Highest Voted 'ossec' Questions - Server Fault Stack Exchange

1

vote

1 answer

Generating alerts from ossec ( server- agent ) model

I'm very new to OSSEC. I use a server-agent model. I wish to generate alert for the following actions ( in agent side ): 1) Sample Alert for delation of logs I added the rules for these in agent's ossec.conf using tags. Like this : …

ubuntu ossec

asked Aug 28 '12 at 09:16

batman

321
1
5
10

1

vote

4 answers

OSSEC is not running

I have an two ec2 instances. In one I have installed ossec server and in other I have installed ossec agent. Here are my server config INBOUND (security group/firewall) : port:514 source:0.0.0.0/0 port:1514 source:0.0.0.0/0 But it seems to be…

ubuntu amazon-ec2 ubuntu-12.04 ossec

asked Aug 28 '12 at 06:57

batman

321
1
5
10

1

vote

2 answers

What dangers (and should I be worried) are there from attempted break-ins? (reported by OSSEC)

I've installed OSSEC on my server and I've been getting reports similar to the following: Jan 11 19:27:03 Daddy sshd[14459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.215.184.93 user=root Jan 11…

ubuntu security ossec

asked Jan 13 '12 at 02:53

Wayne Werner

739
4
15
27

1

vote

0 answers

Where can I find information about inbuilt registry keys for Windows Server 2008 R2?

Is there a resource for looking up the description and/or usage of W2K8 R2 registry keys? I need to understand integrity checksum change messages appearing in OSSEC logs on Amazon EC2…

security windows-server-2008-r2 windows-registry documentation ossec

asked Dec 15 '11 at 12:25

xddsg

3,392
2
28
33

1

vote

2 answers

Do I need at least 1 Linux server to use OSSEC to monitor my Windows servers?

I don't know why this isn't more plainly obvious on the website: http://www.ossec.net/ But I can't tell if I need to install a 'server' portion on Linux and then an 'agent' on Windows and then monitor through Linux, or if I can use Windows for the…

linux windows ossec

asked Aug 09 '11 at 19:49

MetaGuru

896
6
22
36

1

vote

1 answer

HOw to view all Logs in OSSSEC system ubuntu

I have installed OSSEC It is working and sometime sending me alert email as well. But i want to see what can i type so that i can get view all the logs of what OSSEC has found in my system

linux security rootkit ossec

asked Oct 07 '10 at 02:52

John

1

vote

0 answers

OSSEC Multiple "Integrity Checksum Changed" Alerts

I know this question has been asked several times, but the answers do not seem to work. After installing OSSEC server on my Ubuntu Server 18.04 LTS machine, I've received hundreds of "Integrity Checksum Changed" alerts regarding files in the…

linux security ubuntu-18.04 ossec checksum

asked Mar 20 '20 at 10:04

Leah96xxx

11
3

0

votes

1 answer

Get OSSEC syscheck to alert on change to directory but not its contents

We are running OSSEC 3.2 on some Debian servers. We are using OSSEC's syscheck to alert us when certain files and directories change. I want syscheck to generate an alert when the directory /tmp changes. Now, I don't care about any of /tmp's…

permissions ossec

asked Oct 29 '19 at 01:42

user35042

2,681
12
34
60

0

votes

0 answers

Can I use OSSEC in a home LAN to monitor for intrusion and malwares?

I'm not quite sure I understand what OSSEC does. But after HiddenWasp, I would like to make sure my Windows and Linux machines in my home are safe. (And harden my VPS) Does OSSEC support antimalware scanning/detection ? I couldn't find anything in…

linux windows malware ossec

asked Jun 13 '19 at 19:21

HypeWolf

113
5

0

votes

1 answer

ossec client.keys in the master is missing agent details frequently

I've setup ossec architecture for my client. Most of the agents that were actively reporting to ossec master, moves to disconnected status. On analysis I was able to find out that client.keys the agent details where missing. But not sure why this…

ossec

asked Apr 17 '19 at 13:17

Bharath

1
2

0

votes

1 answer

OSSEC Ignore Alert

I have OSSEC 2.94 setup and running on CentOS7. I have it sending a emails upon qualifying alert conditions. Everything appears to be functioning properly with regards to sending alerts. However, each night as part of a backup process, one server…

ossec

asked Aug 30 '18 at 18:29

MSF004

337
1
2
11

0

votes

1 answer

Linux files permissions denied on log files

I have installed nxlog to send my logs to a graylog server. It works fine, but I have a denied permission on the logs of my HIDS Ossec. My process nxlog (launched by collector-sidecar) run as root : # ps -ef | grep collector root 1869 1 0…

linux file-permissions debian-jessie ossec nxlog

asked Mar 20 '18 at 14:54

Sorcha

1,325
8
11

0

votes

0 answers

OSSEC - Not seeing alerts on the Server from file changes on the Agent

I have an OSSEC server and Agent installed and configured. I have imported the key to the Agent and they appear to be communicating. However, I am trying test the file integrity monitoring feature and I am not receiving alerts. I followed:…

security monitoring system-monitoring ossec ids

asked Feb 09 '18 at 03:02

user8897013

483
1
4
8

0

votes

1 answer

ossec 2.8.3 : getting autentication alerts from Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

on ossec 2.8.3 I am trying to get alerts only for rdp autentications from windows agents. These events are shown in the clients event log Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational for example with eventID 1149 I have in…

logging rdp windows-event-log ossec

asked Aug 24 '17 at 08:20

golemwashere

734
1
10
22

0

votes

1 answer

How to stop certain processes from polluting the messages log

We have a certain process related to Azure that is running that is constantly writing out the following to our logs: Aug 18 06:54:28 log-ids-vm rsyslogd-3000: omazuremds error at connect(). errno=No such file or directory How can we stop a certain…

logging azure ossec

asked Aug 18 '17 at 06:56

Pat

133
1
10

Questions tagged [ossec]