On Thu, Nov 17, 2016 at 11:39 AM, Kevin COUSIN wrote:
> Hi list,
>
> I try to use agentless on cisco ios switches. I add in ossec.conf
>
>
> ssh_pixconfig_diff
> 300
> user@switch
> periodic_diff
>
>
> I have ossec-agentlessd: INFO: Test passed for
Hi list,
I try to use agentless on cisco ios switches. I add in ossec.conf
ssh_pixconfig_diff
300
user@switch
periodic_diff
I have ossec-agentlessd: INFO: Test passed for 'ssh_pixconfig_diff'. in log
file but I don't know if it connect to my switch.
How can I test ?
Did you restart the ossec processes after adding the new localfile entry?
Try running the logs through ossec-logtest.
On Thu, Nov 17, 2016 at 5:39 AM, Arthur Hidalgo
wrote:
> In the file "/var/log/secure" :
>
> Nov 17 11:05:03 PCYINTPSEVU001 sshd[35427]:
In the file "/var/log/secure" :
Nov 17 11:05:03 PCYINTPSEVU001 sshd[35427]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=10.22.130.26 user=SVCWABADMINSUP
Nov 17 11:05:03 PCYINTPSEVU001 sshd[35427]: pam_sss(sshd:auth):
authentication success; logname=
no. I don't see other alerts.
Le jeudi 17 novembre 2016 08:05:15 UTC+1, Arthur Hidalgo a écrit :
>
> Hi!
>
> I have installed OSSEC agents on RedHat VM.But I have not see the
> intrusion alerts on the Web. On RedHat VM, the intrusion logs are in the
> file :"../var/log/secure"".
> This is the
Can you see other alerts coming from your agent on the WUI?
Try to grep your agent name in /var/ossec/logs/alerts/alerts.log.
Remember to Add your web server user (apache, www or nobody) to the ossec
group.
On Thu, Nov 17, 2016 at 10:55 AM, Arthur Hidalgo
wrote:
>
yes, OSSEC WUI.
The agent is connected. So, if I go on the VM, the agent would have to
detect on intrusion of me.
Le jeudi 17 novembre 2016 08:05:15 UTC+1, Arthur Hidalgo a écrit :
>
> Hi!
>
> I have installed OSSEC agents on RedHat VM.But I have not see the
> intrusion alerts on the Web. On
Hi Arthur,
What do you mean by "on the Web?" OSSEC WUI?
Your configuration looks right, is your agent connected? You can check the
status with:
*/var/ossec/bin/agent_control -l*
Once the agent is connected, it should report log/secure events to the
Manager.
Best regards,
Pedro S.
On Thu,