I have group AdminOSSEC and two user adminQL and adminKH
mail two user that is admi...@server.vn and admi...@server.vn
that is my config in server. i have restart ossec server but i don't have
mail alert when config with group email. please help me. thank !
alerts
how to config that. please help me dan. tomorrow i have report with my
teacher. please help me :(
Vào 01:00:08 UTC+7 Thứ sáu, ngày 18 tháng bảy năm 2014, Nguyễn Văn Hớn đã
viết:
I have group AdminOSSEC and two user adminQL and adminKH
mail two user that is admi...@server.vn and admi
thank dan !. My goal is to send mail alerts OSSEC to one group when there
are warnings at certain levels.I will try to read the documentation. thank
for help dan
Vào 01:00:08 UTC+7 Thứ sáu, ngày 18 tháng bảy năm 2014, Nguyễn Văn Hớn đã
viết:
I have group AdminOSSEC and two user adminQL
thank you very so so much. i have done :)
Vào 04:38:41 UTC+7 Thứ tư, ngày 02 tháng bảy năm 2014, Nguyễn Văn Hớn đã
viết:
i have writed powershell script.
this is content: ( it is detect new process)
Clear-Content c:\old.txt;
Clear-Content c:\new.txt;
Clear-Content c:\compare.txt;
Get
This is my config acitve response in Agent
active-response
disabledno/disabled
/active-response
command
namerestart/name
executablerestart.cmd/executable
expect/expect
/command
active-response
commandrestart/command
locationall/location
level7/level
thank Dan. but how to config active response in window. i want to run
script restart computer when i attach usb in window
Vào 01:24:55 UTC+7 Thứ năm, ngày 03 tháng bảy năm 2014, Nguyễn Văn Hớn đã
viết:
This is my config acitve response in Agent
active-response
disabledno/disabled
You can post the log?
Vào 23:02:55 UTC+7 Thứ ba, ngày 01 tháng bảy năm 2014, Kevin Kelly đã viết:
The following rules worked before, but now I get an error:
!-- Ignore rule 18139 --
rule id=100117 level=0
if_sid18139/if_sid
optionsno_log/options
regexUser name:\s+\.*\$\s+/regex
i have writed powershell script.
this is content: ( it is detect new process)
Clear-Content c:\old.txt;
Clear-Content c:\new.txt;
Clear-Content c:\compare.txt;
Get-Process | Select-Object name|Format-Wide -Column 1 old.txt;
(gc old.txt) | Foreach {$_.TrimEnd()} | where {$_ -ne } | Set-Content
but i can run this without ossec it is running. :(
Vào 04:38:41 UTC+7 Thứ tư, ngày 02 tháng bảy năm 2014, Nguyễn Văn Hớn đã
viết:
i have writed powershell script.
this is content: ( it is detect new process)
Clear-Content c:\old.txt;
Clear-Content c:\new.txt;
Clear-Content c:\compare.txt
https://lh5.googleusercontent.com/-D10SO7N8UTU/U5XFZhC1OfI/AVk/dWUtJxTBsqc/s1600/Capture.PNG
I have install WUI OSSEC 0.8. Have set permissions
# chmod 770 tmp/
# chgrp www-data tmp/
# apachectl restart
and edit php.ini
max_execution_time = 180
max_input_time =
It have alert. but i want test funcion search OSSEC it error. my user
acpache is apache. i had set it and disable selinux
Vào 21:58:57 UTC+7 Thứ hai, ngày 09 tháng sáu năm 2014, dan (ddpbsd) đã
viết:
On Mon, Jun 9, 2014 at 10:35 AM, Nguyễn Văn Hớn hon...@gmail.com
javascript: wrote
, Nguyễn Văn Hớn hon...@gmail.com
javascript: wrote:
It have alert. but i want test funcion search OSSEC it error. my user
acpache is apache. i had set it and disable selinux
Are there any related logs in apache's error log? Are you sure there
are logs that fit the criteria
How to fix that. Please help me!
