hi
003,004 doesn't work
but each section separetely is working
firewall-drop
defined-agent
067
864000
117154,31510,117159,117162
firewall-drop
defined-agent
038
864000
117154,31510,117159,117162
be carefull with that case
https://github.com/ossec/oss
Hi all,
Trying to figure out the different branches right now and what has been
integrated and what has not. Right now there seems to be the main branch,
then there is Dan's - (is that the main branch too?) and then there is
Wazuh, and of course Atomic.
Can someone summarize the different bra
On Mon, Sep 5, 2016 at 8:47 AM, Kat wrote:
> Hi all,
>
> Trying to figure out the different branches right now and what has been
> integrated and what has not. Right now there seems to be the main branch,
> then there is Dan's - (is that the main branch too?) and then there is
> Wazuh, and of cour
Hi, I installed ossec local on my cloud server, and configure ossec.conf as
follows, I tried to detect new additions using
yes.
yes
my_em...@example.com
ns0.bt.net.
my_em...@example.com
79200
yes
/etc,/usr/bin,/usr/sbin
/bin,/sbin
/
On Mon, Sep 5, 2016 at 10:33 AM, Daiyue Weng wrote:
> Hi, I installed ossec local on my cloud server, and configure ossec.conf as
> follows, I tried to detect new additions using
> yes.
>
>
> yes
> my_em...@example.com
> ns0.bt.net.
> my_em...@example.com
>
>
>
>
Hi, since it is a fresh install of ossec, so I didn't get any emails. The
notification is turn on as
yes
in ossec.conf
On Monday, 5 September 2016 15:38:25 UTC+1, dan (ddpbsd) wrote:
>
> On Mon, Sep 5, 2016 at 10:33 AM, Daiyue Weng > wrote:
> > Hi, I installed ossec local on my cloud server,
On Mon, Sep 5, 2016 at 10:47 AM, Daiyue Weng wrote:
> Hi, since it is a fresh install of ossec, so I didn't get any emails. The
> notification is turn on as
>
Try using tcpdump (looking for connections to the email server from
the OSSEC system)
or check the maillogs on the email server to determ
Hi, could you give me an example of using tcpdump in this case?
cheers
On Monday, 5 September 2016 15:57:08 UTC+1, dan (ddpbsd) wrote:
>
> On Mon, Sep 5, 2016 at 10:47 AM, Daiyue Weng > wrote:
> > Hi, since it is a fresh install of ossec, so I didn't get any emails.
> The
> > notification is
On Mon, Sep 5, 2016 at 11:42 AM, Daiyue Weng wrote:
> Hi, could you give me an example of using tcpdump in this case?
>
tcpdump -nnXxevvs 0 port 25
> cheers
>
> On Monday, 5 September 2016 15:57:08 UTC+1, dan (ddpbsd) wrote:
>>
>> On Mon, Sep 5, 2016 at 10:47 AM, Daiyue Weng wrote:
>> > Hi, sin
Using the above cmd, adding a file on a monitored directory, i.e.
/home/user_name,
nothing is shown on tcpdump,
tcpdump: listening on dummy0, link-type EN10MB (Ethernet), capture size
262144 bytes
On Monday, 5 September 2016 16:44:57 UTC+1, dan (ddpbsd) wrote:
>
> On Mon, Sep 5, 2016 at 11:
On Mon 5.Sep'16 at 8:59:41 +0200, secucatc...@free.fr wrote:
> hi
> 003,004 doesn't work
> but each section separetely is working
>
>
> firewall-drop
> defined-agent
> 067
> 864000
> 117154,31510,117159,117162
>
>
>
> firewall-drop
> defined-agent
> 038
>
On Mon, Sep 5, 2016 at 11:53 AM, Daiyue Weng wrote:
> Using the above cmd, adding a file on a monitored directory, i.e.
> /home/user_name,
>
> nothing is shown on tcpdump,
>
> tcpdump: listening on dummy0, link-type EN10MB (Ethernet), capture size
> 262144 bytes
>
>
You can use "-i INTERFACE_NAME
The /var/ossec/logs/alerts/alerts.log didn't show the addition of the file,
no alerts fired after adding a file to /home/user_name, which is monitored
by ossec. what's the possible problems?
On Monday, 5 September 2016 17:02:06 UTC+1, dan (ddpbsd) wrote:
>
> On Mon, Sep 5, 2016 at 11:53 AM, Daiy
On Mon, Sep 5, 2016 at 12:14 PM, Daiyue Weng wrote:
> The /var/ossec/logs/alerts/alerts.log didn't show the addition of the file,
> no alerts fired after adding a file to /home/user_name, which is monitored
> by ossec. what's the possible problems?
>
A syscheck scan probably hasn't run since the
Hi, ideally we like ossec to check file integrity in real time, if not,
what are the other options ossec can offer in that aspect?
Is there a Syscheck cmd in ossec?
On 5 September 2016 at 17:23, dan (ddp) wrote:
> On Mon, Sep 5, 2016 at 12:14 PM, Daiyue Weng wrote:
> > The /var/ossec/logs/aler
On Mon, Sep 5, 2016 at 12:29 PM, Daiyue Weng wrote:
> Hi, ideally we like ossec to check file integrity in real time, if not, what
> are the other options ossec can offer in that aspect?
>
It will do some things in real time, not all. I think it should be a
fairly simple code change to add new fi
16 matches
Mail list logo
