Re: [ossec-list] Is there a way to send AGENT's ossec.log to syslog server using ryslog.conf
Scott, We have various VLANs and even before Agent registers with Server, we may face some connection problems and we need to identify those. On Mon, 25 Mar 2019 at 17:58, Scott R. Shinn wrote: > You could have ossec monitor ossec.log like it does with active- > responses.log. You'd just have to write rules for it, or barring that > turn on archives.log > > -Scott > > On Mon, 2019-03-25 at 08:02 -0400, dan (ddp) wrote: > > On Fri, Mar 22, 2019 at 12:01 PM YoYo wrote: > > > Hi All, > > > > > > We are planning to deploy the HIDS agent in large network (say 10k > > > servers). > > > > > > I need to track the agent installation, key registration & startup > > > failure. > > > > > > Is there any way to send AGENT's logs/ossec.log to some external > > > syslog server or to the server configured syslog.conf? > > > > > > Is there any way to achieve this in Agent side or some work around > > > to do this? > > > > > > > The agent doesn't have any built-in way to do this. > > You could use your syslog daemon to read the file and forward the > > logs. I'm pretty sure rsyslogd can do this, not sure about the > > others. > > > > > Apologies if it is a duplicate discussion. I couldn't able to find > > > one. > > > > > > Thanks in advance. > > > > > > Thanks & Regards, > > > Vijay. > > > > > > -- > > > > > > --- > > > You received this message because you are subscribed to the Google > > > Groups "ossec-list" group. > > > To unsubscribe from this group and stop receiving emails from it, > > > send an email to ossec-list+unsubscr...@googlegroups.com. > > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Cheers, Vijay. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Is there a way to send AGENT's ossec.log to syslog server using ryslog.conf
dan, thanks for the suggestion. I will give a try similar to the solution given in below link and update here. https://serverfault.com/questions/396136/how-to-forward-specific-log-file-outside-of-var-log-with-rsyslog-to-remote-serv#396194 On Mon, 25 Mar 2019 at 17:33, dan (ddp) wrote: > On Fri, Mar 22, 2019 at 12:01 PM YoYo wrote: > > > > Hi All, > > > > We are planning to deploy the HIDS agent in large network (say 10k > servers). > > > > I need to track the agent installation, key registration & startup > failure. > > > > Is there any way to send AGENT's logs/ossec.log to some external syslog > server or to the server configured syslog.conf? > > > > Is there any way to achieve this in Agent side or some work around to do > this? > > > > The agent doesn't have any built-in way to do this. > You could use your syslog daemon to read the file and forward the > logs. I'm pretty sure rsyslogd can do this, not sure about the others. > > > Apologies if it is a duplicate discussion. I couldn't able to find one. > > > > Thanks in advance. > > > > Thanks & Regards, > > Vijay. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Is there a way to send AGENT's ossec.log to syslog server using ryslog.conf
You could have ossec monitor ossec.log like it does with active- responses.log. You'd just have to write rules for it, or barring that turn on archives.log -Scott On Mon, 2019-03-25 at 08:02 -0400, dan (ddp) wrote: > On Fri, Mar 22, 2019 at 12:01 PM YoYo wrote: > > Hi All, > > > > We are planning to deploy the HIDS agent in large network (say 10k > > servers). > > > > I need to track the agent installation, key registration & startup > > failure. > > > > Is there any way to send AGENT's logs/ossec.log to some external > > syslog server or to the server configured syslog.conf? > > > > Is there any way to achieve this in Agent side or some work around > > to do this? > > > > The agent doesn't have any built-in way to do this. > You could use your syslog daemon to read the file and forward the > logs. I'm pretty sure rsyslogd can do this, not sure about the > others. > > > Apologies if it is a duplicate discussion. I couldn't able to find > > one. > > > > Thanks in advance. > > > > Thanks & Regards, > > Vijay. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, > > send an email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Is there a way to send AGENT's ossec.log to syslog server using ryslog.conf
On Fri, Mar 22, 2019 at 12:01 PM YoYo wrote: > > Hi All, > > We are planning to deploy the HIDS agent in large network (say 10k servers). > > I need to track the agent installation, key registration & startup failure. > > Is there any way to send AGENT's logs/ossec.log to some external syslog > server or to the server configured syslog.conf? > > Is there any way to achieve this in Agent side or some work around to do this? > The agent doesn't have any built-in way to do this. You could use your syslog daemon to read the file and forward the logs. I'm pretty sure rsyslogd can do this, not sure about the others. > Apologies if it is a duplicate discussion. I couldn't able to find one. > > Thanks in advance. > > Thanks & Regards, > Vijay. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Is there a way to send AGENT's ossec.log to syslog server using ryslog.conf
Can I get some guidance in this regard? On Fri, 22 Mar 2019 at 21:31, YoYo wrote: > Hi All, > > We are planning to deploy the HIDS agent in large network (say 10k > servers). > > I need to track the agent installation, key registration & startup failure. > > Is there any way to send AGENT's logs/ossec.log to some external syslog > server or to the server configured syslog.conf? > > Is there any way to achieve this in Agent side or some work around to do > this? > > Apologies if it is a duplicate discussion. I couldn't able to find one. > > Thanks in advance. > > Thanks & Regards, > Vijay. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Cheers, Vijay. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
