[ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

2015-01-05 Thread Ming
Hi all, I received alert for port change, however, there is no change, but only change on "Recv-Q", how can I correct it for properly detect port change? Thank you all. OSSEC version: 2.8.1 OSSEC HIDS Notification. 2015 Jan 06 11:21:11 Received From: www->netstat -tan |grep LISTEN |grep -v 1

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

2015-01-07 Thread dan (ddp)
On Mon, Jan 5, 2015 at 10:56 PM, Ming wrote: > Hi all, > > I received alert for port change, however, there is no change, but only > change on "Recv-Q", how can I correct it for properly detect port change? > Thank you all. > > OSSEC version: 2.8.1 > > > OSSEC HIDS Notification. > 2015 Jan 06 11:2

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

2015-01-07 Thread Ming
Thanks Dan, It works! Do you think it will be included in coming update of ossec? dan (ddpbsd)於 2015年1月7日星期三UTC+8下午9時12分29秒寫道: > > On Mon, Jan 5, 2015 at 10:56 PM, Ming > > wrote: > > Hi all, > > > > I received alert for port change, however, there is no change, but only > > change on "Rec

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

2015-01-08 Thread dan (ddp)
On Wed, Jan 7, 2015 at 9:39 PM, Ming wrote: > Thanks Dan, > > It works! Do you think it will be included in coming update of ossec? > It's never come up before. Please open an issue about it on https://github.com/ossec/ossec-hids and it'll get some attention. > > > dan (ddpbsd)於 2015年1月7日星期三UTC+

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

2015-01-13 Thread Ming
Thanks Dan, opened an issue here: https://github.com/ossec/ossec-hids/issues/495 dan (ddpbsd)於 2015年1月8日星期四 UTC+8下午9時38分32秒寫道: > > On Wed, Jan 7, 2015 at 9:39 PM, Ming > > wrote: > > Thanks Dan, > > > > It works! Do you think it will be included in coming update of ossec? > > > > It's nev

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

2015-01-13 Thread Yaniv Ron
How can I import the agents without this command ? (meaning that I do not want my agents to run it at all) On Mon, Jan 12, 2015 at 6:42 PM, Ming wrote: > Thanks Dan, opened an issue here: > https://github.com/ossec/ossec-hids/issues/495 > > > > dan (ddpbsd)於 2015年1月8日星期四 UTC+8下午9時38分32秒寫道: >> >

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

2015-03-31 Thread Philipp Hoferichter
Hi, any news about this topic? I have also the need to disable the "netstat" part (preferred to disable it on management server globaly) is this possible? best regards philipp On Tuesday, January 13, 2015 at 1:43:21 PM UTC+1, Yaniv Ron wrote: > > How can I import the agents without this c

Re: [ossec-list] false positive when "netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort" because of Recv-Q

2015-03-31 Thread dan (ddp)
On Tue, Mar 31, 2015 at 9:59 AM, Philipp Hoferichter wrote: > Hi, > > any news about this topic? > I have also the need to disable the "netstat" part (preferred to disable it > on management server globaly) is this possible? > I haven't seen anything in github (commits, pull requests, or issues)