is there a condition where ossec blocks all incoming connections?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
Fo
Good news !
El martes, 28 de enero de 2014 15:21:38 UTC-5, Jeremy Rossi escribió:
>
> ## Announcement - OSSEC Moving to Github
>
> OSSEC is moving from bitbucket to github, and in the process moving to a
> new method for accepting contributions. This is an exciting change that
> we feel will h
i think i fixed it.
on ossec hids server the owner was root. changed it to ossec and
worked
On Wednesday, May 22, 2013 12:10:17 PM UTC-8, cristian wrote:
>
> HI ,
>
>
>
> I have a problem with active response on ossec hids 2.7 stable release
>
>
>
> [ro
05/23 19:11:58 ossec-remoted(1410): INFO: Reading authentication keys
file.
is it normal to look for ar.conf in /etc/shared/ ??
On Wednesday, May 22, 2013 12:10:17 PM UTC-8, cristian wrote:
>
> HI ,
>
>
>
> I have a problem with active response on ossec hids 2.7 stable rel
he agent will start working properly..
agent config contains active response set to yes
10.10.11.13
no
am i missing something?
Regards ,
Cristian
--
---
You received this message because you are subscribed to
I have not too much experience on this, but why just dont install ossec on
a separate partition that is mirrored by a software raid that works over a
network?
On Sunday, September 16, 2012 1:30:36 AM UTC-5, SUMANT wrote:
>
> Hi All,
>
> We have two ossec servers, one primary and other standby (o
PM, cosmaschi cristian
> wrote:
> > my las Active responce log is from Mon Jun 4 21:23:43 EDT 2012 ups:|
> thas
> > bad
> >
> > attached are ossec.conf and asterisk rules
> >
> > Thanks
> >
>
>
> So you have a very basic active response co
/var/log/messages
Rule: 6212 (level 10) -> 'Login session failed (invalid extension).'
Jul 11 22:55:12 hp22 asterisk[11715]: NOTICE[11747]: chan_sip.c:24170 in
handle_request_register: Registration from ''
failed for '99.251.108.141:5060' - No matching peer f
. im running latest ossec version on server and agents.
Thanks ,
On Wed, Jul 11, 2012 at 10:25 PM, cosmaschi cristian <
cristicosmas...@gmail.com> wrote:
> The Web UI version im using its 0.3
>
>
> On Wed, Jul 11, 2012 at 9:58 PM, Ivan Zenteno wrote:
>
>> Dan,
>
The Web UI version im using its 0.3
On Wed, Jul 11, 2012 at 9:58 PM, Ivan Zenteno wrote:
> Dan,
>
> Ouch, you just killed me...
>
> Maybe Cristian doesn't know the netiquette in mail lists.
>
> Rules
>
> 2012/7/11 dan (ddp)
>
>
>> On Jul 11,
my las Active responce log is from Mon Jun 4 21:23:43 EDT 2012 ups:|
thas bad
attached are ossec.conf and asterisk rules
Thanks
On Wed, Jul 11, 2012 at 9:48 PM, dan (ddp) wrote:
>
> On Jul 11, 2012 9:43 PM, "cosmaschi cristian"
> wrote:
> >
> > i see that
Hello ,
Im trying to debug on ossec , following
http://www.ossec.net/doc/faq/unexpected.html
example If you have logs similar to the following in
/var/ossec/queue/ossec/queue:
when i run
tail -f /var/ossec/queue/ossec/queue
i get
tail: cannot open `/var/ossec/queue/ossec/queue' for reading:
hello ,
I run asterisk and some aastra scripts.
when i call aastra scripts from my ipphone i get false positives.
how can i exclude aastra phones from being blocked by osses.
Alert list
2012 Jun 11 15:57:55 Rule Id: 31106 level: 6
Location: (Z09) xx.2x.1xx.xx4->/var/log/httpd/access_log
Src
How many logs do you expect to collect per day, or per second, do you
have this measurements?
Btw ossec can run in comodly hardware with no pain :)
signature.asc
Description: Digital signature
On Fri, Nov 05, 2010 at 10:54:43AM -0400, Brennan, Joseph J (LABOR) wrote:
> Hi-
>
> I wanted to know if AIX 6.1 is supported with OSSEC? The web site just lists
> AIX 5.3 but I don't know if it is up to date or not
Just make sure to install a recent/decent version of gcc and make, sure it will
OSSEC introduces an FLOSS AI Core wich is capable of detect security behaviors
automcatically
OSSEC Alerts can be browsed by a semanthic Web UI
signature.asc
Description: Digital signature
On Thu, Oct 21, 2010 at 07:34:48AM -0500, Michael Starks wrote:
> . What happens when a host is attacked?
Something get in our system
>What are the usual
> sequence of events that take place? How can OSSEC effectively detect
> these while keeping the noise down?
Some suspicious traffic may be u
Thanks Daniel Cid for making security logs analisis fast and reliable ! :)
signature.asc
Description: Digital signature
Lack of good comand line search tool to look trought alert logs archives
(imagine doing that after 12 moths of operation !!)
Graphs, all people like then, we have text reports, but what about csv-like
reports that later can be visualized usign a chart?
Is not a pain but wizadr-like interface fo
Automatic responses is so neat, it save my time all days blocking
bots ip and also protecing my network against intruders using scapy and
arp poisoning
signature.asc
Description: Digital signature
On Tue, Oct 19, 2010 at 07:24:30AM -0500, Michael Starks wrote:
> Post your rules, best-practices and so on. This is a great option
> for those who don't want to create something like a full blog post.
> Just reply with something quick and dirty. Post away!
In decoders creation the \. save my tim
Check this:
http://www.ossec.net/wiki/Know_How:Ignore_Rules
signature.asc
Description: Digital signature
I'm just passing out a simple decoder/rule i did to catch interesting
events from a pound proxy:
Is too basic so far, i hope expand it as soon i get used ossec and get
the right security events to wait for.
So please take a look and consider add it to next release :)
Decoder:
^pound
po
23 matches
Mail list logo
