Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-29 Thread dan (ddp)
On Sep 29, 2016 4:10 PM, "R0me0 ***" wrote: > > Hello guys. > > I'm trying to use real monitoring. > > I have installed inotify-tools from OpenBSD packages > > Initially I guess something related with run_realtime.c and I point inotify.h path. > > But I still without be able

[ossec-list] OpenBSD 6 - Real Monitoring

2016-09-29 Thread R0me0 ***
Hello guys. I'm trying to use real monitoring. I have installed inotify-tools from OpenBSD packages Initially I guess something related with run_realtime.c and I point inotify.h path. But I still without be able to use Real monitoring with the follow error in ossec.conf ( OpenBSD - OSSEC

Re: [ossec-list] Re: How to change the OSSEC installation directory in windows

2016-09-29 Thread Jose Luis Ruiz
Hi Dustin You can use Wazuh API and one PowerShell script. http://blog.wazuh.com/automatically-deploying-ossec-to-windows-using-wazuh-api/ And in our documentation you have the procedure to install Wazuh RESTful API http://documentation.wazuh.com/en/latest/ossec_api.html I hope this helps.

Re: [ossec-list] Re: How to change the OSSEC installation directory in windows

2016-09-29 Thread Dustin Church
Victor, I currently have 78 servers that will be recreated nightly using a single image. I understand that I can install OSSEC to a secondary partition, but how do I handle the keys for each server that is created from the image, and ensure proper communication after the image is built without

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-29 Thread dan (ddp)
On Wed, Sep 28, 2016 at 11:37 AM, Laura Herrera wrote: > Hi Dan, > > Yes, thank you, i have been trying to get this working all day. > > I am running ossec on an ubuntu 14.04 server and i need to be able to email > alerts of course. > > I saw in a separate post that ossec

Re: [ossec-list] Using active-response instead of email alerts

2016-09-29 Thread dan (ddp)
On Wed, Sep 28, 2016 at 2:29 PM, Laura Herrera wrote: > Hi guys, > > I need to get ossec to use a script every time that an alert is fired by any > of my servers. > > There is an example of this in > http://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-custom.html > which

Re: [ossec-list] AGENT WINDOWS 2012 R2 NOT COMUNICATE WITH OSSEC SERVER

2016-09-29 Thread dan (ddp)
On Thu, Sep 29, 2016 at 10:03 AM, Eduardo Reichert Figueiredo wrote: > Hi, > i have a serious problem with ossec. Windows 2012 r2 servers not comunicate > with ossec server. I am use ossec just integrity check, only! So i need > that my agent to send logs of

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-29 Thread dan (ddp)
On Wed, Sep 28, 2016 at 12:56 PM, Laura Herrera wrote: > Hi Dan, > > Changing subject a bit, do you know if it's possible to have alerts in > ossec calling a script instead of sending an email directly? > Other than active response, no. > Ta > Laura > > > On Wednesday, 28

Re: [ossec-list] OSSEC 2.8.3 in SOLARIS 10 ./MAKEALL ALL failed

2016-09-29 Thread dan (ddp)
On Wed, Sep 28, 2016 at 12:42 PM, Aj Navarro wrote: > Running install.sh in SunOS 5.10 appears the next error message: > > 5- Installing the system > - Running the Makefile > ./Makeall: test: argument expected > *** Error code 1 > The following command caused the error:

Re: [ossec-list] Re: OSSEC 2.8 build on Solaris 10 (Sparc) - "./Makeall all" fails

2016-09-29 Thread dan (ddp)
On Wed, Sep 28, 2016 at 12:22 PM, Aj Navarro wrote: > Do you have an example that how the makeall file is edited. > > I have OSSEC 2.8.3. and send the next line: > > # Setting SunOS path > if [ "X$OS" = "XSunOS" ]; then > >

[ossec-list] AGENT WINDOWS 2012 R2 NOT COMUNICATE WITH OSSEC SERVER

2016-09-29 Thread Eduardo Reichert Figueiredo
Hi, i have a serious problem with ossec. Windows 2012 r2 servers not comunicate with ossec server. I am use ossec just integrity check, only! So i need that my agent to send logs of syscheck for ossec server, only, but is not ok. I viewed many foruns about this, but i dont found solution. -

[ossec-list] Re: Unable to connect to remoted

2016-09-29 Thread Eduardo Reichert Figueiredo
you have a solution for this? Em segunda-feira, 30 de abril de 2012 04:52:29 UTC-3, Mike Sievers escreveu: > > Hi List, > > I am always getting the following error: > > agent_control -r -a > 2012/04/30 09:44:19 agent_control(1210): ERROR: Queue '/queue/alerts/ar' > not accessible: 'Queue not

Re: [ossec-list] Re: reindexing logs

2016-09-29 Thread Jose Luis Ruiz
Hi Roberto, About your osseccall you wrote this in the mail But the file "template =>" /etc/logstash/elastic-ossec-template2.json "I modified the lines 3 and 8. Line 3: from "template", "ossec *" to "template", "ossecall *" Line 8: from "ossec": to "ossecall": You have an space between ossec,

Re: [ossec-list] Re: reindexing logs

2016-09-29 Thread roberto . mendonca
Hi Jose, thanks for reply! Indeed, today the index is in template format. But only ossec index, the index ossecall did not work, the fields still appear as "Analyzed Field". I did not do the procedure: $ Cd ~ / ossec_tmp / ossec-wazuh / extensions / ElasticSearch / && curl -XPUT "http: //