Hello
I need advice. I have linux hosts that have scheduled updates via cron.
Users are not allowed to install any new package on hosts.
Syslog does not differ "Update package" event from "Install new package".
It always logs something like this "2013-04-26 08:01:30 status installed
hicolor-icon-th
Hi
Is that possible to store full logs (level 0) from all agent hosts at ossec
server?
i've changed *
<
**log_alert_level> to 0, restarted server, but there is no any level 0-1
events in log/alerts/alerts.log. Or am i looking at wrong directory?*
And more, OSSEC deletes logs from agents. How to s
still need help
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/gr
Try make the following on ossec server:
agent_control -r -u
agent_control -i
I had 2 Windows XP hosts that was in Never connected state after i changed
agent keys on it.
I've tcpdumped communication between server-agent and saw that agent send
packets and server replies during all night, but ser
I've found that checksum modification starts with file
/etc/alternatives/mozilla-flashplugin and ends with /bin/rbash.
Such order is the same on all hosts.
Mozilla is the cause? which way?
-/bin/rbash
File: /bin/rbash
Agent: dbi-726-14x
Modification time: 2013 Apr 16 11:03:37
-/bin/bash
Fi