Vào 22:24:14 UTC+7 Thứ hai, ngày 09 tháng sáu năm 2014, Nguyễn Văn Hớn đã
viết:
oh. thank Dan. i have to read log apache. it have log
Perrmission denied in /var/www/html/ossec/lib/os_lib_alerts.php on line
39, referer: http://192.168.3.2/ossec/index.php?f
No. i have set chgrp apche for it.
Vào 22:54:06 UTC+7 Thứ hai, ngày 09 tháng sáu năm 2014, dan (ddpbsd) đã
viết:
Have some patience.
On Mon, Jun 9, 2014 at 11:46 AM, Nguyễn Văn Hớn hon...@gmail.com
javascript: wrote:
How to fix that. Please help me!
Vào 22:24:14 UTC+7 Thứ hai
Vào 23:17:31 UTC+7 Thứ hai, ngày 09 tháng sáu năm 2014, dan (ddpbsd) đã
viết:
On Mon, Jun 9, 2014 at 12:06 PM, Nguyễn Văn Hớn hon...@gmail.com
javascript: wrote:
No. i have set chgrp apche for it.
i have fix that. thank Dan very so so much :D
Ok then. You need to track down what
Hi every body. i have to make with
link
http://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage-with-ossec/
but it is not running.
and
link
http://ossec-docs.readthedocs.org/en/latest/manual/monitoring/process-monitoring.html
but is not running.
i want to create active response
(ddpbsd) đã viết:
On Tue, Jun 3, 2014 at 12:27 PM, dan (ddp) ddp...@gmail.com javascript:
wrote:
On Tue, Jun 3, 2014 at 11:57 AM, Nguyễn Văn Hớn hon...@gmail.com
javascript: wrote:
Hi every body. i have to make with link
http://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage
I have detect software tail end MSI but the software not MSI i didn't
detected. You can talk about that. How to detect software?
Vào 08:19:57 UTC+7 Thứ tư, ngày 04 tháng sáu năm 2014, Trieu Ngo Duy đã
viết:
I was watching the installation of unauthorized software agent. I was
warned. I
Hi. I come from Vietnam. And i have project for OSSEC. we can talk to each
other about OSSEC?
Vào 09:37:56 UTC+7 Thứ hai, ngày 02 tháng sáu năm 2014, Trieu Ngo Duy đã
viết:
help me about active response. how to execute this command: REG ADD HKCU \
Software \ Microsoft \ Windows \
hi everybody. i have question :
How to send alert from server to agent when agent have attacked. And log
from agent send to server. Where is it stored?
thank for help
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this
tháng năm năm 2014, dan (ddpbsd) đã
viết:
On May 26, 2014 12:39 PM, Nguyễn Văn Hớn hon...@gmail.com javascript:
wrote:
hi everybody. i have question :
How to send alert from server to agent when agent have attacked. And log
from agent send to server. Where is it stored?
You can't
Oh. thank for help. Dan :)
Vào 00:05:42 UTC+7 Thứ ba, ngày 27 tháng năm năm 2014, dan (ddpbsd) đã viết:
On May 26, 2014 1:02 PM, Nguyễn Văn Hớn hon...@gmail.com javascript:
wrote:
For example. when server have detect rootkit or modified from agent , we
have alert. but it only server
thank everybody. i have fix that error.
Vào 21:31:37 UTC+7 Thứ tư, ngày 21 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Sun, May 18, 2014 at 12:01 PM, Nguyễn Văn Hớn
hon...@gmail.comjavascript:
wrote:
How to set time in ossec. i have set time5:30 pm – 8:30 am/time
but
it have
Current I'm working projects on OSSEC. I am looking to understand how add
rule to local_rule.xml but I do not need to restart OSSEC and OSSEC can
still know the new rule . Please help me !
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
C language you can talk detail solution?
Vào 23:21:59 UTC+7 Thứ ba, ngày 20 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Tue, May 20, 2014 at 12:20 PM, Nguyễn Văn Hớn
hon...@gmail.comjavascript:
wrote:
Current I'm working projects on OSSEC. I am looking to understand how
add
rule
How to set time in ossec. i have set time5:30 pm – 8:30 am/time but
it have error
2014/05/18 22:59:59 ossec-analysisd(1274): ERROR: Invalid configuration.
