Re: [ossec-list] Re: OSSEC - Windows Event Log - PowerShell Alerts

I know this is old, but thank you SO much for posting the resolution. I ran into the exact same issue when writing a decoder for a Windows log file. I did not realize that the OSSEC logs in archive contained an added header and it caused me a HUGE headache when writing the decoder. I tested

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

On Fri, Mar 31, 2017 at 10:36 AM, Eduardo Reichert Figueiredo wrote: > Hi, > after enable ipv6 in /boot i received other problem, the process remoted > binding in port 1514 for ipv6 and not binding to ipv4. > > udp6 0 0 :::514 :::* >

Re: [ossec-list] install ossec - bind to port 1514 fail | getaddrinfo: name or service not know

Hi, after enable ipv6 in /boot i received other problem, the process remoted binding in port 1514 for ipv6 and not binding to ipv4. udp6 0 0 :::514 :::* 5243/bin/ossec-remo udp6 0 0 :::1514 :::*

Re: [ossec-list] time based exceptions

Hi, there are rules for that in https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0215-policy_rules.xml. They are included by default, but not enabled. Regards. On Thursday, March 30, 2017 at 12:20:39 AM UTC+2, jose wrote: > > Hi mscrano, yes you can do that, > > example: > > >