Re: [ossec-list] Ossec - modify message (add tag)

On Mar 13, 2017 11:50 AM, "Martin Dulovič" wrote: Hello, i have this problem, you could say. I need Ossec to crunch modified logs (syslogs). Our syslog message is as follows. *Example message:* [syslog-1] Mar 13 06:25:16 my-server-1 syslog-ng[1012]: EOF on control

[ossec-list] Ossec - modify message (add tag)

Hello, i have this problem, you could say. I need Ossec to crunch modified logs (syslogs). Our syslog message is as follows. *Example message:* [syslog-1] Mar 13 06:25:16 my-server-1 syslog-ng[1012]: EOF on control channel, closing connection; *Format:* [TAG] syslog_timestamp syslog_host

[ossec-list] DNS block active response script not run for named rule

I’m getting heavy flurries of bogus DNS queries to non-recursive, authoritative DNS server. The traffic comes from a large spread of src ip address, so it’s obviously mostly spoofed. The queries are all denied, so it’s almost no risk, except that it heavily overloads the log management,

[ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

Dear all, i have the ERROR below in my ossec server, and not generated alerts from Linux (agentless) in ossec. I search more error similars in this foruns but i dont founded solution. Can you help me? 2017/03/13 10:42:35 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 ~]$ 2017/03/13

Re: [ossec-list] Potential Bug: Windows Security Event ID 5140 incorrectly parsed by OSSEC.

Confirmed George walked through the events with me. The event channel is read, though in archives.log , post decryption, only part of the event is sent over. For most events this is not an issue, but for Applocker and other more detailed events writing to Event Channels, there is a second

Re: [ossec-list] Developer ossec

Hi pedro, thanks, i had doubt about where github is official for development, butok. Thanks. Em segunda-feira, 13 de março de 2017 09:44:00 UTC-3, Pedro Sanchez escreveu: > > Hi Eduardo, > > Yes, it is written in C. > > The project is totally open source, hosted in Github, you could send pull >

Re: [ossec-list] Developer ossec

Hi Eduardo, Yes, it is written in C. The project is totally open source, hosted in Github, you could send pull requests with your improvements / fixes. Repository URL: https://github.com/ossec/ossec-hids In case you are not familiar Github, some docs about sending pull requests:

Re: [ossec-list] CDB Lists and MD5 checksums

Hi BJ, Happy to know, I hope it be working well, all the credits to Xavier and his post at: https://blog.rootshell.be/2013/05/13/improving-file-integrity-monitoring-with-ossec/ . Probably the error you were getting was related to ossec.conf XML tags. I think Dan is integrating the same

[ossec-list] Developer ossec

Hi all, this ossec is writed in C, correct? how development/contribute to ossec with development in C (or other language)? Kind regards, -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving

[ossec-list] Re: Ossec rule to parse two patterns with OR

Thanks, Dan, for help. I think I will prefer this rule: 18104 \.*Account\s+Name:\s+Administrator\.*New Process Name:\s+C:\\Windows\\System32\\mspaint.exe|Account\s+Name:\s+Administrator\.*New Process Name:\s +C:\\Windows\\System32\\calc.exe new process Drop But do you know how