I have hopefully an easily answered question regarding modifying some of
the rules.xml files that come with ossec. I guess my question centers
around, what is the best practice for doing something like that? i want to
give certain windows eveint ID's higher levels and lower certain other
ones.
On Fri, Aug 26, 2016 at 9:39 AM, Derek Day wrote:
> I have hopefully an easily answered question regarding modifying some of the
> rules.xml files that come with ossec. I guess my question centers around,
> what is the best practice for doing something like that? i want to give
> certain windows e
I have ossec server and agent running in two different docker images. The
agent is not able to connect to the server:
2016/08/26 20:56:25 ossec-agentd: INFO: Trying to connect to server (ossec.
domain/10.0.129.94:1514).
2016/08/26 20:56:25 ossec-agentd: INFO: Using IPv4 for: 10.0.129.94 .
201
Try creating client key with correct ip addresa..
27.8.2016 12.35 ap. "Ka-Hing Cheung" kirjoitti:
> I have ossec server and agent running in two different docker images. The
> agent is not able to connect to the server:
>
>
> 2016/08/26 20:56:25 ossec-agentd: INFO: Trying to connect to server (o
I can try that, but why do you think that's the problem? the server is not
logging any connection attempt at all.
On Friday, August 26, 2016 at 3:41:02 PM UTC-7, Eero Volotinen wrote:
>
> Try creating client key with correct ip addresa..
>
> 27.8.2016 12.35 ap. "Ka-Hing Cheung" >
> kirjoitti:
>
Hi Ka-hing
First of all we need to know which command you use to run the container in
order to know which ports are you mapping.
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 26, 2016 at 5:11:03 PM, Ka-Hing Cheung (kah...@gmail.com) wrote:
> I have ossec se
Hi Jose,
3d71dacc22e0etleap/ossec:latest
"/usr/bin/supervisor 20 hours agoUp 3 hours
0.0.0.0:1514->1514/udp, 0.0.0.0:1515->1515/tcp
ossec
Again, I can use nc to manually send an udp packet to the server fro
It looks like the server is able to receive the messages, from tcpdump
23:10:06.123099 IP (tos 0x0, ttl 64, id 3755, offset 0, flags [DF], proto
UDP (17), length 106)
172.17.42.1.54099 > 172.17.11.152.1514: UDP, length 78
23:10:06.123376 IP (tos 0x0, ttl 64, id 31027, offset 0, flags [DF], pr
Hi Ka-Hing
When do you run the command nc -u 10.0.129.94 1514, this command is from
the agent container or the main server?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 26, 2016 at 7:14:50 PM, Ka-Hing Cheung (kah...@gmail.com) wrote:
nc -u 10.0.129.94 151
>From the agent container
On Friday, August 26, 2016 at 6:16:23 PM UTC-7, jose wrote:
>
> Hi Ka-Hing
>
> When do you run the command nc -u 10.0.129.94 1514, this command is from
> the agent container or the main server?
>
> Regards
> ---
> Jose Luis Ruiz
> Wazuh Inc.
> jo...@
Did you try to add a new key to the agent already?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 26, 2016 at 9:19:52 PM, Ka-Hing Cheung (kah...@gmail.com) wrote:
> From the agent container
>
> On Friday, August 26, 2016 at 6:16:23 PM UTC-7, jose wrote:
>>
>>
Figured out the problem. It's a docker bug:
https://github.com/docker/docker/issues/7540
On Friday, August 26, 2016 at 6:34:58 PM UTC-7, jose wrote:
>
> Did you try to add a new key to the agent already?
>
> Regards
> ---
> Jose Luis Ruiz
> Wazuh Inc.
> jo...@wazuh.com
>
> On
Hi Ka-Hing
Thanks for sharing!
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On August 26, 2016 at 9:44:23 PM, Ka-Hing Cheung (kah...@gmail.com) wrote:
> Figured out the problem. It's a docker bug:
> https://github.com/docker/docker/issues/7540
>
> On Friday, August 2
13 matches
Mail list logo