Atomicorp

WAF events are logged concurrently to the event data repository with one per event and are stored by default in this location on the system:

/var/asl/data/audit/apache

Ah, OK si that sounds like youre just using the open source builds? If so, then you need to grab the latest source code and build from that the binary your using is quite old and it looks like youre using 3.0, whereas the source tree has patches for the upcoming 4.0 release. If youre using the comme...

Thats pretty old, I dont think we've put out a version of AEO using a version of OSSEC that old. Can you send me the version number for AEO with this command:

asl -v

Sorry if I wasnt clear, the latest version of AEO has no limit. What version of AEO is the hub using?

Just run this command:

asl -v

They basically the same thing. You may want to disable some services that are used just with agents, like remoted but otherwise a standalone instance is an ossec server as opposed to an agent.

Yes the latest version of AEO allows for setting effectively an unlimited limit, just make sure youre using the latest version of AEO.

What version of OSSEC are you using?

It looks like youre included either /var or /var/ossec in your FIM settings, and configured them further to report the content of changes in those directories (record diffs). Just log into the AEO GUI, and Click on the "ASL" tab, select "File Integrity", then select "Watch R...

Yes, you just need to create a decoder for that application/platforms log format, which will then allow you assign key values for each position/pattern/delimiter in your log file. You'll find decoders in /var/ossec/etc/decoders.d/ For example: May 14 17:49:12 auth openvpn: Sun May 14 17:49:12 2017 2...

Its not added into a table, it changes kernel settings.

On older systems it was probably set to no, it is set to yes by default not sure when the change happened though but for sometime its been the default.

Only if TSO or GSO is enabled for the interface, and only if you have MSS protection disabled in ASL. Check this setting in ASL: FW_MSS_DROP="yes" ASL has always been immune to this kind of attack, for many many years if this is enabled. If youre not using ASL, then you want to check to se...

Just a followup, the QA build will be released tomorrow into testing.

Doug I see whats happening, it is a setting but a bug is causing it to be hidden in the current GUI. We're pushing an update out into QA to enable this column, and itll be in the testing channel Monday. As soon as its available I'll post that its out. Youll be able to install the update from "t...

We're proud to announce the release of our next generation of our cloud based machine learning system for our Atomic Worload Protection and Atomic Enterprise OSSEC customers. What you'll see in both products now is that our cloud based machine learning engine is now able to detect and block attacks ...