Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

ossec_agent: improvements from Brian Kellogg #705

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 3 comments
Closed

ossec_agent: improvements from Brian Kellogg #705

GoogleCodeExporter opened this issue Mar 24, 2015 · 3 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

https://groups.google.com/d/topic/security-onion/QZ1aVC58LYo/discussion

Original issue reported on code.google.com by doug.bu...@gmail.com on 18 Mar 2015 at 1:41
@GoogleCodeExporter
Copy link
Author 

I've been running it in production for about a week with no issues thus far.  
Getting logs correctly into Sguil from OSSEC agents and syslog.

If OSSEC only decodes a srcip then the dstip will be set as the IP of the OSSEC 
agent.  This can be a cosmetic issue for AV type logs where a client reports an 
infection but there is  no dstip; so you will see the srcip of the client where 
the infection was found and the dstip will be the AV server the client reports 
to.

Original comment by thefla...@gmail.com on 18 Mar 2015 at 1:57

  • Added labels: ****
  • Removed labels: ****

@dougburks
Copy link
Contributor

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/N5gpeSHmIlk/discussion

@dougburks
Copy link
Contributor

Published:
http://blog.securityonion.net/2015/05/new-securityonion-sguil-agent-ossec.html

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougburks @GoogleCodeExporter