This is really helpful.
On Wednesday, January 7, 2015 at 9:04:25 PM UTC+8, dan (ddpbsd) wrote:
>
> On Tue, Jan 6, 2015 at 6:03 AM, Fred974 >
> wrote:
> > Hi Dan,
> >
> > Is there any chances, you could give me simple example please?
> > Is this rule any good for my need?
> >
> >
> >
Thank You very much Dan,
I will test the solution and change it if it doesn't work.
Great staring point :)
Fred
On Friday, 2 January 2015 13:49:28 UTC, Fred974 wrote:
>
> Hi,
>
> I keep receiving an email with the following content:
>
> OSSEC HIDS Notification.
>> 2015 Jan 02 12:00:01
>>
>> Rece
On Tue, Jan 6, 2015 at 6:03 AM, Fred974 wrote:
> Hi Dan,
>
> Is there any chances, you could give me simple example please?
> Is this rule any good for my need?
>
>
>
> 31101
>
>
> 1002
> do not send by email
This rule is a bad idea.
Maybe something closer
Hi Dan,
Is there any chances, you could give me simple example please?
Is this rule any good for my need?
31101
1002
do not send by email
Thank you
Fred
Hi Dan,
Is there any chances, you could give me simple example please?
Is this rule any good fo
Hi Chris,
You have a thread on this already. Please do not hijack another thread.
On Thu, Feb 17, 2011 at 2:23 PM, OSSEC wrote:
> Spinman,
>
> I'm having the following errors
>
> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the
> system."
> Portion of the log(s):
>
> Feb 17 14:05:2
Spinman,
I'm having the following errors
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the
system."
Portion of the log(s):
Feb 17 14:05:24 : error initializing: -1
How do you find out about the services that werent supposed to run?
Also, if you have any tips in reagrds to that er
Hi Dave,
It is probably related to the format of the messages that OSSEC can't
decode/parse properly.
You need to follow these recommendations:
http://ossec.net/wiki/index.php/PIX_and_IOS_Syslog_Config_examples#Configuring_PIX
Specially:
> no names
> no logging device-id
> no logging timestamp