Hi Dan,
well here is what i get when i launch the commdand ossec-syscheckd -df
it still mentions Syscheck disabled.
that is so weird..
[root@LNA-ALA-FIM ossec]# bin/ossec-syscheckd -df
2016/07/22 14:54:13 ossec-syscheckd: DEBUG: Starting ...
2016/07/22 14:54:13 ossec-syscheckd(1702): IN
On Fri, Jul 22, 2016 at 2:44 PM, EvilZ wrote:
> ok not a problem,
>
> just to make sure, when you launch the script ossec-syscheckd does it inform
> you that it is disabled ?
>
AGENT:
root@ossec283-agent:~/ossec-hids-2.8.3/src# pkill ossec-syscheckd
root@ossec283-agent:~/ossec-hids-2.8.3/src# ps
ok not a problem,
just to make sure, when you launch the script ossec-syscheckd does it
inform you that it is disabled ?
thank you,
On Friday, July 22, 2016 at 2:41:03 PM UTC-4, dan (ddpbsd) wrote:
>
> On Fri, Jul 22, 2016 at 2:19 PM, EvilZ >
> wrote:
> > ok
> >
> > so basically you configu
On Fri, Jul 22, 2016 at 2:19 PM, EvilZ wrote:
> ok
>
> so basically you configured the same things as i did in the ossec.conf or in
> the agent.conf ?
>
You mean the "no" option? It belongs in the
server's ossec.conf. It does nothing good anywhere else.
> Thank you,
>
> On Friday, July 22, 2016
ok
so basically you configured the same things as i did in the ossec.conf or
in the agent.conf ?
Thank you,
On Friday, July 22, 2016 at 12:54:13 PM UTC-4, dan (ddpbsd) wrote:
>
> On Fri, Jul 22, 2016 at 12:44 PM, EvilZ >
> wrote:
> > actually i decided to try locally because i would like to s
Thanks from Germany too, 2 years later :-) I ran into the same problem
today but got it fixed thanks to this thread.
On Wednesday, January 8, 2014 at 3:29:25 PM UTC+1, dan (ddpbsd) wrote:
>
> On Wed, Jan 8, 2014 at 5:17 AM, Georg Schönberger
> > wrote:
> > Am Mittwoch, 8. Januar 2014 00:30:59
On Fri, Jul 22, 2016 at 12:44 PM, EvilZ wrote:
> actually i decided to try locally because i would like to see in both cases
> if a user was to modify a specific text file in the ossec server i would
> like to get an alert that would to the very least tell what was changed and
> what is the new te
actually i decided to try locally because i would like to see in both cases
if a user was to modify a specific text file in the ossec server i would
like to get an alert that would to the very least tell what was changed and
what is the new text that was written. which is why i modified the opti
On Fri, Jul 22, 2016 at 12:14 PM, EvilZ wrote:
> Hi Dan,
>
> I plated theno in the syscheck section and for
> some reason it simply does not trigger.
>
> Is it possible that once it was triggered three times it goes in a do not
> check list that i have to reset ?
>
I don't think so, but I'm not p
Hi Dan,
I plated theno in the syscheck section and for
some reason it simply does not trigger.
Is it possible that once it was triggered three times it goes in a do not
check list that i have to reset ?
if ever i wish to perform the same locally is there a different step ?
Thank you,
On F
On Fri, Jul 22, 2016 at 12:07 PM, srik wrote:
> Dan,
>
> is this 3 times thing for certain time threshold? like for once an hr, day,
> etc.,? If yes, is there a way to change that?
>
No, it's a total of 3 times ever.
> Thanks,
> Sri
>
> On Friday, 22 July 2016 08:10:51 UTC-6, dan (ddpbsd) wrote:
Dan,
is this 3 times thing for certain time threshold? like for once an hr, day,
etc.,? If yes, is there a way to change that?
Thanks,
Sri
On Friday, 22 July 2016 08:10:51 UTC-6, dan (ddpbsd) wrote:
>
> On Fri, Jul 22, 2016 at 9:25 AM, EvilZ >
> wrote:
> > Hi ,
> >
> >
> > I would like to
Excellent thank you very much =)
On Friday, July 22, 2016 at 10:10:51 AM UTC-4, dan (ddpbsd) wrote:
>
> On Fri, Jul 22, 2016 at 9:25 AM, EvilZ >
> wrote:
> > Hi ,
> >
> >
> > I would like to setup a monitoring for a txt file that is in a Linux
> server.
> > I have configured the syscheck
On Fri, Jul 22, 2016 at 9:25 AM, EvilZ wrote:
> Hi ,
>
>
> I would like to setup a monitoring for a txt file that is in a Linux server.
> I have configured the syscheck and selected Report_Change to yes however
> after 3 changes it has stopped reporting any change i do to the file. I
> would like
Hi ,
I would like to setup a monitoring for a txt file that is in a Linux server.
I have configured the syscheck and selected Report_Change to yes however
after 3 changes it has stopped reporting any change i do to the file. I
would like the monitoring to act like an agentless and alert wheneve
I realized a made typo mistake in the post sorry about that
/input/ossec/
>
> I would like to setup a monitoring for a txt file that is in a Linux
> server.
> I have configured the syscheck and selected Report_Change to yes however
> after 3 changes it has stopped reporting any change i do t
I have enabled the debug logging as you described, and additionally set the
remoted.debug=2 and logcollector.debug=2 in internal_options.conf (was the
latter even necessary)?
I'll monitor the agents and report back here.
Quintin
On Wed, Jul 20, 2016 at 1:55 PM dan (ddp) wrote:
> On Tue, Jul 19
17 matches
Mail list logo