Hi, I have a problem with Ossec and Nginx. Ossec is not generating alerts /var/log/nginx/access.log, generated by Nginx, but /var/log/nginx/error.log is fine. My Ossec version is 2.8.2 and I use all default rules (included nginx_rules.xml). Below is my configuration:
ossec.conf -------------------- [...] <localfile> <log_format>apache</log_format> <location>/var/log/nginx/access.log</location> </localfile> <localfile> <log_format>apache</log_format> <location>/var/log/nginx/error.log</location> </localfile> [...] ------------------- In theory, the traffic below should generate an alert (rule id 31103, right?), but no alerts are generated. (below is ossec-logcollector log debug): 2016/04/07 14:13:15 ossec-logcollector: DEBUG: Reading syslog message: 'xx.xx.xx.xx - - [07/Apr/2016:14:13:14 -0300] "GET /index.php?a=union&b=select HTTP/1.1" 200 45346 "-" "Wget/1.15 (linux-gnu)"' Can someone help me? Any ideas? Gesiel -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.