On Mar 13, 2017 11:50 AM, "Martin Dulovič" wrote:
Hello,
i have this problem, you could say. I need Ossec to crunch modified logs
(syslogs). Our syslog message is as follows.
*Example message:*
[syslog-1] Mar 13 06:25:16 my-server-1 syslog-ng[1012]: EOF on control
Hello,
i have this problem, you could say. I need Ossec to crunch modified logs
(syslogs). Our syslog message is as follows.
*Example message:*
[syslog-1] Mar 13 06:25:16 my-server-1 syslog-ng[1012]: EOF on control
channel, closing connection;
*Format:*
[TAG] syslog_timestamp syslog_host
I’m getting heavy flurries of bogus DNS queries to non-recursive,
authoritative DNS server. The traffic comes from a large spread of src ip
address, so it’s obviously mostly spoofed. The queries are all denied, so
it’s almost no risk, except that it heavily overloads the log management,
Dear all,
i have the ERROR below in my ossec server, and not generated alerts from
Linux (agentless) in ossec.
I search more error similars in this foruns but i dont founded solution.
Can you help me?
2017/03/13 10:42:35 ossec-agentlessd: DEBUG: buffer: [ossec@SERVIDOR-01 ~]$
2017/03/13
Confirmed
George walked through the events with me. The event channel is read, though
in archives.log , post decryption, only part of the event is sent over. For
most events this is not an issue, but for Applocker and other more detailed
events writing to Event Channels, there is a second
Hi pedro,
thanks, i had doubt about where github is official for development, butok.
Thanks.
Em segunda-feira, 13 de março de 2017 09:44:00 UTC-3, Pedro Sanchez
escreveu:
>
> Hi Eduardo,
>
> Yes, it is written in C.
>
> The project is totally open source, hosted in Github, you could send pull
>
Hi Eduardo,
Yes, it is written in C.
The project is totally open source, hosted in Github, you could send pull
requests with your improvements / fixes.
Repository URL: https://github.com/ossec/ossec-hids
In case you are not familiar Github, some docs about sending pull requests:
Hi BJ,
Happy to know, I hope it be working well, all the credits to Xavier and his
post at:
https://blog.rootshell.be/2013/05/13/improving-file-integrity-monitoring-with-ossec/
.
Probably the error you were getting was related to ossec.conf XML tags.
I think Dan is integrating the same
Hi all,
this ossec is writed in C, correct?
how development/contribute to ossec with development in C (or other
language)?
Kind regards,
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving
Thanks, Dan, for help.
I think I will prefer this rule:
18104
\.*Account\s+Name:\s+Administrator\.*New Process
Name:\s+C:\\Windows\\System32\\mspaint.exe|Account\s+Name:\s+Administrator\.*New
Process Name:\s
+C:\\Windows\\System32\\calc.exe
new process Drop
But do you know how
10 matches
Mail list logo