I edit my /var/ossec/etc/ossec.conf on the server... the
section
I add yes
and restart my ossec server
/var/ossec]# bin/ossec-control restart
Killing ossec-monitord ..
Killing ossec-logcollector ..
Killing ossec-remoted ..
Killing ossec-syscheckd ..
Killing ossec-analysisd ..
Killing ossec
not 2.9
Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)...
and I downloaded directly
On Tuesday, June 2, 2015 at 10:21:08 AM UTC-4, dan (ddpbsd) wrote:
>
> On Tue, Jun 2, 2015 at 10:18 AM, James Siegel > wrote:
> > I edit my /var/ossec/etc/ossec.conf on the server... the
ok, thanks Dan, it is in the 2.8.1 documentation and I was just asked this
morning if I could configure it to alert via json...
I'll try 2.9 although I think my boss will want to wait until out of
beta... so may have to wait for that
On Tuesday, June 2, 2015 at 10:19:50 AM UTC-4,
Had issue with our nfs shares, went to look for fix.
I see this comment in http://osdir.com/ml/ossec-list/2015-06/msg00083.html
In 2.9 we have skip_nfs
http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.rootcheck.html?highlight=nfs#element-skip_nfs
however that doc link is for 2
We would like to be able to make changes to the syscheck database.
Is there an api for this? Has anyone else tried?
We knowingly make changes to hundreds of files at a time in our systems.
These cause a flurry of alerts. We do not want to ignore/exclude those
portions of our environment. We sti
this is also similar to a question I have about being able to modify the DB
with known good changes to files so we don't get alerted on our hotfix
process
On Monday, February 21, 2011 at 7:01:31 AM UTC-5, Dimitris Chontzopoulos
wrote:
>
> Hello everyone,
>
> We're trying to remove data from wit
One of our devs is taking a look at this. When he is done, what is able to
be shared out to public (ie without our data in it) I'll try to make sure
it gets out.
On Tuesday, August 25, 2015 at 9:39:46 AM UTC-4, James Siegel wrote:
>
> We would like to be able to make changes to t
Active response is acting up abnormally in 2.8.1
Active response is enabled.
Subnets are whitelisted in ossec.conf on the server.
The server and the agents have all been restarted over the past few months
during patching cycles.
Last week my boss was locked out by active response while demonstra
I have a set of subnets that are whitelisted.
The server and agents were installed quite some time ago and are on 2.81.
The server and the agents have been restarted at various times over the
past months as part of update/patching processes.
The conf file was not changed during those time period
