Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
1 vote
0 answers
420 views

OSSEC Multiple "Integrity Checksum Changed" Alerts

I know this question has been asked several times, but the answers do not seem to work. After installing OSSEC server on my Ubuntu Server 18.04 LTS machine, I've received hundreds of "Integrity ...
Leah96xxx's user avatar
1 vote
1 answer
400 views

Disable OSSEC email for SSH maximum authentication attempts

I try to disable the email notifications for the OSSEC rule 5758. <rule id="5758" level="8"> <decoded_as>sshd</decoded_as> <match>^error: maximum authentication attempts ...
Dave's user avatar
  • 13
0 votes
0 answers
1k views

OSSEC - Not seeing alerts on the Server from file changes on the Agent

I have an OSSEC server and Agent installed and configured. I have imported the key to the Agent and they appear to be communicating. However, I am trying test the file integrity monitoring feature and ...
user8897013's user avatar
0 votes
1 answer
518 views

How to make ossec send only one email for an alert?

I installed ossec with local installation and is working fine. It is sending email alerts fine but seems to be sending the same email over and over for an alert. For example, an alert email is sent ...
uday kiran's user avatar
6 votes
4 answers
9k views

OSSEC disk space usage

A few days ago I noticed that the disk of my Ubuntu server was almost full. I dug a bit and found out that the disk space was used by OSSEC, in the /var/ossec/queue/diff folder. I wanted to try ...
Sinklar's user avatar
  • 93
0 votes
2 answers
1k views

OSSEC as a SIEM

I am working on a log aggregation project and wanted to add some minor correlations/security intelligence to the mix. Currently I have logs from ~400 servers coming into a syslog-ng box. I was ...
Eric's user avatar
  • 1,393
2 votes
1 answer
2k views

OSSEC agent behind NAT

I am working on an OSSEC deployment where I will have multiple agents behind 1 public IP. Below is an example of the setup Private Network OSSEC-Agent1 (192.168.1.10) OSSEC-Agent2 (...
Eric's user avatar
  • 1,393
0 votes
1 answer
1k views

ossec email alerts

Just installed ossec and sendmail however can't able to get alerts to my gmail from ossec. I am able to see the alerts on the sendmail localhost, however alerts seem to be not forwarding to gmail.
user117642's user avatar
1 vote
2 answers
425 views

What dangers (and should I be worried) are there from attempted break-ins? (reported by OSSEC)

I've installed OSSEC on my server and I've been getting reports similar to the following: Jan 11 19:27:03 Daddy sshd[14459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=...
Wayne Werner's user avatar
1 vote
0 answers
998 views

Where can I find information about inbuilt registry keys for Windows Server 2008 R2?

Is there a resource for looking up the description and/or usage of W2K8 R2 registry keys? I need to understand integrity checksum change messages appearing in OSSEC logs on Amazon EC2 instances. ...
xddsg's user avatar
  • 3,472
0 votes
2 answers
801 views

HOw to know if files md5 chnaged by virus or system itself centos

I installed OSSSEC to very files have chnaged or not. But sometimes it is giving me false waring and integrity checksums like following files have chnaged. How can i makesure that files are chnaged ...
user avatar
1 vote
1 answer
213 views

HOw to view all Logs in OSSSEC system ubuntu

I have installed OSSEC It is working and sometime sending me alert email as well. But i want to see what can i type so that i can get view all the logs of what OSSEC has found in my system
user avatar