Hi list,
is there a way, (or does anyone have implemented it already) to let ossec
have a look at it's own logfile (ossec.log) and to write/activate a rule to
get alerted if a ERROR like "Incorrectly formated message from x.x.x.x"
occurs?
Best regards,
Matthias
--
---
You receive
Hi list,
i have configured ossec to report file changes on e.g. 20 identical
servers, but the email alerts aren't identical (same ossec config
aswell). there are some alerts which only tell me that checksum of the
file has changed:
> Rule: 550 fired (level 7) -> "Integrity checksum changed."
> Po
and SDAEMONS definition.
regards,
matthias
--
Matthias Fraidl
Technical Operations
__
nic.at GmbH
Jakob-Haringer-Str. 8/V, 5020 Salzburg, Austria
Tel: +43 662 46 69-718
Fax: +43 662 46 69-19
E-Mail: mailto:matthias.fra...@nic.at
Web: http://www.ni
Hi list,
is it to possible to send different alert-level emails to multiple email
addresses? F.e. i want ossec to send notifications from level 3 and
above to my personal address, but more important alerts (level 7 and
above) should go to a distributor address.
Any suggestions?
Kind regards,
Mat
Hi Guys,
i've got another question regarding the shared/agent.conf.
I defined a section with
where all the basics are in (rootcheck, localfiles à la
/var/log/messages, syslog, etc.)
Further i've create another section with
where the $webserver-logs and other files are defined.
On 02/24/2015 02:42 PM, dan (ddp) wrote:
> On Tue, Feb 24, 2015 at 4:18 AM, Matthias Fraidl wrote:
>> Hi,
>>
>> i am new to ossec and i want to understand better how some things work.
>>
>> 1) Tthe shared/agent.conf is deployed to manager by puppet - if i change
&
On 02/24/2015 12:26 PM, Christian Beer wrote:
> Am 24.02.2015 um 10:18 schrieb Matthias Fraidl:
>> 4) We do want to know if there appear failed logins (ssh f.e.) on our
>> systems, but we only want to get noticed, we do not need an
>> active-response (already disbaled). May i
Hi,
i am new to ossec and i want to understand better how some things work.
1) Tthe shared/agent.conf is deployed to manager by puppet - if i change
this file, do i have to restart the manager or will it recognize changes
by its own? Will the shared/agent.conf be pushed from the manager to all
ac