any ideas why DNS name would not work and IP does?
First auth request with DNS name fails. Double check that name
translates, and put IP in, which works.
Confused...
---
# /var/ossec/bin/agent-auth -m ossec -p 1515
2011/10/05 08:41:32 ossec-authd: INFO: Started (pid: 5639).
apparently - after reading docs and source - it is not set to do lookups
(authd) so we are stuck with IPs for this.
Time for a patch..
;-)
Just curious if anyone has a current spec file for agent and server
for 2.6? All the ones I am finding are very old. A lot of changes have
occurred and i don't want to re-invent the wheel if someone else has
already done the work.
thanks
~k
I have about 1000 AIX boxes with OSSEC - mostly 6.1 but about 100 5.3.
Let me review my config - I build it on one server, then build the
binary package to distribute to others. I will review it later today
and post my findings and configs for you.
cheers
Kat
On Jul 20, 7:55 pm, Jon Schipp
case scenario is I
change the config, and within about 30 minutes, all the associated
servers are updated and running the new agent config.
www.puppetlabs.com
cheers
Kat
On Jul 14, 2:06 pm, jplee3 jpl...@gmail.com wrote:
Hi all,
Does anyone have suggestions on pushing agent.conf after making
think you will find that logzilla.pro can do
more for you with centralized logging, including OSSEC.. It makes
searching so much faster.
-Kat
On Jul 20, 1:51 pm, James M Pulver jmp...@cornell.edu wrote:
I'm looking at using syslog from the OSSEC server to a web frontend of a
sort, and I'm not sure
.), this makes a much better interface anyway.
I am working on the WUI however, just because I want to see if I can
resolve it. I will let you know if I do in the next few days.
-Kat
I would be dumping all my alerts to a database and then use a tool - -
I use LogZilla (www.logzilla.pro) for this. I even worked with Clayton
to help come up with an OSSEC Module for Logzilla, so the alerts are
properly formatted as they go into the database..
cheers
Kat
PS - yes, I use LogZilla
...
Thoughts/comments?
-Kat
Agentless doesn't handle it - this is for a log file - agentless
doesn't handle the log files, only file changes..
I have to do some more testing with logall - but there is no way to
apply logall to a single localfile being monitored which is what I am
looking for.
Has anyone found anything with this - I have the exact same problem -
there has got to be something that is known about this. All my Windoze
agents work fine, but I have lost every single UNIX/Linux agent and
for no reason other than the same silly
WARN: Waiting for server reply (not started).
RHEL 5.3
Only special update is PHP 5.3, which would have nothing to do with
OSSEC, but mentioning it.
I would be happy to supply some debug info.
It was working flawlessly when first installed, then they just started
dropping off. Agents are a mixture of AIX 6.1 , RHEL 5.3 and Solaris
10
The
PS - I can packet capture on both ends - what would you want to see???
On May 4, 11:11 am, Kat uncommon...@gmail.com wrote:
RHEL 5.3
Only special update is PHP 5.3, which would have nothing to do with
OSSEC, but mentioning it.
I would be happy to supply some debug info.
It was working
-agent: UDP,
length 73
13:02:21.857941 IP 10.15.40.100.ossec-agent 10.15.58.60.47103: UDP,
length 73
13:02:21.858196 IP 10.15.58.60 10.15.40.100: ICMP 10.15.58.60 udp
port 47103 unreachable, length 92
On May 4, 12:43 pm, Kat uncommon...@gmail.com wrote:
PS - I can packet capture on both ends
found the problem - indeed it was the firewall. It was blocked off.
But since the connections are stateful and had been established, they
hung on until I restarted the agents. As each agent was restarted, the
firewall block for the return acknowledgment was blocked and thus the
problem of the
IP tuning params, and all the agents
are reconnecting!!
On Apr 26, 9:15 am, Kat uncommon...@gmail.com wrote:
found the problem - indeed it was the firewall. It was blocked off.
But since the connections are stateful and had been established, they
hung on until I restarted the agents. As each
I have seen this posted, but not sure of the real problem/solution -
so I will try again. (with a lot more detail)
I have several agents. They had been working for over a month. Then
for some reason some of them started giving this fabulous error:
ossec-agentd(4101): WARN: Waiting for server
, 9:47 pm, Michael Starks ossec-l...@michaelstarks.com
wrote:
On 04/03/2011 02:46 PM, Kat wrote:
So all I want to do is have OSSEC send the data, ignore it for alerts,
but dump it into the database. I know about log all but was
wondering the best way to have OSSEC ignore the data completely
many levels.
Cheers
Kat
On Apr 4, 10:03 am, Robert Smith rsm...@transcard.com wrote:
Hello All,
I am new to the ossec product. I just went through a PCI audit and they
required us to have IDS in our In Scope pci environment. I had read about
ossec in the past and thought I would give
Here is something a little different I wanted to run by the group and
get some feedback/comments.
The beauty of OSSEC - it is client/server and uses encryption to send
data. That said, think about this:
I have a log on a system I want to get to my central OSSEC server. I
don't want OSSEC to go
Hi all...
I did some searching and only found a windows related post that I
don't think is the same. Are there any known problems with agents
coming/going with showing as inactive and then returning back to
active? Is this something that has been discussed before? Trying to
understand in a small
Hi all...
Wondering if anyone has done this. Looking for a way to generate/run a
script with the output from a report. For example, if I were to run
reportd for daily file changes - I would want to create a ticket in
Remedy or some other tool (I already the the script to do it) and put
that
Here is a question for the folks that know the innards of OSSEC. If
OSSEC agent is watching a log file, and all the processing happens on
the server - does that mean all the data in that log file is available
on the ossec server?
In otherwords, if I had syslog sending to a central server, and yet
else tried to alert or deal with
websphere???
On Mar 17, 1:07 pm, dan (ddp) ddp...@gmail.com wrote:
Hi Kat,
On Thu, Mar 17, 2011 at 1:45 PM, Kat uncommon...@gmail.com wrote:
Here is a question for the folks that know the innards of OSSEC. If
OSSEC agent is watching a log file, and all
I saw a few comments about this but never an answer... When I run my
daily reports - if it is run from inside of ossec-conf and email, no
problems. I get the summary and that is all. Great. But if I try to
run it by hand with something like:
cat /var/ossec/logs/alerts/alerts.log | ossec-reportd
101 - 125 of 125 matches
Mail list logo
