon, Apr 18, 2016 at 5:46 PM, James
On Mon, Apr 18, 2016 at 5:46 PM, James Stallings wrote:
> I believe root cause here was a bunch of old OSSEC processes that were still
> holding an older config in memory even after I had cycled the daemons on
> several occasions. I no longer see the issue. Has anyone seen
Ok, I review all permission inside folder for system account and now all
run ok.
Thanks so much for the help
El miércoles, 20 de abril de 2016, 10:02:07 (UTC+2), Victor Fernandez
escribió:
>
> I had the Erorr 5 when the file "ossec-agent.exe" has no permissions for
> "SYSTEM".
>
>
Sure. Current rule:
530
ossec: output: 'df -h': /dev/
100%
Partition usage reached 100% (disk space
monitor).
low_diskspace,
Leave that rule for 100% (so you don't modify the original rules).
In local_rules add:
530
ossec: output: 'df -h': /dev/
9\d%
cool, would you mind sharing those custom rules with us? the threshold
(over 90%) one is specifically appealing to me :)
Am Mittwoch, 20. April 2016 09:12:29 UTC+2 schrieb Robert Micallef:
>
> I added custom rules to alert if space is over 90%.
>
> On 20 April 2016 at 02:16, Santiago Bassett
I had the Erorr 5 when the file "ossec-agent.exe" has no permissions for
"SYSTEM".
Unfortunately, when we change the IP in the UI, the file "ossec.conf" is
re-created without SYSTEM permissions, so the service starts and exits
suddenly, but it prints the access error in the "ossec.log".
So,
Hi
For install ossec,
First i create an Administrators group and add the users to this
group(this user belong to Administrator local group too), then install it
without error in for example "d:\ossec\ossec-agent".
For config the agent (ossec server and key) i use the gui and try
P.D.: I detected that sometimes, if I already created the group
"Administrators" (for non-English Windows versions), the OSSEC grants files
permissions only to the group "Administrators".
In order to start a service, executable files must have execution
permissions for "SYSTEM". So, please
awesome, thanks for sharing your experience with us Alexandre.
I'm sure this could be beneficial to others as well!
Am Dienstag, 19. April 2016 21:13:00 UTC+2 schrieb Alexandre Laquerre:
>
> So the final result was as follows, the first step i exported the agent
> list and updated the list ( i
I added custom rules to alert if space is over 90%.
On 20 April 2016 at 02:16, Santiago Bassett
wrote:
> Out of curiosity, what is the rule supposed to trigger the alert? The one
> is see by default looks for full partitions...
>
>
>
14 matches
Mail list logo