Element 'time': 6pm – 8:30am.
2014/05/18 22:59:59 ossec-testrule(1220): ERROR: Error loading the rules:
'local_rules.xml'
please help me !
that i my decode and rule for dectect usb
!--pre-coder--
decoder name=USB
program_name^kernel/program_name
/decoder
decoder name=USB-En
parentUSB/parent
prematch^sd \S+/prematch
regex^sd \S+ [sdb] (\S+) SCSI (\.+)/regex
orderaction,status/order
/decoder
decoder name=USB-Dis
parentUSB/parent
how to config ossec auto restart when it have new rule or decode
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For
hi everybody. I have project for OSSEC. my teacher is wanted i auto
generated signature for ossec. i have find on internet but never open
source for that. everybody can you help me :(
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To
https://lh4.googleusercontent.com/-ZjklBzZUSyI/U3NItUETf5I/AUU/m4rAO7rIYcc/s1600/Capture.PNG
hi everybody. i want to change the ip ossec-server to ip static. for
example 192.168.2.100. i don't know change it. please help me
--
---
You received this message because you are subscribed
in the WUI. i want to change ip that, because i set ip static in server. i
don't want to see ip 127.0.0.1 in WUI
Vào 19:25:14 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Wed, May 14, 2014 at 6:44 AM, Nguyễn Văn Hớn
hon...@gmail.comjavascript:
wrote:
hi
i know that is server ip. that is ip localhost. but example server ip i
set static 192.168.2.1. i want to see that in WUI. how about config that
Vào 19:49:37 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Wed, May 14, 2014 at 8:37 AM, Nguyễn Văn Hớn
hon
You have open port 1514 in iptables.
Vào 19:47:49 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, Bart Nukats đã viết:
Hello,
I'm having issues with agents, I'm unable to successfully reconnect them,
tried almost everything, but nothing helps, therefore asking for help here.
Info:
I'm using
oh. thank for your help.
Vào 19:56:04 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Wed, May 14, 2014 at 8:53 AM, Nguyễn Văn Hớn
hon...@gmail.comjavascript:
wrote:
i know that is server ip. that is ip localhost. but example server ip i
set
static 192.168.2.1. i
That is my config
syscheck
!-- Frequency that syscheck is executed - default to every 22 hours --
frequency300/frequency
!-- Directories to check (perform all possible verifications) --
!--directories check_all=yes/etc,/usr/bin,/usr/sbin/directories
directories
Thank for u. The alert have send to me. but it is delay very slow send
alert. how to optimize speed for intergrity
Vào 00:58:17 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Tue, May 13, 2014 at 1:53 PM, Nguyễn Văn Hớn
hon...@gmail.comjavascript:
wrote
How to config realtime?? i have added tag realtime in config you talk
about realtime in kernel or what else
Vào 01:09:15 UTC+7 Thứ tư, ngày 14 tháng năm năm 2014, dan (ddpbsd) đã viết:
On Tue, May 13, 2014 at 2:04 PM, Nguyễn Văn Hớn
hon...@gmail.comjavascript:
wrote:
Thank for u
https://lh4.googleusercontent.com/-pfoF5hylM_Y/U3CPVfQWEAI/AUE/rwFhp-o5Ve0/s1600/Untitled.png
hi everybody.
when i see the picture.I wonder how do you know certainly server get the
logs from agent. because it uses UDP port 1514 udp protocal never check
destination have recived packet
I also thought so very thankful for your help :)
Vào 21:19:00 UTC+7 Thứ hai, ngày 12 tháng năm năm 2014, Michael Starks đã
viết:
On 2014-05-12 4:10, Nguyễn Văn Hớn wrote:
[1]hi everybody.
when i see the picture.I wonder how do you know certainly server get
the logs from agent
hi everybody. today i have delete syscheck in /var/ossec/queue/syscheck. :(
how can i do recovery that
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
40 matches
Mail list logo