Am Donnerstag, 24. September 2015 16:45:11 UTC+2 schrieb Thomas Unger:
>
> Hello,
>
> i run ossec 2.8.1 compiled from source on a centos (el6 x64) 8GB Box quite
> stable for over 2 years (incl prev. ossec versions).
> Last week suddenly there was no processing of alerst.
he problem was gone.
Am Donnerstag, 24. September 2015 16:45:11 UTC+2 schrieb Thomas Unger:
>
> Hello,
>
> i run ossec 2.8.1 compiled from source on a centos (el6 x64) 8GB Box quite
> stable for over 2 years (incl prev. ossec versions).
> Last week suddenly there was no pro
Hello,
i run ossec 2.8.1 compiled from source on a centos (el6 x64) 8GB Box quite
stable for over 2 years (incl prev. ossec versions).
Last week suddenly there was no processing of alerst. It turned out that
ossec-analysisd was killed due to out of memory.
Today it happended again and so i thoug
Hello,
is it possible to trigger a rule when the decoder filled srcip and dstip with
the same ip?
Kind Regards,
T
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an em
At least on win32-clients, i had to enable active-response ot use the
restart-feature
no
Am Mittwoch, 12. Juni 2013 08:08:14 UTC+2 schrieb Macus:
>
> Yes, the ossec-execd is running on both server and agent boxes.
>
> dan (ddpbsd)於 2013年5月31日星期五UTC+9下午11時14分39秒寫道:
>>
>> On Wed, May 22, 2
Ok, it seems i can answer this now.
After digging through the ossec-source it was confirmed, that
ossec-logtest uses the current time as alert-time. This is absolutely
correct.
Having the sourcecode (thank ossec-devs), i had the chance to modify
ossec-logtest to fetch the date/time from the l
i found it useful to run a nessus-scan (web-app profile) against one of my
servers. If you reveive alerts by ossec then the log is really monitored.
Regards, T.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group
Hello,
i am new to ossec and splunk. First of all, the installation was quite
straight forward thanks to the documentation found in the internet. I got
the basic system up an running in only few hours.
Atm ossec resides on a centos-system sending alerts via syslog to
splunk(W2k8R2). This all wor