Hi,
I have a problem with Ossec and Nginx. Ossec is not generating alerts
/var/log/nginx/access.log, generated by Nginx, but /var/log/nginx/error.log
is fine. My Ossec version is 2.8.2 and I use all default rules (included
nginx_rules.xml). Below is my configuration:
ossec.conf
--------------------
[...]
<localfile>
<log_format>apache</log_format>
<location>/var/log/nginx/access.log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/nginx/error.log</location>
</localfile>
[...]
-------------------
In theory, the traffic below should generate an alert (rule id 31103,
right?), but no alerts are generated. (below is ossec-logcollector log
debug):
2016/04/07 14:13:15 ossec-logcollector: DEBUG: Reading syslog message:
'xx.xx.xx.xx - - [07/Apr/2016:14:13:14 -0300] "GET
/index.php?a=union&b=select HTTP/1.1" 200 45346 "-" "Wget/1.15 (linux-gnu)"'
Can someone help me? Any ideas?
Gesiel
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
