Hello Shaharyar,
compiling from source works just fine
Jan
On Sun, Feb 7, 2016 at 6:39 PM, Shaharyar Chaudhry
wrote:
> Hey, I was wondering how you got the ossec agent to work on rpi, is there
> a guide to this? I am trying to get agent on my rpi2 model to work. Any
> help would be great.
>
>
Hello Derek,
just install ossec in "local" mode, this should be best for you.
Brgds
Jan
On Mon, Oct 13, 2014 at 3:06 PM, wrote:
> I'm exploring the use of OSSEC and I've got a question the docs I've read
> aren't yet answering. I think it's going to be quicker to just ask...
>
> I have a singl
le debugging:
Trying rule: 4 - Generic template for all web rules.
*Rule 4 matched.
*Trying child rules.
Trying rule: 31100 - Access log messages grouped.
*Rule 31100 matched.
*Trying child rules.
Trying rule: 31108 - Ignored URLs (simple queries).
*Rule
ichael Starks <
ossec-l...@michaelstarks.com> wrote:
> On 2014-10-03 9:12, Jan Andrasko wrote:
>
>
>> 31100
>> ()\.+{\.+:;};
>> Shellshock Attempt
>> attack,
>>
>>
>
> Thanks for sharing this. Any specific reason fo
Hello Rob,
this works for us:
31100
()\.+{\.+:;};
Shellshock Attempt
attack,
Brgds
Jan
On Thu, Oct 2, 2014 at 3:08 PM, Robert Moerman
wrote:
> Hello,
>
> I've been trying to write a rule to detect CGI-based shellshock attacks
> via the apache log parser, but I find th
34
I see error message in agent's ossec.log
2014/09/23 15:17:19 ossec-execd(1311): ERROR: Invalid command name 'blabla'
provided.
Jan
On Tue, Sep 23, 2014 at 4:53 PM, Michael Starks <
ossec-l...@michaelstarks.com> wrote:
> On 2014-09-23 9:12, Jan Andrasko wrote:
>
>&g
Hi Michael,
I tried the script you sent, but no change. Trying it on Win2008R2 and
Win2012 DC Edition, agents and server are version 2.8.1. No message in
ossec.log, even with debug turned on. Remote restart however works fine.
Any idea what could be wrong?
Brgds
Jan
On Mon, Aug 18, 2014 at 5:07
Hi,
keepalive message contains "*erroR" *so probably this is the reason why it
matched rule 1002.
Brgds
Jan
On Sun, Sep 21, 2014 at 8:51 PM, Notify Me wrote:
> Hi
>
> I'm using 2.8:
>
> ossec-hids-2.8.1-47.el6.art.x86_64
> ossec-hids-client-2.8.1-47.el6.art.x86_64
> On Sep 21, 2014 12:31 PM, "
http://www.ossec.net/files/ossec-hids-2.8.tar.gz
>
>
> On Tuesday, July 29, 2014 6:30:38 AM UTC-7, Jan Andrasko wrote:
>
>> Hi guys,
>>
>> today, when trying to download ossec from your website, I was constatnly
>> getting 403 error:
>>
>> wget http:
velvin, can you try to run ossec-logtest more verbose with command
"ossec-logtest -v" and paste the results here? I had similar issues with
ossec-logtest giving different results than ossec-analysisd in the past.
Jan
On Fri, Aug 29, 2014 at 8:44 PM, dan (ddp) wrote:
> On Fri, Aug 29, 2014 a
Hi guys,
today, when trying to download ossec from your website, I was constatnly
getting 403 error:
wget http://www.ossec.net/files/ossec-hids-2.8.tar.gz
--2014-07-29 15:16:21-- http://www.ossec.net/files/ossec-hids-2.8.tar.gz
Resolving www.ossec.net (www.ossec.net)... 150.70.191.237
Connecting
Hello Evan,
rule 1002 matches every log which contains these words:
core_dumped|failure|error|attack|bad |illegal
|denied|refused|unauthorized|fatal|failed|Segmentation Fault|Corrupted
and is by default configured to aler by email
$BAD_WORDS
*alert_by_email*
Unknown problem somew
12 matches
Mail list logo
