On Friday 11 October 2013 12:53:21 pm Richard McAlexander
wrote:
I have AnaLogi installed and one thing that seems odd is
that there's no login page. I haven't had much time spend
researching, but there also doesn't seem to be much in
the way of documentation. Is there a way to enable a
On Tuesday 12 March 2013 11:22:24 am Martin Gottlieb wrote:
Hello,
I have added the repeated_offenders configuration block
to all of my agents and the server as follows:
active-response
repeated_offenders120180240/repeated_offenders
/active-response
When I restart OSSEC on the
On Monday 12 March 2012 12:24:47 pm Steven Stern wrote:
On 03/12/2012 10:49 AM, Dimitri Yioulos wrote:
Anyone have any ideas on this?
All,
Back at the end of last year, I asked about using the repeated-offenders
feature
in OH. I added the following directives to ossec.conf
All,
Back at the end of last year, I asked about using the repeated-offenders
feature
in OH. I added the following directives to ossec.conf on the host that I want
this to work in:
command
namehost-deny/name
executablehost-deny.sh/executable
expectsrcip/expect
On Thursday 29 December 2011 5:35:44 pm Rainer wrote:
Does the repeated offenders option get recognized? (you
should see messages about it in ossec.log)
No, nothing about repeated offenders in ossec.log
Then it didn't get picked up when you restarted the ossec
processes.
You
Thanks, Dan. Is anything else required other than to add the
directives to ossec.conf on the agaent?
Dimitri
On Friday 30 December 2011 8:48:15 am dan (ddp) wrote:
It belongs on the system that does the AR, most likely the
agent.
On Dec 30, 2011 8:42 AM, Dimitri Yioulos
dyiou
Thanks much, and to you and all have a very happy new year!
On Friday 30 December 2011 4:49:51 pm dan (ddp) wrote:
On Fri, Dec 30, 2011 at 12:54 PM, Dimitri Yioulos
dyiou...@onpointfc.com wrote:
Thanks, Dan. Is anything else required other than to add the
directives to ossec.conf
All,
It's a bit embarrassing that I can't figure out how to stop this
particular alert, but I don't know how. Here's the situation:
I have Sophos anti-virus installed on some of my Linux boxes. I
keep getting Ossec alerts like the following:
2011 Oct 19 11:21:59 Rule Id: 1002 level: 2
descriptionAll is well./description
/rule
This one has fatal flaws, but if fixed it works.
On Wed, Oct 19, 2011 at 2:34 PM, Dimitri Yioulos
dyiou...@onpointfc.com wrote:
All,
It's a bit embarrassing that I can't figure out how to stop
this particular alert, but I don't know how. Here's
...@googlegroups.com] On
Behalf Of Dimitri Yioulos Sent: Wednesday, January 07, 2009 3:53 PM
To: ossec-list@googlegroups.com
Subject: [ossec-list] Re: Preventing locally triggered rule
Importance: Low
Thanks very much, Rick!
I checked the docs for any information on srcip, and also googled, but came
up
Hello to all, and a most Happy New Year!
I'm not sure if the subject of my post is accurate, but here's what I'm after.
Our Web server has been set up as a conduit by which to ping GPS devices via
our business application. When any of our LAN hosts do a ping, I get the
following notification
Agreed.
On Wednesday 25 June 2008 4:05 pm, Herb Steck wrote:
MySQL.
But there is already a web interface, so why not work off of that and make
it better?
-Original Message-
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Adriel Desautels
Sent: Wednesday,
Hi, folks.
Even though I've been using O-H for w while now, I still think I have this
screwed up: I want to use the firewall active response. However, it doesn't
seem to be working. My firewall is on a different box from O-H server.
Here's the directive I have in my ossec.conf file:
/faq.html#a2.2
Also, make sure the ip addresses are correctly configured and there is no
error on the ossec.log of your agent.
Thanks,
daniel
On 3/29/07, Dimitri Yioulos [EMAIL PROTECTED] wrote:
Hello to all.
First, to the ossec development team, great job on the program
Hello to all.
First, to the ossec development team, great job on the program and on the Web
gui! Much appreciated here.
I'm currently monitoring about 10 machines. Nine of them respond just fine.
One, however, doesn't send any mail notifications, and doesn't appear in the
Web gui. I've
On Tuesday 20 March 2007 3:11 pm, Rob wrote:
Hey all,
Finally got ossec installed on our windows servers and everything looks
good. I have 1 question however. I had test servers that I've deleted the
agent from the ossec server but I still see them in the ossec web ui. An
example is
Hello to all.
A few weeks ago I mentioned that I'd upgraded to O-H-0.9-2 (now at
O-H-0.9-3). Since then, I've been getting the following alerts from
my mail server:
OSSEC HIDS Notification.
2006 Sep 27 15:32:22
Received From: (plymouth) 192.168.1.2-/var/log/messages
Rule: 40101 fired (level
. Take a look at:
http://www.ossec.net/ossec-list/2006-September/msg00342.html
Hope it helps,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 10/24/06, Dimitri Yioulos [EMAIL PROTECTED] wrote:
Hello to all.
A few weeks ago I mentioned that I'd upgraded to O-H-0.9-2 (now
at O-H-0.9-3
Hello to all.
I recently upgraded to O-H-0.9-2. Since then, I've been getting the
following alerts from my mail server:
OSSEC HIDS Notification.
2006 Sep 27 15:32:22
Received From: (plymouth) 192.168.1.2-/var/log/messages
Rule: 40101 fired (level 12) - System user sucessfully logged on the
On Monday September 25 2006 3:43 pm, Terry Warner wrote:
Hi All,
We have OSSEC installed on 2 machines. We have the 0.9 version not
0.9-2. Recently, email messages have just stopped coming. It seems
as though ossec might not be sending them anymore or what not.
Either way, all the
/white_list
white_list192.168.100.yyy/32/white_list
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote:
Hello list members.
In order to use various tools on my OSSEC-HIDS server and agent
boxes, I've whitelisted my two desktop boxes - WinXP and
SimplyMepis Linux.
From the Linux
/ossec_config
Dimitri
On Wednesday August 09 2006 9:49 am, Ahmet Ozturk wrote:
Hi Dimitri,
If it's not a problem for you, please send them to list.
It would be good for list members to see them.
Someone may have different ideas then mine. :)
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote
Hello to all.
First, congratulations to the development team on an exellent piece of
software (recognized by SANS, no less)! It was easy to install, and
tweaking to one's own specifications is straightforward. I very much
look forward to future releases.
Apologies if this is completely
Dimitri Yioulos:
Hello to all.
First, congratulations to the development team on an exellent
piece of software (recognized by SANS, no less)! It was easy to
install, and tweaking to one's own specifications is
straightforward. I very much look forward to future releases.
Apologies
24 matches
Mail list logo