a lab with current branch of ossec and perform all
possible tests like report_changes , check_sum ( which at moment isnt
working properly with current version I running ) I ran a lot of OpenBSD
Thank you so much your time, attention , need to pay a beer for u.
Regards,
2016-10-03 14:36 GMT-03:00
al time it really
working
back soon :) Thank you so much !
2016-10-03 14:32 GMT-03:00 dan (ddp) :
> On Mon, Oct 3, 2016 at 1:16 PM, R0me0 *** wrote:
> > Dan , Just have take a look what you changed and I already did it.
> >
> > Just for curiosity I will clone and try to com
PM, dan (ddp) wrote:
> > On Mon, Oct 3, 2016 at 12:51 PM, R0me0 *** wrote:
> >> Hello Dan,
> >>
> >> I tried to compile the last OSSEC stable release
> >> https://github.com/ossec/ossec-hids/archive/v2.8.3.tar.gz
> >> Also I have cloned https:/
pub/OpenBSD/6.0/packages/amd64/inotify-tools-3.14pl0.tgz>
dependency
is libinotify-20160503.tgz
<http://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/libinotify-20160503.tgz>
Thanks
2016-10-03 8:37 GMT-03:00 dan (ddp) :
> On Fri, Sep 30, 2016 at 6:19 PM, R0me0 *** wrote:
> >
latest stable 2.8.3 neither openbsd_initify from your repository compiles.
ldconfig -r | fgrep inotify
linotify.2.0 => /usr/local/lib/inotify/libinotify.so.2.0
Thank you
If you need anything else let me know
2016-09-30 17:25 GMT-03:00 dan (ddp) :
> On Sep 30, 2016 3:44 PM,
60503
2016-09-30 15:52 GMT-03:00 R0me0 *** :
> I am using 2.8.3 version and is a little bit different. Anyway I have made
> all changes in sources files without success.
>
> Another very interesting point is:
>
> report_changes=yes
>
> isnt reporting the diff's just
16-09-30 13:13 GMT-03:00 dan (ddp) :
> On Fri, Sep 30, 2016 at 11:07 AM, R0me0 *** wrote:
> > Taking a better look within Makeall file the flag to compile is: cho
> > "EEXTRA=-DUSEINOTIFY" >> Config.OS
> >
> > tmp/ossec-hids-2.8.3/src/syscheckd/
5 'syscheck')
2016-09-30 11:46 GMT-03:00 dan (ddp) :
> On Fri, Sep 30, 2016 at 9:49 AM, R0me0 *** wrote:
> > @dann I already set CFLAGS including include directory of inotify.h
> without
> > success
> >
>
> I've gotten it to compile and not give me
support with
> Make:
>
> cd src
> make TARGET=agent USE_INOTIFY=yes
>
> Hope it helps.
> Regards.
>
>
> On Friday, September 30, 2016 at 12:38:30 AM UTC+2, dan (ddpbsd) wrote:
>>
>> On Sep 29, 2016 4:10 PM, "R0me0 ***" wrote:
>> >
>>
Hello guys.
I'm trying to use real monitoring.
I have installed inotify-tools from OpenBSD packages
Initially I guess something related with run_realtime.c and I point
inotify.h path.
But I still without be able to use Real monitoring with the follow error in
ossec.conf
( OpenBSD - OSSEC AGENT
Hello shadeninx !
Thank you !
In fact, what you said is true, but filtering logs, I can see a default
behavior, with login and the last log entry is loggoff ( in most times, if
the especified user really shutdown workstation ).
Regards
2013/3/20 shadejinx
> There is no reliable way to tell that
Hello there,
I need a right direction to audit alerts.log
I need know accuralety which hours an user login and loggout in Active
Directory Domain.
I've Windows 2008 and 2003 ( primary and secundary, respectively )
Ossec agents is installed on both servers
* Alert 1354354465.98266105: - windows,aut
Sorry, I did not pay attention
You have the reason
He are writing a decode rule
Regards,
2013/2/27 dan (ddp)
>
> On Feb 27, 2013 7:38 AM, "R0me0 ***" wrote:
> >
> > Use syslog instead "rsyslog"
> >
>
> You are confused.
>
> >
>
Use syslog instead "rsyslog"
2013/2/27 root
> **
> hi,all
>
> now, i write the decoder like this
>
>
>^(.*)\s+rsyslogd-pstats:\s+(.*)
>extra_data
>
>
> but when i restart the ossec
>
>
> 2013/02/27 20:04:21 ossec-analysisd(2107): ERROR: Decoder configuration
> error: 'rsy
14 matches
Mail list logo