I'm having the same problem. But it doesn't happen for all messages.
Some have 4 of the same, some have 7. If this continues I'll have to
try to unsubscribe and then subscribe again.
Jimi
On 5/18/10 10:55 AM, B/K Walker wrote:
> On Tue, 18 May 2010 14:07:17 +0200 Wim Remes wrote:
>> yup, yup,
You could always dump the output of some account auditing program into a
file and add a custom rule to monitor for something in that file.
On linux the psacct suite of tools works well for me.
jimi
MdMonk wrote:
> .bash_history isn't updated until the shell is exited.
>
> -Chuck
>
> On Thu, A
Dan,
What linux distro are you using? I know that on Fedora SElinux kernel
extensions are turned on by default and this prevents the WUI from
getting access to the proper places on the file system.
So you would need to type the following (if you chose the default
install locations)
chcon -R --
Dan,
I have yet to implement version 2 of the software, but I know in version
1.6 there was a default of 12 emails per hour or something along those
lines.
You can look into the tag that goes in the global
section of the config and set that to something really high, say .
Jimi
Dan Gherman
Also, I don't know if this still applies to the current version, but in
previous versions you needed to have the SUNWxcu4 package installed.
To see if you have it installed run:
pkginfo | grep SUNWxcu4
Fletch Hasues wrote:
> Looks like you are using the Sun Studio compiler instead of gcc which
This is my first attempt at writing startup scripts for OS X, so if
anyone has some pointers they would be much appreciated. But for others
you can use these as you wish. Just copy the files into
/Library/StartupItems/OSSEC and you'll be set to have the software start
on boot.
You can also call
is possible? Thanks again for your help.
>
>
> Thanks,
>
> Josh
>
> -Original Message-
> From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED]
> On Behalf Of Jimi Schwar
> Sent: Tuesday, November 11, 2008 1:27 PM
> To: ossec-list@googlegroups.com
>
Paul,
By default, after installation, OSSEC seems to start as a system service
on boot and runs with SYSTEM account privileges. So the software will
run in the background without that user needing to do anything.
To see this go to START --> RUN --> and type services.msc . In the list
you will
Josh you can split up email messages using grouping or alert levels.
So say you wanted to send syscheck alerts to [EMAIL PROTECTED] and
apache alerts to [EMAIL PROTECTED] You would need to add the
following to your ossec.conf file:
[EMAIL PROTECTED]
syscheck
I created an account on the wiki, but was unable to modify
http://www.ossec.net/wiki/index.php/OSSECWUI:Install . So I would like
to suggest that someone who has the access to add a note about needing
to run the following command with SElinux installed (i.e. Redhat)
chcon -R --reference /var/www
Daniel,
I just created a new VM with Fedora 9 running the i386 version instead
of the i86_64 version. syscheck_control works brilliantly on the i386
version. So I guess it's not Fedora, its just the 64 bit version of the OS.
Jimi
Jimi Schwar wrote:
> [EMAIL PROTECTED] bin]# gdb /v
; # gdb /var/ossec/bin/syscheck_control
> (gdb) set follow-fork-mode child
> (gdb) run -i 001
> (gdb) bt
>
> And give us the output? I never had any issue with it, so I can't
> reproduce from here.
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
I've been playing with rules this morning and stumbled across something
that should help you out a bit better than my last reply. You might be
able to use if_level to do this.
Maybe something like this would work:
1
host_name_here
Bumped up the level for this host
2
host_name
I don't know if there is a way to do this universally but I think you
can always add a per rule change in the local_rules.xml file. Take the
logon failure as an example:
Original Rule:
FAILED LOGIN |authentication failure|
Authentication failed for|invalid password for|
LOGIN FAI
Thanks for the links, I had been wondering if there were tools like
these. However has anyone run into any trouble with syscheck_control
seg faulting on Fedora 9.
Well, let me a bit more specific (ip addresses removed from info)
The following command fails:
[EMAIL PROTECTED] bin]# ./syscheck_c
I solved my own problem. Upgrading Xcode tools to 3.1.1 (the leopard
verison) from 2.5 (the tiger version) fixed it. Sorry to bug the list
with this.
Jimi Schwar wrote:
> I am having trouble building OSSEC on Leopard 10.5.5. Everything seems
> to go fine until I get to this
I am having trouble building OSSEC on Leopard 10.5.5. Everything seems
to go fine until I get to this point:
*** Making os_maild ***
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DCLIENT
-DUSE_OPENSSL -DDarwin -DHIGHFIRST-DARGV0=\"ossec-maild\"
-DXML_VAR=\"var\" -DOSSECHIDS
17 matches
Mail list logo