Hello,
I simply want to test the rule for DDOS Attack,which is discussed
previously:
local_rules.xml:
attacks|attack|automatic_attack
Attacks from same source IP
But this is not working. I get errors while adding this new rule.
What is the possible solution f
Hi Everyone,
Email alert mismatch, I have email alerts from Ossec agent(Suse Linux) with
message header as "Successful sudo to ROOT executed",with but the content
in the alert is for other Ossec agents(RDP servers).
The Email alert looks like this:
OSSEC Alert - Agent Name(Linux) - Level 14 -
Hi Everyone,
I am running Ossec 2.8.3 version on Server as well as agents. I am not
getting any email alerts from Ossec Server(Suse Linux) for one of the agent
which is also running on Suse Linux.
I see alerts are getting logged in /var/ossec/logs/alerts/alerts.log file
but no emails triggered.
On Aug 24, 2017 4:40 AM, "Ritu Soni" wrote:
Hello,
I simply want to test the rule for DDOS Attack,which is discussed
previously:
local_rules.xml:
attacks|attack|automatic_attack
Attacks from same source IP
But this is not working. I get errors while adding
On Aug 24, 2017 8:31 AM, "Tirumala Raja Siriki"
wrote:
Hi Everyone,
I am running Ossec 2.8.3 version on Server as well as agents. I am not
getting any email alerts from Ossec Server(Suse Linux) for one of the agent
which is also running on Suse Linux.
I see alerts are getting logged in /var/osse
On Thu, Aug 24, 2017 at 8:35 AM, dan (ddp) wrote:
>
>
> On Aug 24, 2017 4:40 AM, "Ritu Soni" wrote:
>
> Hello,
> I simply want to test the rule for DDOS Attack,which is discussed
> previously:
> local_rules.xml:
>
>
>
>
>
> attacks|attack|automatic_attack
>
>
> Atta
Ok, thanks.
have you added the rule in local_rules.xml file? or any other xml file?
On Thursday, August 24, 2017 at 6:14:56 PM UTC+5:30, dan (ddpbsd) wrote:
>
> On Thu, Aug 24, 2017 at 8:35 AM, dan (ddp) >
> wrote:
> >
> >
> > On Aug 24, 2017 4:40 AM, "Ritu Soni" >
> wrote:
> >
> > Hello, o
Hey,
>
> When I add the same rule in local_rules.xml file, I get the following
errors:
*2017/08/24 22:54:00 ossec-config(1501): ERROR: Invalid SMTP Server:
alt1.gmail-smtp-in.l.google.com.*
*2017/08/24 22:54:00 ossec-config(1202): ERROR: Configuration error at
'/var/ossec/etc/ossec.conf'. Exit
Hello,
I am having this issue when i execute the command ./ossec-remoted
ossec.log:
2017/08/24 16:16:22 ossec-remoted: INFO: Started (pid: 19350).
2017/08/24 16:16:22 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
Somebody could help me to examine that error?
Regards...
--
---
You
On Aug 24, 2017 5:20 PM, "Carlos Islas" wrote:
Hello,
I am having this issue when i execute the command ./ossec-remoted
ossec.log:
2017/08/24 16:16:22 ossec-remoted: INFO: Started (pid: 19350).
2017/08/24 16:16:22 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
Somebody could help me t
On Aug 24, 2017 12:56 PM, "Ritu Soni" wrote:
Ok, thanks.
have you added the rule in local_rules.xml file? or any other xml file?
I added it to my local_rules.xml file, outside of the tag near the
bottom.
On Thursday, August 24, 2017 at 6:14:56 PM UTC+5:30, dan (ddpbsd) wrote:
>
> On Thu, Au
Hello dan,
Yes is remoted. Here is the result for netstat
root@vknxsegfim:/var/ossec/logs# netstat -an | grep 1514
udp0 0 0.0.0.0:15140.0.0.0:*
root@vknxsegfim:/var/ossec/logs#
Regarads
El jueves, 24 de agosto de 2017, 16:39:53 (UTC-5), dan (ddpbsd) escribió:
>
>
>
> On
On Aug 24, 2017 6:28 PM, "Carlos Islas" wrote:
Hello dan,
Yes is remoted. Here is the result for netstat
root@vknxsegfim:/var/ossec/logs# netstat -an | grep 1514
udp0 0 0.0.0.0:15140.0.0.0:*
root@vknxsegfim:/var/ossec/logs#
Ok, so only 1 copy of remoted can bind to th
13 matches
Mail list logo
