Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
0 votes
0 answers
1k views

OSSEC Web UI 404 on initial setup

I'm trying to setup the OSSEC web UI on a fresh installation of OSSEC on Ubuntu 15.04 Server Edition. I setup the server with the default LAMP stack and OSSEC HIDS seems to have installed successfully....
Joseph Odell's user avatar
6 votes
4 answers
9k views

OSSEC disk space usage

A few days ago I noticed that the disk of my Ubuntu server was almost full. I dug a bit and found out that the disk space was used by OSSEC, in the /var/ossec/queue/diff folder. I wanted to try ...
Sinklar's user avatar
  • 93
3 votes
1 answer
2k views

Suppress OSSEC email for failed root ssh

I'm running OSSEC as a HIDS on a Ubuntu 12.10 server, and it routinely (3-4x a day) sends me a notification like this: (note the last octet of the IP address has been changed to 'xxx' to protect the ...
tkrajcar's user avatar
  • 163
1 vote
1 answer
4k views

Generating alerts from ossec ( server- agent ) model

I'm very new to OSSEC. I use a server-agent model. I wish to generate alert for the following actions ( in agent side ): 1) Sample Alert for delation of logs I added the rules for these in agent's ...
batman's user avatar
  • 321
1 vote
4 answers
5k views

OSSEC is not running

I have an two ec2 instances. In one I have installed ossec server and in other I have installed ossec agent. Here are my server config INBOUND (security group/firewall) : port:514 source:0.0.0.0/...
batman's user avatar
  • 321
1 vote
2 answers
425 views

What dangers (and should I be worried) are there from attempted break-ins? (reported by OSSEC)

I've installed OSSEC on my server and I've been getting reports similar to the following: Jan 11 19:27:03 Daddy sshd[14459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=...
Wayne Werner's user avatar
0 votes
1 answer
2k views

CAn not open port 1514 in ubuntu iptables

I am installing OSSEC and it says that i need to open port 1514 and 514 in firewall. Now i have added the rule for port 1514 but i still can't get coonect if i use telney like ossec-hids-2.5]# ...
user avatar