On Wednesday, October 3, 2018 at 3:48:25 PM UTC+2, ERMAN ATES wrote:
>
> Hello all,
>
> I could not install ossec-agent on a Ubuntu 18 machine.
> Applying the guide here (*) resulted with errors:
>
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> So
It wass an issue with https not apt,i solved installing the https
transport. Now i wanna create some custom decoder and rules, when the new
line is added.in log file which contain "error" to get an alert,but no
succes.Any idea how ?? Thanks in advance.
On Friday, August 24, 2018 at 12:24:20 AM
I started with this but no succes so far.
$BAD WORDS:
test
ERROR
(\S+)
extra_data
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to o
Hello sorry for bothering you, but maybe you could help me with my custom
decoder(which doesnt work).I wanna create a custom decoder to alert my on
email when i put some text like 'error".
log file format:
2018-09-03 WARN test
2018-09-03 ERROR test text to be alerted
2018-09-03 INFO
2018-09
Something like this ?
ossec-exampled
^$BAD_WORDS
^ERROR
srcip, action
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@goo
Something like this ?
test
$BAD_WORDS
^BAD_WORDS \S+ \p(\S+)\p$|^BAD_WORDS \S+ \p(\S+)\p$
srcip, action
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
Thank you for time Dan,without you explorin ossec would be so difficult The
problem was https was not installed on the system i installed and
everything work fine .Now i wanna create some custom decoder to match it
with rule "unkown problem found in the system" and when i type error to get
an a
Thank you for time Dan,without you explorin ossec would be so difficult The
problem was https was not installed on the system i installed and
everything work fine .Now i wanna create some custom decoder to match it
with rule "unkown problem found in the system" and when i type error to get
an a
Hello, i have problem connecting agents. I installed Ossec on Ubuntu Server
16.04 Virtual machines, Added an agents ( with IP and any) extracted key,
but when i see agents list i got only. "No agent avalibale. Could anyone
know whats the issue Here are my logs from machines.Any help is
apprecit
[image: VirtualBox_Server Ubuntu 2_20_08_2018_12_15_57.png]
[image: VirtualBox_ubuntu test2_20_08_2018_09_01_20.png]
Thank you so much Dan, that work out i solve my issue with agent_manager.
But when i add the agents, and extract the key, then i copied the key in
agent, i have output "no a
[image: VirtualBox_ubuntu test2_16_08_2018_14_37_18.png]
Thx for response Dan but i got nothing man i follow all your steps and
commands and i still have the same problem, also the log file report the
same issue.
--
---
You received this message because you are subscribed to the Google Gr
[image: VirtualBox_Server Ubuntu 3_16_08_2018_11_55_51.png]
When i restart ossec i got this
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list
Helo Dan thx for your time and sorry for bothering you I think its
something to do with config maybe.
[image: VirtualBox_Server Ubuntu 1_16_08_2018_11_17_43.png]
[image: VirtualBox_Server Ubuntu 1_16_08_2018_11_34_25.png]
Here are the logs and config on Server 1 (ossec server)
Here are the l
Arleady did, its same, i reinstall it in this way is correct ?
/var/ossec/bin/ossec-control stop && rm -rf /var/ossec && rm
/etc/init.d/*ossec* && rm /etc/ossec-init.conf
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from t
When i type /var/ossec/bin/manage_agents ,I have only this output one on
both of them
* OSSEC HIDS v2.9.3 Agent manager. *
* The following options are available: *
**
**
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added
Thanks Dan you are the best :) Your post help me a lot and i got alert it
was problem with smtp server. But know i am facing issue with adding
agents. I used every type of network provided in VirtualBox
(Host-only,Bridged,NAT) and none of them give me the result. When i wanna
add key to agent v
Thanks man that help me a LOT, it was problem with smtp server
On Friday, August 10, 2018 at 3:17:59 PM UTC+2, dan (ddpbsd) wrote:
>
> Just a couple of quick ones. I took 3 of the logs you provided, and
> used `ossec-logtest` to see how they were decoded.
>
> **Phase 1: Completed pre-decoding.
17 matches
Mail list logo