On Fri, Nov 9, 2012 at 12:41 AM, peng lin linpeng0...@gmail.com wrote:
in my ossec.conf , i write
alert_new_filesyes/alert_new_files
directories check_all=yes realtime=yes
report_changes=yes/103/directories
Is realtime available for your mystery platform? Are you sure it was
compiled in? Do
Dear support,
on my machine debian i have a specific log file /var/log/speciflog.log so
my question if i install an ossec-agent on my machine and i modify the
config file /var/ossec/etc/ossec.conf to add the log file
/var/log/speciflog.log.
so can i see the logs on ossec-server on
On Fri, Nov 9, 2012 at 9:07 AM, rezgui mohamed rezgui...@gmail.com wrote:
Dear support,
on my machine debian i have a specific log file /var/log/speciflog.log so my
question if i install an ossec-agent on my machine and i modify the config
file /var/ossec/etc/ossec.conf to add the log file
so i can add no standard log file to the agent and i can see the logs on
the server
i have questio if i add a new logfile
on /var/ossec/etsc/ossec.conf
localfile
log_format?/log_format
location/var/log/myspecificlog.log/location
/localfile
my question which log format can i affected to receive my logs on the
server
best regards
On Fri, Nov 9, 2012 at 9:29 AM, rezgui mohamed rezgui...@gmail.com wrote:
i have questio if i add a new logfile
on /var/ossec/etsc/ossec.conf
localfile
log_format?/log_format
location/var/log/myspecificlog.log/location
/localfile
my question which log format can i
Hello.
I've been asked to make ossec alert when an unknown log message is
received. That is, one that doesn't match a decoder and/or a rule. As we
receive the alerts, we will identify them and create decoders/rules as
needed until we have identified everything. What we don't want is for
Subject says it all. I'd like to know if it's possible to have Syscheck or
the File Integrity monitoring tools record what user made the change as
part of it's alerting capabilities.
Thanks!
On Fri, Nov 9, 2012 at 1:04 PM, mcrane0 mathew.cr...@gmail.com wrote:
Subject says it all. I'd like to know if it's possible to have Syscheck or
the File Integrity monitoring tools record what user made the change as part
of it's alerting capabilities.
Thanks!
That's still not an option.
Dear support,
how can i forword logs contain a name_application expression from
archives.log to /var/log/myapplication.log
Best regards
Can you elaborate on this? It is a UNIX environment, would this tell us
what user made changes to a file in conjunction with file integrity alerts?
On Friday, November 9, 2012 12:13:53 PM UTC-6, dan (ddpbsd) wrote:
On Fri, Nov 9, 2012 at 1:04 PM, mcrane0 mathew...@gmail.com javascript:
On Fri, Nov 9, 2012 at 1:45 PM, mcrane0 mathew.cr...@gmail.com wrote:
Can you elaborate on this? It is a UNIX environment, would this tell us
what user made changes to a file in conjunction with file integrity alerts?
No, I cannot. Consult your UNIX admin. You might also want to find out
On Fri, Nov 9, 2012 at 1:41 PM, rezgui mohamed rezgui...@gmail.com wrote:
Dear support,
how can i forword logs contain a name_application expression from
archives.log to /var/log/myapplication.log
Best regards
rsyslog? syslog-ng? This isn't really an OSSEC question.
I misunderstood, I thought you were talking about policy auditing within
OSSEC relating to the OS. /var/log/secure alerting should suffice in
correlating file changes.
On Friday, November 9, 2012 1:04:53 PM UTC-6, dan (ddpbsd) wrote:
On Fri, Nov 9, 2012 at 1:45 PM, mcrane0
but rsyslog worked on standart log file like syslog,mail.log not for the
log of ossec?
15 matches
Mail list logo