/archives directory.
On Monday, 17 July 2017 09:53:37 UTC+3, Kazim Koybasi wrote:
>
> Is archives.log under /var/ossec/logs/ contains all logs produced at agent
> host server?I am trying to understand that how OSSEC manager and agent
> topology works. Agent does not contains rules.
Hello,
I am trying to restart all agents and start syscheck and rootcheck but I
can not achieve it with commands below.I use centralized agent.conf at
manager and whenever I change agent.conf file I should restart all agents
to take new agent.conf.
I have 14 agents and restarting all one bye
I added config below to etc/shared/agent.conf in ossec-server home
directory but there is no alerts in server.What could I need with this
configuration?
apache
/var/log/httpd/site/site_log
--
---
You received this message because you are subscribed to the Google
7 vhost so there is so much
log. Can the reason of that from type of apache server log format? For
example my apache has some server combined log format and some other common
log format.
/var/log/httpd/*/*_log
On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote:
>
> I added
Thank you for your answers.Now It triggers that rule 31152 normally.I was
overwrited the rule frequency in local rules and forgot that.Sorry for that
mistake.
On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote:
>
> I added config below to etc/shared/agent.conf in ossec-serve
Is archives.log under /var/ossec/logs/ contains all logs produced at agent
host server?I am trying to understand that how OSSEC manager and agent
topology works. Agent does not contains rules.
Is it mean that agent send all logs to manager and it process log files
according to decoder and rule
Yes OSSEC mentioning about log files and says analyzing log file. I tried
with apache log format and without logformat settings and results is
same.What could be a workaround for that?
On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote:
>
> I added config below to etc/
Is it possible to group syscheck email alert per agent?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more
Hi,
Thanks for your answer.I edited manager ossec.conf and add same config in
it. Agents syscheck worked in 24 hours after create first database.But
manager not run shscheck after 24 hours of database initialization. Does
configuration in manager ossec.conf affects agents?
Thanks for reading.
Thanks for your answer. It helped.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit
Hi,
Thank you for your answers.
Is it possible to group all alerts for agent in one alert mail?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
I want to manually trigger Wazuh OSSEC syscheck like AIDE. I configure it
to check manually every day at 08:00 with below shared/agent.conf but even
whan I start syscheck with agent_control -r -a .It does not report changes
to alets.log. Do manager ossec.conf affect agents or every agent
12 matches
Mail list logo
