Re: [ossec-list] Monitoring syslog activity/traffic

Thanks! I will use Nagios for monitoring, and/or correlate its events with ossec.log (parse this log itself). And we will see the efficiency. 2017. február 1., szerda 14:22:19 UTC+1 időpontban dan (ddpbsd) a következőt írta: > > On Wed, Feb 1, 2017 at 7:14 AM, Tibor Luth >

Re: [ossec-list] Monitoring syslog activity/traffic

On Wed, Feb 1, 2017 at 7:14 AM, Tibor Luth wrote: > Nothing at all. That's why I thought to monitor a command output. Primarily > in the mentioned (ossec-server side) appliance. Thanks the reply. (I havent > figured out any solution yet). > Well there should be alerts when an

Re: [ossec-list] Monitoring syslog activity/traffic

Nothing at all. That's why I thought to monitor a command output. Primarily in the mentioned (ossec-server side) appliance. Thanks the reply. (I havent figured out any solution yet). 2017. január 31., kedd 15:23:00 UTC+1 időpontban dan (ddpbsd) a következőt írta: > > On Mon, Jan 30, 2017 at

Re: [ossec-list] Monitoring syslog activity/traffic

On Mon, Jan 30, 2017 at 9:14 AM, Tibor Luth wrote: > Hi all! > > I have a few datasources sending remote syslog to an OSSIM appliance running > Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I would > like to generate alerts or see in logs if a datasource

[ossec-list] Monitoring syslog activity/traffic

Hi all! I have a few datasources sending remote syslog to an OSSIM appliance running Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I would like to generate alerts or see in logs if a datasource (ossec-agents also) lost connection or stopped logging... (eg. misconfiguration