On Mon, Jul 3, 2017 at 10:26 PM, Tunguyen wrote:
> I've checked the ossec.conf on server side and agent side, those are all the
> same as yours
> Here is the agent side:
>
> 20,40,60
>
>
> And the server side is same as above, except that i add
> like this:
>
On Fri, Jul 7, 2017 at 6:11 AM, Jesus Linares wrote:
> I never used it:
> http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html#element-time
>
> I think is the time when the event comes to the manager (not the original
> time).
>
Oh, ok. Obviously I have never used
On Fri, Jul 7, 2017 at 4:15 AM, Kazim Koybasi wrote:
> Yes OSSEC mentioning about log files and says analyzing log file. I tried
> with apache log format and without logformat settings and results is
> same.What could be a workaround for that?
>
Provide a log sample of a
On Fri, Jul 7, 2017 at 8:07 AM, chintan shah wrote:
> Hi Guys ,
>
> Just wanted to check if anybody has an idea on how to throttle the events in
> OSSEC . I have a situation where there are 20 duplicate alerts within a
> second and I would want to raise only 1 alert for
On Fri, Jul 7, 2017 at 8:10 AM, Irshad Rahimbux
wrote:
> I have did all the configuration in ms-sccm.cfg [existing file in plugin
> folder].
>
That must be an OSSIM thing. Unrelated to OSSEC.
> But still dont see anything in alerts.log.
>
Turn on the logall option,