Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
0 votes
1 answer
335 views

ossec 2.8.3 : getting autentication alerts from Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

on ossec 2.8.3 I am trying to get alerts only for rdp autentications from windows agents. These events are shown in the clients event log Microsoft-Windows-TerminalServices-RemoteConnectionManager/...
golemwashere's user avatar
0 votes
1 answer
2k views

How to stop certain processes from polluting the messages log

We have a certain process related to Azure that is running that is constantly writing out the following to our logs: Aug 18 06:54:28 log-ids-vm rsyslogd-3000: omazuremds error at connect(). errno=No ...
Pat's user avatar
  • 133
0 votes
1 answer
518 views

How to make ossec send only one email for an alert?

I installed ossec with local installation and is working fine. It is sending email alerts fine but seems to be sending the same email over and over for an alert. For example, an alert email is sent ...
uday kiran's user avatar
2 votes
2 answers
1k views

Using OSSEC HIPS alongside rsyslog, overkill?

I have been tasked to harden our company linux servers. One of the problems that was outlined was the fact that logs are stored on the server which poses two problems: Difficult to aggregate and ...
Rijndael's user avatar
  • 173
2 votes
1 answer
344 views

Ossec fields to Oracle DB

I would like some recommendations for the following problem. I use Ossec for log analysis. What I want, is after extracting the fields to save them in an Oracle database. For example, if I have this ...
Nikolaidis Fotis's user avatar