[ossec-list] WinEventLog:Security events

I'm running a Splunk 4.2.5 server on CentOS. On a Win2k3 server I've installed Universal SplunkForwarder 4.3, collecting Application, Security, and System events. I don't want to see Security "Success Audit" events, since there are about anywhere from 1000-3500 per minute. (And I need to have the A

[ossec-list] Re: WinEventLog:Security events

> > This is for OSSEC - if you have Splunk questions, > tryhttp://splunk-base.splunk.com/answers/ > > > > > > > > On Wed, Feb 1, 2012 at 3:04 PM, biciunas wrote: > > I'm running a Splunk 4.2.5 server on CentOS. On a Win2k3 server I've > >

[ossec-list] Email alert not being sent

I have an email alert set in ossec.config for a specific rule (the global email settings are working since I get emails for various other alerts) m...@myemailaddress.com 17 3 The tag was added afterwards, in case that was a limiting feature. The alert is sent to the o

[ossec-list] OSSEC server segfaults in ossec-monitord

I am running OSSEC 2.6 on a CentOS 5.5 server. It is the server that receives all the ossec data from various and sundry servers. I don't want it to monitor itself - it's purpose in life is to collect data and email alerts. However, when I remove the

[ossec-list] After upgrade to 2.7, ossec-remoted not started by "ossec-control start"

I upgraded a CentOS 5.9 server from 2.6 to 2.7 using yum. After the upgrade, running "ossec-control start" results in: [root@foobar bin]# ./ossec-control start Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)... Started ossec-maild... Started ossec-execd... Started ossec-analysisd... [root@foobar b

[ossec-list] After upgrading to 2.7, one agent does not finish server handshake

I upgraded a CentOS 5.9 server from OSSEC 2.6 to 2.7 After restarting OSSEC server, all the 2.6 agents (both Windows and Linux) resumed their connections except for 1 Windows agent. The ossec.log showed: 2013/02/25 18:18:24 ossec-agent: INFO: Started (pid: 3580). 2013/02/25 18:18:34 ossec-agent:

Re: [ossec-list] After upgrading to 2.7, one agent does not finish server handshake

nuing traffic from the agent to the server. Can anyone explain this behavior, and is this what I can expect when I upgrade the other agents from 2.6 to 2.7? On Monday, February 25, 2013 3:43:07 PM UTC-5, biciunas wrote: > > Additional information: > > 1) I deleted the 2.6 Windows agent

[ossec-list] 2.7 windows agent communication problem

I upgraded my OSSEC server from 2.6 to 2.7. My 2.6 agents have no problems sending data to the OSSEC server. I started to upgrade the OSSEC agents. I stopped a 2.6 windows agent, uninstalled it, and installed a 2.7 agent. I extracted the existing key from the server (./manage_agents) and used

Re: [ossec-list] 2.7 windows agent communication problem

No, there were no interesting entries in the server's ossec.log. I deleted the rids file, restarted the server, and got a connection. Thanks, Dan. On Friday, March 8, 2013 9:33:52 AM UTC-5, dan (ddpbsd) wrote: > > On Fri, Mar 8, 2013 at 9:19 AM, biciunas > > wrote: > &

[ossec-list] Re: WARN: Waiting for server reply (not started). Tried: 'server-ip'.

If this is a new agent, did you restart ossec on the server? If not new, did you delete the corresponding id in /var/ossec/queue/rids directory? What does tcpdump or tshark show for 1514 traffic between the server and the agent? On Wednesday, May 15, 2013 6:46:40 AM UTC-4, Kyle Vorster wrote: >

[ossec-list] ossec-maild segfault

>From /var/log/messages Jul 30 13:11:12 kernel: ossec-maild[10096]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 13:11:32 kernel: ossec-maild[10097]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 16:00:04 kernel:

Re: [ossec-list] ossec-maild segfault

On Thursday, August 1, 2013 9:33:50 AM UTC-4, dan (ddpbsd) wrote: > > On Thu, Aug 1, 2013 at 7:52 AM, biciunas > > wrote: > > From /var/log/messages > > Jul 30 13:11:12 kernel: ossec-maild[10096]: segfault at > > rip 2add4f72322c rsp 7f

[ossec-list] Error in the ossec.conf documentation

I was reading the OSSEC 2.7.1 documentation online for using agent profiles. In OSSEC 2.7.1 documentation» Syntax and Options » ossec.conf: syntax and options