Sorry to interrupt here. Its not related to this issue:
I want to detect USB when I insert USB into my windows agent.
Where all I need to add the codes? What all changes for each file?
Do I need to add code only on server side? Nothing at client?
What is pushing of code from server? How do it manu
:04 AM, dan (ddp) wrote:
>
> On Jun 20, 2012 10:31 PM, "sahil sharma"
> wrote:
> >
> > Sorry to interrupt here. Its not related to this issue:
>
> No you aren't.
>
> > I want to detect USB when I insert USB into my windows agent.
> >
> >
>
>
> ossec.conf or agent.conf depending on how you want to do it. I'll make
> sure this is mentioned earlier in the documentation.
>
> I am working on ubuntu server and I have a window client. I want to
get log whenever someone inserts USB to the client system. When do
we use ossec.c
age-with-ossec/
> *<http://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage-with-ossec/>
>
> which worked for me.
>
> Cheers, Mike
> --
> *From:* ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] *On
> Behalf Of *sahil sharma
> *
>
>
> This is for configuration changes, not rules:
> Your choice. If you want to use the agent.conf change it there. If you
> have a good change management system, changing the ossec.conf might be
> good enough.
>
> The OSSEC server does not use the agent.conf though, so if you're
> setting up som
On Fri, Jun 22, 2012 at 3:58 PM, dan (ddp) wrote:
>
> On Jun 22, 2012 6:16 AM, "sahil sharma" wrote:
> >>
> >>
> >> This is for configuration changes, not rules:
> >> Your choice. If you want to use the agent.conf change it there. If you
>
Hi
When I change config at client side, the OSSEC Agent Manager at client's
status is always :stopped.
I tried re-installing, restarting it numerous times.
Please help.
On Mon, Jun 25, 2012 at 1:40 AM, dan (ddp) wrote:
>
> On Jun 24, 2012 3:36 PM, "sahil sharma" wrote:
&
if you say I can attach the
exact files where I have made the changes.
Would be a great help.
On Tue, Jun 26, 2012 at 4:02 PM, dan (ddp) wrote:
>
> On Jun 26, 2012 6:30 AM, "sahil sharma" wrote:
> >
> > Hi
> >
> > When I change config at client side, the
t or apply any thought to
> the problem, or help me help you fix the problem.
>
> Good luck!
>
> On Tue, Jun 26, 2012 at 2:32 PM, sahil sharma
> wrote:
> > Ok, I guess you are very right. I guess I am a bit confused of
> terminology,
> > now getting step by step.
And yes, one more issue I have in this, I get no alert unless I restart the
client, I guess that
is due (in ossec_rules.xml)::
500
Can there be any solution to get alert w/o restarting the agent ??
On Tue, Jul 10, 2012 at 2:40 PM, sahil sharma wrote:
> Hi,
>
> Got this one
Hi,
Got this one randomly searching for USB Detection. I guess I have a fix for
this problem,
but I don't have clear idea why is working ?
https://groups.google.com/forum/?fromgroups#!topic/ossec-list/1t6dnbzMZzM
I had a similar problem, but once I added this to local_rules.xml,
everything was w
Hi,
1) Thats output from web-interface, I have pasted.
2) and I have defined command at the client's config, sorry I forgot to
mention that.
On Tue, Jul 10, 2012 at 4:12 PM, dan (ddp) wrote:
> How do you have the command defined?
> On Jul 10, 2012 6:28 AM, "sahil sharma"
On Wed, Jul 11, 2012 at 6:13 PM, dan (ddp) wrote:
> On Wed, Jul 11, 2012 at 7:48 AM, sahil sharma
> wrote:
> > Hi,
> >
> > 1) Thats output from web-interface, I have pasted.
> >
>
> Don't use that, you're using a broken version (0.3). That'
Hi,
One more thing, I have an issue with windows client. Once I close the ossec
agent manager, an donce again try to start/restart it : It displays
"Unable to start OSSEC(check config)"
Please help.
On Thu, Jul 12, 2012 at 10:46 AM, sahil sharma wrote:
>
>
> On Wed, Jul
Hi,
I want to block a TCP-SYN-FLOOD attacker attacking my server.
I have launched the attack but I can't see any logs.
How can we detect that there is flooding at the SERVER.
Please help.
Hi,
I have defined a rule in local_rules for multiple authentication failures::
18106
Multiple Windows Logon Failure events.
I can see the alert for the same rule I have added, but having two problems:
1)Rule is not triggering on 2 failure attempts (freq=2), but on 3 or more
failur
> Check the frequency documentation:
> http://devio.us/~ddp/ossec/docs/syntax/head_rules.html
>
>
Thanks for the information.
> > *2) I want to block the client that has triggered this rule so that he
> > doesn't get chance to login anymore
> >
> > (block the client). How can I do it? I
p.
On Mon, Jul 16, 2012 at 12:20 PM, sahil sharma wrote:
>
>
>
>> Check the frequency documentation:
>> http://devio.us/~ddp/ossec/docs/syntax/head_rules.html
>>
>>
> Thanks for the information.
>
>
>> > *2) I want to block the client that has tr
PM, dan (ddp) wrote:
> On Mon, Jul 16, 2012 at 2:50 AM, sahil sharma
> wrote:
> >
> >
> >>
> >> Check the frequency documentation:
> >> http://devio.us/~ddp/ossec/docs/syntax/head_rules.html
> >>
> >
> > Thanks for the information.
at 8:36 PM, sahil sharma wrote:
> Hi,
>
> I guess there is some misunderstanding, may be I had written something
> confusing:::
>
> My requirement is simple, I want to block a user if he enters wrong
> password(multiple times) to
> log on to windows client.
>
> I hav
Please tell if you have any idea for the linux. So as to how block on linux
machine(administration)???
It would be great help.
On Tue, Jul 17, 2012 at 8:49 PM, dan (ddp) wrote:
> On Tue, Jul 17, 2012 at 11:10 AM, sahil sharma
> wrote:
> > Also:::
> >
> > 1) I have put
2012 at 10:15 PM, dan (ddp) wrote:
> On Tue, Jul 17, 2012 at 12:26 PM, sahil sharma
> wrote:
> > Please tell if you have any idea for the linux. So as to how block on
> linux
> > machine(administration)???
> > It would be great help.
> >
>
> Did
Thank you so much for putting me in the right direction.
I was going in a wrong direction, I hope things will now work.
Cheers!!!
Regards.
On Tue, Jul 17, 2012 at 10:41 PM, dan (ddp) wrote:
> On Tue, Jul 17, 2012 at 1:05 PM, sahil sharma
> wrote:
> > Hi,
> >
> &
23 matches
Mail list logo
