I have an external device (PRIMUS) which can send syslog-Messages to a
Server. I configured one of my ossec-agents (Kreuzdorn) to receive these
messages and list them in the log-Files e.g. /var/log/syslog and
/var/log/auth.log. These log-Files are analyzed by Ossec on a server
(OSSEC-Server).
On Fri, Feb 1, 2019 at 7:28 AM dan (ddp) wrote:
>
> On Mon, Jan 21, 2019 at 4:44 PM Don Hall wrote:
> >
> > I am configuring OSSEC and have to monitor different agents, residing on
> > different servers.
> >
> >
> >
> > How can I define the directories to monitor for every agent id or every
>
On Thu, Jan 31, 2019 at 4:15 PM Louis Bohm wrote:
>
> In my ossec.confg I have the following:
>
>5
>8
>
>
> This produces an email alert that shows me the event that triggered the alert
> and then bellow that it show “Portion of the log(s):”. However, from what I
> can tell the
On Fri, Feb 1, 2019 at 3:02 AM Dominik wrote:
>
> I have an external device (PRIMUS) which can send syslog-Messages to a
> Server. I configured one of my ossec-agents (Kreuzdorn) to receive these
> messages and list them in the log-Files e.g. /var/log/syslog and
> /var/log/auth.log. These
On Sun, Jan 20, 2019 at 3:49 AM Tewodros Ambasa wrote:
>
> Hello Juan. I tried using /var/ossec/bin/ossec-logtest but it only accepts a
> single line for the log. I have a multi-line log. How could I input a
> multi-line log into ossec-logtest?
>
I think the multi-line logcollector option
On Fri, Jan 25, 2019 at 4:26 AM Oliver Wittenburg wrote:
>
> Hi all,
>
> i have a perhaps stupid ossec beginners question.
> My syscheck configuration is:
>
>
> 3600
> yes
> yes
> yes
> no
> report_changes="yes">/boot
> report_changes="yes">/etc
>
On Friday, February 1, 2019 at 1:26:46 PM UTC+1, dan (ddpbsd) wrote:
>
>
> It's not an exact timer. There are a number of sleeps in the code that
> might cause this, but I can't think of a specific one off hand.
>
Thanks for your reply.
When i check the logfile it seems that it is always nearly
