-
some alert will not insert into alert index. I found some err info in _internal index.
8/5/214:10:01.165 PM | 08-05-2021 16:10:01.165 +0800 WARN sendmodalert - action=alert_manager - Alert action…
-
There is no 64-bit agent for windows!
The 32-bit agent is not able to access the important windows\system32 directory. The same problem exist for access to some important registry hives.
In the oss…
-
Hello ! I can't get HID to VPAD to work, the controllers do not appear in the list despite the fact that I activate all types of controllers in the settings...
-
Hi all,
Is it possible to add high availability configuration options to ossec server based installs for sync configurations??
For example, configuring ossec serverA:
B.B.B.B
yes
yes
60
…
-
希望categraf增加windows事件日志监控
具体可以参考一下:
https://blog.neargle.com/2018/01/21/yulong-hids-windows-eventlog-iteration/
-
I'm writing a JSON parser for the `EventInfo` output logs, and I noticed that the `group` field is no longer in the `rule` object.
The `group` field was introduced here: https://github.com/ossec/os…
-
OSSEC HIDS reports this
```
OSSEC HIDS Notification.
2016 Mar 04 09:06:00
Received From: (elvarx1) any->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Porti…
-
Hello,
I detected a potential problem after the PR https://github.com/ossec/ossec-hids/pull/1020: the new configuration affects to _monitord_ behavior but _remoted_ doesn't read it.
https://git…
-
Testing and editing for 19002 - Monitor OSSEC Agents Using an OSSEC Server - Ubuntu, Debian
-
They are in alerts.log, but not in emailed alerts. To wit:
*\* Alert 1346697649.3137374: mail - ossec,syscheck,
2012 Sep 03 13:40:49 vhost->syscheck
Rule: 550 (level 7) -> 'Integrity checksum change…