In the SonicWall config (Log -> Syslog) under Syslog Settings -> Syslog
Facility, what do you have this drop down box set to? I have mine set to
"Messages generated internally by syslogd" and I'm getting everything.
-Rick
On Tuesday, July 7, 2015 at 2:28:31 PM UTC-7, Chana Atar wrote:
>
> Ok.
@Michiel did you ever get this set up? If so do you have any tips you can
share?
On Tuesday, February 18, 2014 at 2:30:34 AM UTC-8, Michiel van Es wrote:
>
> I found something interesting at
> http://blog.kintoandar.com/2011/01/nagios-nrpe-ossec-check.html which
> uses NRPE to swatch/grep the
I think the guys responding so far are SUPER sharp with OSSEC so it
probably comes very easily to them. I was completely new to the software 3
weeks ago so the learning curve has been steeper. I'd HIGHLY recommend
grabbing a copy of Brad Lhotsky's book "OSSEC Host-based Intrusion
Detection" a
@colin just to step back for a moment, where and on what system is your
agent.conf file located?
On Tuesday, April 21, 2015 at 3:33:45 PM UTC-7, Colin Bruce wrote:
>
> No it never appears in the alerts.log when I create or indeed do anything
> to
> the directory I am scanning on the windows cli
If you still follow this list, can you post your rules to do this? This
isn't working for me, but I've been doing this:
/home
Anyone have an idea?
Thanks,
Rick
On Friday, March 9, 2012 at 5:27:29 AM UTC-8, Michael Zoet wrote:
>
> Hi dan,
>
> > Syscheck /home/*/.ssh, and write a rule to igno
@Michael Thanks for those last two questions. I was banging my head
against the wall wondering why I wasn't getting the alerts. Then I checked
#2. Turns out I'd set mail alert level to '9' to cut down on messages.
Oops! But at least your help lives on. :-)
On Friday, July 26, 2013 at 10:
@Santiago yes I do! I apparently was just looking in the wrong place for
the alert logs. Thanks.
On Wednesday, April 15, 2015 at 7:42:33 PM UTC-7, Santiago Bassett wrote:
>
> Do you have alerts showing up in alerts.log file?
>
> On Apr 15, 2015, at 3:49 PM, ri...@amcoonline.net wrote:
>
> Than
Thanks @Brent. I added the logall option and temporarily removed the
whitelist.
yes
root@localhost
127.0.0.1
ossecm@ossec
yes
I'm now properly getting banned, but nothing is showing up in ossec.log.
Just in active-response.log. Is that the expected behavior? Becaus
@brent Morris
I don't have the option set on either the server or agent. Which
section does it go in?
Here is the local_rules.xml from the server.
-
5711
1.1.1.1
Example of rule that will ignore sshd
failed logins from IP 1.1.1.1.
Hi gang:
I've been working hard to get up-to-date on OSSEC but as you all know,
there's a lot to cover. I've read the docs on the website and have a copy
of Brad Lhotsky's guide but am running into an issue in setup that I
haven't quite figured out.
I have a test setup with a server named 'os
Thanks for posting this fix. It worked for me too.
On Thursday, January 9, 2014 at 7:27:02 AM UTC-8, Carl Hilinski wrote:
>
> FIXED.
>
> /etc/php.ini has a date.timezone line entry. It was commented out. Changed
> it to
> [Date]
> ; Defines the default timezone used by the date functions
> ; htt
11 matches
Mail list logo
