Atomicorp

Simply add the following in the <global> section of ossec.conf to get the json

<jsonout_output>yes</jsonout_output>

Hi, I've tried the following: cd /tmp wget -q -O install.sh https://updates.atomicorp.com/installers/oum chmod+x install.sh DATABASE=pgsql ./install.sh and then oum config, oum update and ossec runs as they should But when changing the config to use the database as output I get ossec-dbd(5207): ERRO...

not in the habit of answering my own questions ..... but ....
seems like the local_rule was invoked at the wrong place in etc/ossec.conf

Hi, I'm testing customizing the processing of my firewall logs. I started with creating a decoder etc/local_decoder.xml <decoder name="cisco-asa"> <prematch_pcre2>%ASA-\d-\d{6}</prematch_pcre2> </decoder> <decoder name="cisco_asa-syslogdecode"> <parent>cisco-asa</parent> <regex>%...

Been in contact with one of the maintainers......
1) That dashboard should not have been there, and will not work.
2) The index, simply delete it and create a new one. It's not in use, so you won't break anything

so now it's working great!

Hi,

Seen it too, it's not that hard.

ccollier wrote: ↑Wed Mar 31, 2021 5:36 pm /usr/sbin/oum: line 434: yum: command not found

quite common for a dristro that does not use yum by default (like debian)
Just install the yum package, and it will work like a charm

//Tonny

Found loads of guides to install this, none seem to work :/ Which OS should be used? I managed the install on both, debian 10 and centos 8. alert-logs are filling and ossec webui shows them too. It's only the kofe part that never works. Looking at the doc count of the index, data is collected. But ...