> You edit the file on the server. That file then gets pushed to the client.
>
> i have edit this file on a server, but file on client from
/var/ossec/etc/shared/agent.conf on client side
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To
Dan,
Okay, so say I make two rules. 100014 that uses the first match, and
100015 that uses the second. Is there a way to revert back to 18105 if
100014 matches but 100015 doesn't?
On Tuesday, March 13, 2018 at 3:31:15 AM UTC-7, dan (ddpbsd) wrote:
>
>
> I think this combined the matches, effe
Say SO is configured to use Suricata with the Emerging Threats ruleset
One of the rules is triggered: ET CNC Zeus Tracker Reported CnC Server
group 12 for IP address 199.59.242.150.
Now, with RC3, I can highlight the destination IP address in Squert and
search for it in Kibana. While in Kiban
On Tue, Mar 13, 2018 at 4:28 PM, Niraj Kumar wrote:
> Hello Team,
>
> I am finding trouble with a pointing agent to floating point on the cluster.
> An agent gets connected directly to the nodes without any issue but whenever
> I try to use floating IP which points back to the active node, agent
>
On Wed, Mar 14, 2018 at 6:28 AM, Igor <6513...@gmail.com> wrote:
>
>> You edit the file on the server. That file then gets pushed to the client.
>>
> i have edit this file on a server, but file on client from
> /var/ossec/etc/shared/agent.conf on client side
>
The server should be pushing this fil
On Wed, Mar 14, 2018 at 12:53 PM, Ian Brown wrote:
> Dan,
>
> Okay, so say I make two rules. 100014 that uses the first match, and 100015
> that uses the second. Is there a way to revert back to 18105 if 100014
> matches but 100015 doesn't?
>
Unfortunately, no.
You could do a regex:
pfussmon.ex
On Fri, Mar 2, 2018 at 2:01 PM, Carlos Islas wrote:
> Hello,
>
> Firstly, im sorry for my bad english. I want to know, based on your
> experience, which directories are the most common to realize a syscheck on
> Windows or Linux devices?
>
/etc, /bin, /sbin, /usr/sbin, /usr/bin
Directories with s
Hi dan
Thank you for your suggestion. And whats do you think for Windows paths?
Regards
El miércoles, 14 de marzo de 2018, 15:23:32 (UTC-6), dan (ddpbsd) escribió:
>
> On Fri, Mar 2, 2018 at 2:01 PM, Carlos Islas > wrote:
> > Hello,
> >
> > Firstly, im sorry for my bad english. I want to kno
On Wed, Mar 14, 2018 at 5:25 PM, Carlos Islas wrote:
> Hi dan
>
> Thank you for your suggestion. And whats do you think for Windows paths?
>
Sorry, I don't do much with Windows. I'd assume it's the same type of
thing though. Binary paths, and static data.
> Regards
>
> El miércoles, 14 de marzo
Hi,
The configuration parser allows multiple definitions of . OSSEC
reads the *ossec.conf* file first, and then *agent.conf* (only in agents).
The option is aggregable so all directories specified will be
monitored. On the other hand, value-based options (like ) are
overwritten. So the option
1
Hello,
During release i need to remove 50 boxes(Lin/Win) from OSSEC manager on
every month and than need to enroll 50 nex boxes. Is there any command so i
can remove those 50 agent before enrolling new one so IP duplicate or
hostname duplicate related error not come in production.
I am using
11 matches
Mail list logo
