Hi,
How can i urge the Ossec mysql Database?
I am monitoring our OSSEC itself through OSSEC. I am receiving a lot of
following messages from our OSSEC manager. Is this normal? Should I exclude
/opt/ossec/queue from syscheck? Not sure why syscheck fle is geting changed
so continuously
Integrity checksum changed for: '/opt/ossec/queue/syschec
Does anyone know if the checksum for ossec-hids-2.4.1.tar.gz got recently
changed (may be new file was uploaded to ossec.net site)?
When I downloaded this file in June, checksum were as follows:
md5sum ossec-hids-2.4.1.tar.gz
3f071be3f9808e689f1b56585ea717c3 ossec-hids-2.4.1.tar.gz
# sha1sum oss
fy was added in 2.6 (maybe 2.6.23 or something).
> I think you'll have to set these options on the server, but I'm not
> positive.
>
> On Tue, Mar 9, 2010 at 7:07 PM, Devendra Agrawal
> wrote:
> > That was my mistake when posting the issue. I commented out when it wa
led with
> inotify support? What version of rhel? 4.x doesn't have support, not
> sure about 5.x yet.
>
> On Wed, Jul 28, 2010 at 3:05 PM, Devendra Agrawal
> wrote:
> > Forgot to mention, it is on Red hat 2.6 kernel
> >
> > On Wed, Jul 28, 2010 at 3:00 PM, D
Can Real Time monitoring on directory be done in the scenario of centralized
agent configuration? I tried but see the following warnings in the ossec.log
on the agent..
2010/07/28 13:30:02 ossec-syscheckd: WARN: Ignoring flag for real time
monitoring on directory: '/etc'.
2010/07/28 13:30:02 ossec
Forgot to mention, it is on Red hat 2.6 kernel
On Wed, Jul 28, 2010 at 3:00 PM, Devendra Agrawal <
devendra.agra...@gmail.com> wrote:
> Can Real Time monitoring on directory be done in the scenario of
> centralized agent configuration? I tried but see the following warnings in
> t
Did anyone faced the similar issue when installing the agent using binary
package?
On Mon, Jul 26, 2010 at 12:09 PM, Devendra Agrawal <
devendra.agra...@gmail.com> wrote:
> It seems, if you try to install using a binary package (on systems with no
> gcc), it expects ossec to b
to
directory: '/var/ossec'.
On Sun, Jul 25, 2010 at 12:10 AM, dan (ddp) wrote:
> On Sat, Jul 24, 2010 at 12:20 PM, Devendra Agrawal
> wrote:
> > I chose /opt/ossec as install directory. Why would it expect /var/ossec
> when
> > there is no / var/ossec on
It seems, if you try to install using a binary package (on systems with no
gcc), it expects ossec to be under /var/ossec directory even if you mention
install dierctory as something else. I dont know why and how to fix this
behaviour.
On Mon, Jul 26, 2010 at 10:51 AM, Devendra Agrawal
e binaries in the wrong location?
When install.sh was run originally, was /opt/ossec entered as the
location you'd like ossec to be installed in?
The error message is pretty clear. the program expects to live in /
var/ossec, but can't.
-Original Message-
From: Devendra Agrawal
I did an agent install (using binary package under /opt/ossec directory on
Red hat Linux machine. I am getting following error when running
"manage_agents" command. Any idea?
# ./manage_agents
2010/07/23 16:07:40 manage_agents(1209): ERROR: Unable to chroot to
directory: '/var/ossec'.
I am planning to use mysql for OSSEC logs (instead of plain text files).
Does mysql need to be on the same host as where OSSES manager is installed?
or culd it be on a remote host as well?
Thanks.
To unsubscribe from this group, send email to
ossec-list+unsubscribegooglegroups.com or reply to th
t right
now, but
that would be a serious problem imho.
On Fri, Mar 12, 2010 at 7:38 PM, dan (ddp) wrote:
I imagine there might be difficulties with udev or devfs or whatever
linux is using now. Haven't tried it though.
On Fri, Mar 12, 2010 at 11:33 AM, Devendra Agrawal
wrote:
By default
Is it possible to alert for new files in real time (as soon as the new file
is found)? It seems it alerts for new files only after scheduled scanning.
By default, ossec doesn't seems to be doing file integrity checks for /dev,
/boot, and hidden files (starting with ".") on Linux. Can ossec monitor them
reliably (if I add them in ossec.conf)? I am not sure if there is any
advantage in doing the same check for /proc too.
Thanks.
without any delay (immediately):
>
> On Wed, Mar 10, 2010 at 5:35 PM, Devendra Agrawal
> wrote:
> > Is it possible to specify different email addresses (for alerts) for
> > different hosts? For eg. I would like to let alerts go to a email
> addresses
> > for a group
I wanted to confirm if it is normal for ossec manager & agent to take about
30-40 minutes to complelet all scans after it is restarted. Both manager and
agent are linux and only /etc, /usr/bin, /usr/sbin, /bin, /sbin directories
are getting checked
Ossec Manager (ossec.log)
---
Is it possible to specify different email addresses (for alerts) for
different hosts? For eg. I would like to let alerts go to a email addresses
for a group of hosts, but to go to other email address for another group of
hosts.
Thanks.
I got it working by setting on manager and modifying local_rules.xml. Is it
possible to alert for new files in real time? It seems it only alerts after
scheduled scanning.
Thanks.
On Tue, Mar 9, 2010 at 7:07 PM, Devendra Agrawal wrote:
> That was my mistake when posting the issue
, dan (ddp) wrote:
> The "" designate anything in between them as commented
> out. Remove them
> and things may work a bit more like you'd expect.
>
> On Tue, Mar 9, 2010 at 2:26 PM, Devendra Agrawal
> wrote:
> > Hi,
> >
> > I want to know the s
Hi,
I want to know the syntax for auto_ignore and alert_new_files option. I
tried the following and restarted the agent services but it doesn't alert as
expected. I also have realtime check enabled.
79200
/etc,/usr/bin,/usr/sbin
/bin,/sbin
/etc/mtab
/
You can probably remove the frequency in the ossec.conf and may shedule it
in the crontab if on unix system
On Tue, Mar 2, 2010 at 3:04 AM, rob wrote:
> Hi
>
> I would like to be able to schedule scans with OSSEC rather than use
> the frequency. I would like the scans only to run once a week at
Please help with following questions:
1) Is it possible to perform real time file integirty check on agentless
client ? If yes, how?
2) I configured an agentless client (host1) but getting following error on
manager's logs
ossec-agentlessd: ERROR: ssh_integrity_check_linux: r...@host1: Timeout
Can ossec agent be installed on a Red Hat Linux machine with no gcc ?
25 matches
Mail list logo