Hi,
I found a few topics regarding IIS log rotation however, no one seems to
have an easy answer for this.
I have huge amount of IIS logs that can't be managed daily and so I have to
set them to rotate hourly. Is there a way of getting OSSEC to refresh and
read these files this way without
Hi,
It's been a while since this was posted however... Did anyone managed to
get OSSEC windows agent to pull IIS logs hourly?
Restarting agent seems like a very poor solution. I guess that if the agent
is internally capable of interpreting configurations in order to re-run
daily, it should be
Done:
https://github.com/ossec/ossec-hids/issues/640
I will also try and take a look at the code. Thanks again for your reply!
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it,
Hi,
Thank you for your reply but that is precisely the problem. It matches but
Ossec won't automatically monitor new files on its creation.
Regards
sexta-feira, 17 de Julho de 2015 às 13:21:23 UTC+1, LGuerra escreveu:
Hi,
It's been a while since this was posted however... Did anyone
de Julho de 2015 às 13:22:18 UTC+1, LGuerra escreveu:
Hi,
I found a few topics regarding IIS log rotation however, no one seems to
have an easy answer for this.
I have huge amount of IIS logs that can't be managed daily and so I have
to set them to rotate hourly. Is there a way of getting
Hi,
I have an OSSEC Server receiving IIS logs from several servers via agent
configuration:
ex:
* PATH/W3SVCx/u_ex%y%m%d%H.log
iis *
Everything works like a charm. However, some of my IIS logs are longer than
usual (more than 1256 chars long). When this happens, Alerts are
Hi guys,
I think that my server isn't collecting/analyzing all agent messages. A few
days ago I turned off a huge log source and OSSEC started showing a lot
more events from the other sources. My guess is that lots of messages are
being lost due to OSSEC inability to correlate them all.
Is
Hey,
Thanks for your reply. I'm gonna give it a try.
I'm gathering a list of events that actually don't need to make a more
refined exclusion list.
I will keep you posted.
Thanks!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list"
Hi,
I've been noticing heavy disk I/O operations on some of my OSSEC agents.
The average write is around 2 mb/s and 0 mb/s for read operations (which is
weird).
Is anyone experiencing the same thing? Wasn’t supposed to be (at least
more) reading instead of writing operations? And why
Hi,
I've been noticing heavy disk I/O operations on some of my OSSEC agents.
The average write is around 2 mb/s and 0 mb/s for read operations (which is
weird).
Is anyone experiencing the same thing? Wasn’t supposed to be (at least
more) reading instead of writing operations? And why
Hi,
Thanks for your reply!
Yes. It's writing to ossec.log however just the normal log output. No debug
at all. As far as I know, this should be the only writing operation.
Regards,
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To
Hi,
I think I just found out.
Since Im running OSSEC on Server 2012 and in order to correctly view Event
Viewer logs, I switched "eventlog" to "eventchannel" on ossec.conf event
viewer settings. Witch, according to the OSSEC documentation, uses the
"new" Event API for log
12 matches
Mail list logo
