Jason,
I should have been clearer - we are doing fairly complex operations using
Nagios to monitor the status of web services, databases, etc. The reason I
mentioned Nagios was just to give an example.
We use SNMP, too.
2010/9/30 Jason 'XenoPhage' Frisvold
> -BEGIN PGP SIGNED MESSAGE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 29, 2010, at 12:21 PM, Chris Decker wrote:
> ∙ We use Nagios to periodically log-in to our servers (using SSH) to
> retrieve status information on processes. Everytime this happens I get t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 29, 2010, at 12:21 PM, Chris Decker wrote:
> ∙ We use Nagios to periodically log-in to our servers (using SSH) to
> retrieve status information on processes. Everytime this happens I get the
> successful SSH connection alert and 2 addit
Dan,
Thanks. If you can't find anything its no big deal. In our test
environment we are SSHing as root, but in our production environment we are
SSHing as a dedicated account that has limited access via sudo. It'll be
trivial to configure OSSEC to disregard Nagios in that case. I went ahead
an
On Wed, Sep 29, 2010 at 2:13 PM, Chris Decker wrote:
> Dan,
>
> Thanks. The "local_ip" setting appears to be what I need. I'll investigate
> further to see if inodes are the culprit for the syscheck issue.
>
> Regarding item #3: One alert contains an IP address (the successful SSH
> session), bu
Dan,
Thanks. The "local_ip" setting appears to be what I need. I'll investigate
further to see if inodes are the culprit for the syscheck issue.
Regarding item #3: One alert contains an IP address (the successful SSH
session), but the other two alerts are from PAM and do NOT contain an IP
addre
On Wed, Sep 29, 2010 at 12:21 PM, Chris Decker wrote:
> Ever helpful OSSEC list,
>
> I have three items I'm trying to figure out:
>
> How can I get the OSSEC server process to bind to a network interface of my
> choosing? I'm guessing I can do something when compiling, but is there a
> parameter
Ever helpful OSSEC list,
I have three items I'm trying to figure out:
1. How can I get the OSSEC server process to bind to a network interface
of my choosing? I'm guessing I can do something when compiling, but is
there a parameter that can be changed to make this happen? I found an