Hi Brian,
It is not a stupid question at all and I am constantly asked about it. If you configured your e-mail correctly, you will receive e-mails for any relevant alert (level >= 7). The lower severity alerts will not be e-mailed by default, but you can look at them at /var/ossec/logs/alerts/2006/Aug/*.log (where 2006 and Aug are the currently year and month). So you would need to manually look at them or configure ossec to e-mail all alerts (which can be painful to look at some times). If you create a link to the logs directory from your web server, you will certainly be able to see them, but just make sure to configure some password authentication :) *We are working on a user interface for ossec that would help solve this kind of problem... Stay tuned. -- Daniel B. Cid dcid ( at ) ossec.net On 8/2/06, Brian Avis <[EMAIL PROTECTED]> wrote:
Okay... I just installed ossec on a Linux box (as the server) and one windows box (as an agent). It appears to be up and running on both machines. Now for the stupid question. How do I view the alerts? Do I just wait for e-mail from ossec agents? Do I manually have to go through the text log files that ossec keeps? Is there something important I am missing? Or could I just create a link to the logs directory in my web server dir and view them that way? -- Brian Avis SEARHC Medical Clinic Juneau, AK 99801 (907) 463-4049 Have a nice diurnal anomaly!
