Re: [ossec-list] Re: Duplicated counter

System is windows and i use lastest stable version 2.8.3; so it is located at c:\program files (x86)\ossec\ When remoted.verify_msg_id = 0, Errors appear; When remoted.verify_msg_id = 0, there is no error. I think that problem is slash direction; tmp*\*Security-a06404 will be solve this problem

Re: [ossec-list] Re: Duplicated counter

Just to be sure, the variable I was talking about is: # Verify msg id (set to 0 to disable it) > remoted.verify_msg_id=1 At /var/ossec/etc/internal_options.conf Best regards, Pedro S. On Friday, May 13, 2016 at 3:53:20 PM UTC+2, Pedro S wrote: > > Hi, > > I don't think *verify_msg *will be

Re: [ossec-list] Re: Duplicated counter

Hi, I don't think *verify_msg *will be related with those errors. It seems like those files (EventChannel bookmarks) not longer exist in tmp folder or OSSEC does not have enough permissions, try to reinstall the agent. If you prefer, paste here your EventChannel queries so I can test them in my l

Re: [ossec-list] ossec category/group - syslog remote

Hi, You can use JSON output from Wazuh, there is an array field containing all the groups so you can search later for them in Kibana: "rule.groups: 'ssh' AND rule.groups: ''attacks' ". Output example: { > "decoder": { > "name": "pam" > }, > "full_log": "May 13 04:30:21 vpc-ossec-mana

[ossec-list] Re: Duplicated counter

When i change verify_msg_id=0; *i have lots of error in ossec log* 2016/05/13 14:33:17 ossec-agent: ERROR: Could not move (tmp/Security-a06404) to (bookmarks/Security) which returned (5) 2016/05/13 14:33:17 ossec-agent: ERROR: Could not rename_ex() temporary bookmark (tmp/Security-a06404) to

[ossec-list] Re: Security Matrices With OSSEC

Hi, you could use OSSEC + ELK Stack to create measurable security matrices. Check out these images: General alerts , PCI evolution