[ossec-list] Re: Detecting USB in Ubuntu

2014-05-17 Thread Ashok
Thanks, Done a similar thing...used scsi match in kernel log.. On Saturday, May 17, 2014 4:40:14 PM UTC+5:30, Nguyễn Văn Hớn wrote: > > that i my decode and rule for dectect usb > > > > ^kernel > > > > USB > ^sd \S+ > ^sd \S+ [sdb] (\S+) SCSI (\.+) > action,status > > > > USB > ^usb 1-1: USB

[ossec-list] Re: Detecting USB in Ubuntu

2014-05-17 Thread Nguyễn Văn Hớn
that i my decode and rule for dectect usb ^kernel USB ^sd \S+ ^sd \S+ [sdb] (\S+) SCSI (\.+) action,status USB ^usb 1-1: USB \S+ ^usb 1-1: USB (\S+) action USB Have USB USB attached 300020 removable disk USB attached 300020 disconnect, USB disconnection Vào 02:25:45 UTC+7 Thứ b

Re: [ossec-list] Re: Detecting USB in Ubuntu

2014-05-17 Thread Ashok
This is /var/ossec/logs/archives/archives.log 2014 May 17 12:07:07 mysystem->/var/log/syslog May 17 12:07:06 mysystem kernel: [62044.989418] usb 2-1.6: new high-speed USB device number 5 using ehci_hcd 2014 May 17 12:07:07 mysystem->/var/log/syslog May 17 12:07:07 mysystem mtp-probe: checking

Re: [ossec-list] Re: Detecting USB in Ubuntu

2014-05-17 Thread Ashok
Its not listing is ossec.log but lsusb detects it. Is there anyother log I should look into? On Saturday, May 17, 2014 1:50:21 AM UTC+5:30, dan (ddpbsd) wrote: > > > On May 16, 2014 4:19 PM, "Ashok" > > wrote: > > > > Yes I did > > > > Can you provide a log sample? > > > > > On Saturday, May 17,

Re: [ossec-list] Re: Detecting USB in Ubuntu

2014-05-16 Thread dan (ddp)
On May 16, 2014 4:19 PM, "Ashok" wrote: > > Yes I did > Can you provide a log sample? > > On Saturday, May 17, 2014 12:55:45 AM UTC+5:30, Ashok wrote: >> >> I tried to overwrite the predefined external storage detection code by including the following in local_rules.xml >> >> >> 531 >>

[ossec-list] Re: Detecting USB in Ubuntu

2014-05-16 Thread Ashok
Yes I did On Saturday, May 17, 2014 12:55:45 AM UTC+5:30, Ashok wrote: > > I tried to overwrite the predefined external storage detection code by > including the following in local_rules.xml > > > 531 > cdrom|/media|usb|/mount|floppy|dvd > Detected external medias. > > > > But it

Re: [ossec-list] Re: Detecting USB in Ubuntu

2014-05-16 Thread dan (ddp)
On Fri, May 16, 2014 at 3:35 PM, Ashok wrote: > I made it 10, but still its not working > Did you restart the ossec processes on the manager? > > On Saturday, May 17, 2014 12:55:45 AM UTC+5:30, Ashok wrote: >> >> I tried to overwrite the predefined external storage detection code by >> including

[ossec-list] Re: Detecting USB in Ubuntu

2014-05-16 Thread Ashok
I made it 10, but still its not working On Saturday, May 17, 2014 12:55:45 AM UTC+5:30, Ashok wrote: > > I tried to overwrite the predefined external storage detection code by > including the following in local_rules.xml > > > 531 > cdrom|/media|usb|/mount|floppy|dvd > Detected exte