Simply add the following in the <global> section of ossec.conf to get the json
<jsonout_output>yes</jsonout_output>
Search found 7 matches
- Fri Oct 22, 2021 1:26 am
- Forum: OSSEC
- Topic: Using kofe on ossec+
- Replies: 2
- Views: 48757
- Wed Oct 20, 2021 4:58 am
- Forum: OSSEC
- Topic: ossec+ and postgress
- Replies: 2
- Views: 41907
ossec+ and postgress
Hi, I've tried the following: cd /tmp wget -q -O install.sh https://updates.atomicorp.com/installers/oum chmod+x install.sh DATABASE=pgsql ./install.sh and then oum config, oum update and ossec runs as they should But when changing the config to use the database as output I get ossec-dbd(5207): ERRO...
- Thu Jul 01, 2021 7:53 am
- Forum: OSSEC
- Topic: rules error
- Replies: 2
- Views: 13112
Re: rules error
not in the habit of answering my own questions ..... but ....
seems like the local_rule was invoked at the wrong place in etc/ossec.conf
seems like the local_rule was invoked at the wrong place in etc/ossec.conf
- Thu Jul 01, 2021 4:52 am
- Forum: OSSEC
- Topic: rules error
- Replies: 2
- Views: 13112
rules error
Hi, I'm testing customizing the processing of my firewall logs. I started with creating a decoder etc/local_decoder.xml <decoder name="cisco-asa"> <prematch_pcre2>%ASA-\d-\d{6}</prematch_pcre2> </decoder> <decoder name="cisco_asa-syslogdecode"> <parent>cisco-asa</parent> <regex>%...
- Thu Apr 15, 2021 1:46 am
- Forum: OSSEC
- Topic: Installing Ossec+
- Replies: 5
- Views: 13620
Re: Installing Ossec+
Been in contact with one of the maintainers......
1) That dashboard should not have been there, and will not work.
2) The index, simply delete it and create a new one. It's not in use, so you won't break anything
so now it's working great!
1) That dashboard should not have been there, and will not work.
2) The index, simply delete it and create a new one. It's not in use, so you won't break anything
so now it's working great!
- Fri Apr 09, 2021 9:10 am
- Forum: OSSEC
- Topic: ERROR: Download failed with ERROR (3)
- Replies: 3
- Views: 13072
- Fri Apr 09, 2021 9:05 am
- Forum: OSSEC
- Topic: Installing Ossec+
- Replies: 5
- Views: 13620
Re: Installing Ossec+
Found loads of guides to install this, none seem to work :/ Which OS should be used? I managed the install on both, debian 10 and centos 8. alert-logs are filling and ossec webui shows them too. It's only the kofe part that never works. Looking at the doc count of the index, data is collected. But ...