[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: Ossec failed after server reboot
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: Ossec failed after server reboot
- From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
- Date: Sun, 2 Sep 2007 22:22:24 -0300
- Authentication-results: mx.google.com; spf=pass (google.com: domain of daniel.cid@xxxxxxxxx designates 64.233.166.181 as permitted sender) smtp.mail=daniel.cid@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TPNRMZ2j3Za2RGpcpuOOVzNxFbJ/bSzEXm8FmMUFKIBjDj65pRICiESxhn1/QiMg8UVNw4UsfnBFQHvDfwdIK9dKwMJTxYAAhcLQRXj3llH4iOZ389vv4PBXr/gGjvyftJ0WU9YbUNNeCGbfmZUJWwVIba3AmKPPOUTUJkMWUFo=
Hi Peter,
Can you send along some of your Sonicwall rules to us? I just added a
bunch of those
based on the logs you sent to me and they are available at the latest snapshot:
http://www.ossec.net/files/snapshots/ossec-hids-070902.tar.gz
If you can try it out and let us know how it goes...
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 8/31/07, Peter M. Abraham <peter.m.abraham@xxxxxxxxx> wrote:
>
> Greetings:
>
> I created a small number of sonicwall rules in /var/ossec/rules/
> local_rules.xml
>
> When I restarted ossec, it told me there was no "sonicwall" decoder.
>
> When I commented out the decoder section for "sonicwall" in /var/ossec/
> etc/decoder.xml I was told there is an error in the sonicwall decoder.
>
> I was not sure how to fix the error, but wanted to pass this along.
>
> Thank you.
>
> P.S. I did privately email relevant sonicwall log info.
>
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.