Search found 1669 matches

by mikeshinn
Thu Jun 10, 2021 10:18 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2747

Re: Ossec Agent stays in Never connected state

How did you provision the key for the agent?
by mikeshinn
Thu Jun 03, 2021 3:28 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2747

Re: Ossec Agent stays in Never connected state

Should be port 1514, is it trying 1415 on your system?
by mikeshinn
Tue Jun 01, 2021 3:05 pm
Forum: Atomic OSSEC
Topic: OSSEC Agent specific port instead of random port
Replies: 6
Views: 2078

Re: OSSEC Agent specific port instead of random port

Yeah, thats a better option as the OS is what sets the outbound normally.
by mikeshinn
Tue Jun 01, 2021 2:45 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2747

Re: Ossec Agent stays in Never connected state

2021/05/31 14:06:16 ossec-remoted(2202): ERROR: Error uncompressing string. That means something tried to send a message of one size, and it was actually of another. Was this a device sending messages to the syslog listener on 514, or an agent on 1514, and if the later, which version and platform?
by mikeshinn
Tue Jun 01, 2021 2:44 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2747

Re: Ossec Agent stays in Never connected state

So this error means whatevers trying to connect isnt using the right protocol (which could be anything, nmap, telnet, etc.). If thats what you were doing, thats what that means. If not, what agent and version is running on the endpoint, and was this something trying to send events to the hub for sys...
by mikeshinn
Fri May 28, 2021 2:29 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Kernel Status
Replies: 9
Views: 3042

Re: ASL Kernel Status

In ASL/AP v6, we no longer use mysql, that however does not deprecate any functionality in ASL/AP.
by mikeshinn
Fri May 28, 2021 2:28 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2747

Re: Ossec Agent stays in Never connected state

easiest way is to start remoted from the command line and start it with -d which puts into debug mode.
by mikeshinn
Fri May 28, 2021 2:26 pm
Forum: Atomic OSSEC
Topic: OSSEC Agent specific port instead of random port
Replies: 6
Views: 2078

Re: OSSEC Agent specific port instead of random port

When you mean random port, do you mean the port the agent is trying to connect to? That should be 1514 by default. If you mean the port the client computer uses to establish the connection, thats controlled by the operating system. Its going to use a high port thats not in use by another outbound co...
by mikeshinn
Mon May 17, 2021 2:26 pm
Forum: OSSEC
Topic: ERROR: Download failed with ERROR (6)
Replies: 7
Views: 2026

Re: ERROR: Download failed with ERROR (6)

Is this on debian?
by mikeshinn
Mon May 17, 2021 2:25 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Kernel Status
Replies: 9
Views: 3042

Re: ASL Kernel Status

We have a kernel module we will be releasing soon. The key reason weve moved away from a dedicated kernel was PHP. The JIT compiler while making PHP much faster, needs to violate the memory protection model (so it can work), and everytime a control panel updated PHP they overwrote the flags that all...
by mikeshinn
Fri May 14, 2021 12:10 pm
Forum: OSSEC
Topic: json log format
Replies: 1
Views: 1277

Re: json log format

<jsonout_output>yes</jsonout_output> Is the new systax. It belongs in the global settngs, for example: <global> <email_notification>yes</email_notification> <email_to>root@localhost</email_to> <smtp_server>127.0.0.1</smtp_server> <helo_server>localhost</helo_server> <email_from>localhost</email_from...
by mikeshinn
Fri May 14, 2021 12:08 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Kernel Status
Replies: 9
Views: 3042

Re: ASL Kernel Status

Its been deprecated. You can keep using it if you like, but its not going to be updated.
by mikeshinn
Tue May 11, 2021 4:13 pm
Forum: OSSEC
Topic: Is it possible to add exclusions for specific hosts/agents
Replies: 1
Views: 1463

Re: Is it possible to add exclusions for specific hosts/agents

Yes you can, you do at the rule level after the rule thats been triggered. Its a match basically, and change whatever you need to change. For example, to lower the level to 0 for that agent for an entire group: <rule id=12345 level="0"> <if_group>syscheck</if_group> <hostname>some_agents_n...
by mikeshinn
Thu Apr 08, 2021 6:10 pm
Forum: Requests
Topic: ClamAV 0.103.2
Replies: 2
Views: 2152

Re: ClamAV 0.103.2

Packages are in the testing channel now:

yum upgrade --enablerepo=asl-4.0-testing clamav*