On 08/17/2012 15:32, dan (ddp) wrote:
On Fri, Aug 17, 2012 at 2:52 AM, bw bw.mail.li...@gmail.com wrote:
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got the same result. I didn't
reinstall everything, the other two agents were still configured, just
not started,
On 08/17/2012 15:32, dan (ddp) wrote:
On Fri, Aug 17, 2012 at 2:52 AM, bw bw.mail.li...@gmail.com wrote:
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got
On 08/16/2012 08:48, Steven B. wrote:
I would need to see some config files. Are you using agent.conf in the
shared folder on the master (with active response enabled in the
ossec.conf file)?
Can you post the ossec.conf and the agent.conf from the agent? I assume
that the ossec.conf files are
On 08/09/2012 16:39, dan (ddp) wrote:
On Thu, Aug 9, 2012 at 9:13 AM, Nate yjn...@gmail.com wrote:
OK, gave the add.remove key thing one last shot.
Stopped ossec on both the master and the agent.
deleted client.keys on the agent.
used manage_agents to remove the old key from the master, and
On 07/25/2012 17:51, dan (ddp) wrote:
On Wed, Jul 25, 2012 at 10:47 AM, Leonardo Bacha Abrantes
leona...@lbasolutions.com wrote:
Hey people,
good morning!
how can I configure ossec to don't send emails by an specific rule for just
one client ?
Rule: 35052 fired (level 9) - Multiple
On 07/26/2012 10:13, shinu ak wrote:
I would like to remove the deny rules which is called by ossesc, I have
started ossec just for monitoring, want to remove such deny rules from
ossec config file.
You want to disable active response.
Add this to /var/ossec/ossec.conf:
active-response
Not sure what else to try or how to test for what is failing. Do I need
nscd? Can I uninstall it?
That's the first question indeed, but no one can answer it for you,
that's something that the sysadmin of that network should know. Ask
whoever installed that server, or start doing some
On 07/25/2012 15:01, ant's wrote:
I'm very new to ossec. I installed both server and agent.
Where? On the same host? If you want to monitor a single host, you want
to do a 'local' install. If you have more than one host and want to be
able to manage all of them from one computer, you install
I'm setting up a centralized ossec configuration, playing around. For
now I have a master with three agents. All of them are 2.6, downloaded
straight from ossec site.
Every once in a while (that is, while screwing around) I see that message
ossec-remoted(1310): WARN: Invalid active response
Attaching my ossec.conf and agent.conf. I know active response, for
example, isn't configured in agent, but there it is, the conf that got
me the warning, figured it will just ignore the sections that don't
belong. The only thing I left out are a few IPs in whitelist. That's
what I changed
11 matches
Mail list logo