All Questions
4
questions
0
votes
0
answers
56
views
Custom OSSEC decoder working in ossec-logtest but not when real OSSEC is used
I'm having some trouble using a custom decoder I defined for OSSEC 3.7.0. I only need to extract srcip, dstip and protocol from my iptables logs, but OSSEC's decoders also extract srcport and dstport, ...
1
vote
1
answer
555
views
keep ossec iptables rules after restarting OSSEC
I have 6 OSSEC installations (5 agents + 1 server, all Debian 8) all configured to block repeated offenders using iptables from 10 minutes to 1 month.
I have the need to restart one or more of the ...
- 481
1
vote
1
answer
191
views
Install ossec ids on citrix xenserver dom0
I'm running citrix xen server on a server with two nic each with dedicated public ip and the management interface is directly connected to the www and protected with iptables that allow connections ...
- 21
0
votes
1
answer
2k
views
CAn not open port 1514 in ubuntu iptables
I am installing OSSEC and it says that i need to open port 1514 and 514 in firewall.
Now i have added the rule for port 1514 but i still can't get coonect if i use telney like
ossec-hids-2.5]# ...
John