I have ossec server(CentOS) and ossec agent(win7).
-On server-
ossec.conf:
eject_usb
event.cmd
srcip
yes
eject_usb
local
120005
30
local_rule.xml:
Event_USB
Event USB
12
USB
Detected USB Storage
-O
Yes, dan
How can I eject USB every time?
Vào 22:00:08 UTC+7 Thứ Hai, ngày 11 tháng 5 năm 2015, dan (ddpbsd) đã viết:
>
> On Sun, May 10, 2015 at 11:27 AM, Bùi Viết Hướng
> > wrote:
> > I have script file eject USB is eject.cmd had content:
> > $a =Get-WmiObject w
I have script file eject USB is eject.cmd had content:
$a =Get-WmiObject win32_logicaldisk -filter 'DriveType=2' |
ForEach-Object{$kt = $_.DeviceID
$Eject = New-Object -comObject Shell.Application
$Eject.Namespace(17).ParseName("$kt").InvokeVerb("Eject")
}
Where can I put this file(i
er ejects a USB device?
>
>
> On Wednesday, 6 May 2015 11:06:31 UTC+1, Bùi Viết Hướng wrote:
>>
>> I need active respond file.sh . Anyone can give me?
>> \
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-
Yeah, this is my essay. I'll eject USB when user plug in it into my agent.
Vào 18:15:41 UTC+7 Thứ Tư, ngày 06 tháng 5 năm 2015, CraigL đã viết:
>
> What would you like your agent to do when a user ejects a USB device?
>
>
> On Wednesday, 6 May 2015 11:06:31 UTC+1, Bùi Viết
I need active respond file.sh . Anyone can give me?
\
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more optio
Please help me!!!
I have two account mail is "b...@viethuong.com" and "st...@viethuong.com".
I want oss...@viethuong.com send to "b...@viethuong.com" alert email(has
level 1-6) and send to "st...@viethuong.com".(has level >6). What must I do?
--
---
You received this message because you are
I have been config 2 email, but I want them alert at different level.
Vào 22:18:36 UTC+7 Thứ ba, ngày 09 tháng mười hai năm 2014, Bùi Viết Hướng
đã viết:
>
> Hey everyone,
>
> I have been installed postfix mail server on ossec server. How I can alert
> to second email account?
Ohm! Maybe that's impossible. Thanks very much
Vào 22:18:36 UTC+7 Thứ ba, ngày 09 tháng mười hai năm 2014, Bùi Viết Hướng
đã viết:
>
> Hey everyone,
>
> I have been installed postfix mail server on ossec server. How I can alert
> to second email account? How I conf
Dan, can you help me another problem? I have 2 email(u...@viethuong.com and
u...@viethuong.com), I want u...@viethuong.com receive email has level 1-5 and
u...@viethuong.com receive email has level 10-15. What will I do?
Vào 22:18:36 UTC+7 Thứ ba, ngày 09 tháng mười hai năm 2014, Bùi Viết Hướng
Thanks dan for keyword Granular, I searched one
tut
http://docs.ospatrol.com/en/latest/manual/output/granular-email-output.html.
It's great.
Vào 22:18:36 UTC+7 Thứ ba, ngày 09 tháng mười hai năm 2014, Bùi Viết Hướng
đã viết:
>
> Hey everyone,
>
> I have been installed postf
Hey everyone,
I have been installed postfix mail server on ossec server. How I can alert
to second email account? How I config in /var/ossec/etc/ossec.conf another
mail account to receive alert
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-li
Could you give me an example? Both decode and rule.
Vào 23:11:35 UTC+7 Thứ hai, ngày 22 tháng chín năm 2014, dan (ddpbsd) đã
viết:
>
> On Mon, Sep 22, 2014 at 6:53 AM, Bùi Viết Hướng
> > wrote:
> > I can't create rules with parameters such as user name, IP source,
I can't create rules with parameters such as user name, IP source, program
name(ssh, ...).., and then can change the parameters and create a new
rule. Could anyone tell me the way?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To uns
14 matches
Mail list logo