Dear all,
My proposal to do a presentation on Ossec during a big IT workshop at the
end of 2015 have been selected
So I have now to prepare the presentation and so on.
Can someone can give me some useful document or publication regarding Ossec
?
Of course I'm using it since a while, but I
at 11:01 AM, Thomas Vidal > wrote:
> >> Dear Dan,
> >>
> >> Where do you think the bug is?
> >> Are you sure ossec-execd is running on the agent?
> >
> > YES !
> >>
> >> Is AR disabled on the agent or manager?
> >
&g
>
> *Dear Dan,*
>
> Where do you think the bug is?
> Are you sure ossec-execd is running on the agent?
>
*YES ! *
> Is AR disabled on the agent or manager?
>
*There is no YES both in ossec.conf and agent.conf (and
normaly following the documentation AR is enable by default) *
> Can you add
Dear OSSEC team,
I am using both on Ossec server&clients the last 2.8.1 Ossec version on
debian Wheezy.
Copy and Paste event in ossec-logtest give me good output.
When agent.conf is modified the active response to restart all client is
working fine.
Server and clients are using up to date and sa
would make sure ar.conf is getting passed back to the agents. At the
> same time, is merged.mg being updated?
>
> That was always the problem I found when AR stopped working.
> ~J
>
>
> On Tuesday, January 20, 2015 at 1:47:30 AM UTC-8, Thomas Vidal wrote:
>>
>> Dear
Dear all,
Active response stop working one month ago and I really don't understand
what's the problem is !
On Ossec server, rules are fired when I copy paste a log line in
ossec-logtest, and rules are working on the server (shown on WebGui and in
server log)
I can also send an active response
Hi dan,
Many thanks for the link ! That's exactly what I needed !
All the best
Thomas
Le jeudi 18 septembre 2014 15:25:29 UTC+2, Thomas Vidal a écrit :
>
> Dear all,
>
> I worked on MHN Honeypot and now I am able to log IP in a specific log
> file and by using OSSEC an
Dear all,
I worked on MHN Honeypot and now I am able to log IP in a specific log file
and by using OSSEC and active respons ALL my servers are able to ban IPs
coming on the honeypot (for MHN script I wrote
:
https://groups.google.com/d/msg/modern-honey-network/szahW2nS2UM/oQTmlaXbyTEJ).
So eve
Dear all,
This is not clear for me how ossec.conf and agent.conf are working.
Example of syscheck, if :
In ossec.conf I have
/toto
And in agent.conf I have
/titi
/tutu
What will be the result for all servers, and for MYSERVER ?
Many thanks for your help, and have a nice da