All Questions
5
questions
0
votes
1
answer
335
views
ossec 2.8.3 : getting autentication alerts from Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
on ossec 2.8.3 I am trying to get alerts only for rdp autentications from windows agents.
These events are shown in the clients event log
Microsoft-Windows-TerminalServices-RemoteConnectionManager/...
0
votes
1
answer
2k
views
How to stop certain processes from polluting the messages log
We have a certain process related to Azure that is running that is constantly writing out the following to our logs:
Aug 18 06:54:28 log-ids-vm rsyslogd-3000: omazuremds error at connect(). errno=No ...
0
votes
1
answer
518
views
How to make ossec send only one email for an alert?
I installed ossec with local installation and is working fine. It is sending email alerts fine but seems to be sending the same email over and over for an alert.
For example, an alert email is sent ...
2
votes
2
answers
1k
views
Using OSSEC HIPS alongside rsyslog, overkill?
I have been tasked to harden our company linux servers. One of the problems that was outlined was the fact that logs are stored on the server which poses two problems:
Difficult to aggregate and ...
2
votes
1
answer
344
views
Ossec fields to Oracle DB
I would like some recommendations for the following problem.
I use Ossec for log analysis. What I want, is after extracting the fields
to save them in an Oracle database.
For example, if I have this ...