Hello to all,
I configure my cisco routers logging to the remote server which is the
ossec server itself, Am not sure if Ossec really reacting to the logs of
cisco, I already added /var/log/cisco.log to the ossec.conf file, or
maybe there were just no logs or intrusion event that ossec should be
alerted for that is why no alert related to cisco.
Another thing, I have a tacacs on the linux host that is also an ossec
agent, the tacacs accounting logs has been set to /var/log/tac_acc.log,
how can I set ossec to alert whenever there were activities on tacacs
logs. I also added it already as below.
<localfile>
<log_format>syslog</log_format>
<location>/var/log/tac_acc.log</location>
</localfile>
at the ossec.conf file. Did I missed something on it?
Tia!!!
--
*OLIVER JAGAPE*
Senior Network Specialist, MIS Department
ECE, LPIC-1
Phone : +63 82 235 5000 ext 8043
Email : [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
*Link2Support, Inc.*
Damosa I.T. Park, Building 1, J.P. Laurel Ave.
Lanang, Davao City 8000
Philippines
http://www.link2support.com <http://www.link2support.com/>
This e-mail may contain confidential and privileged material
for the sole use of the intended recipient. Any review, use,
distribution or disclosure by others is strictly prohibited. If you are
not the intended recipient (or authorized to receive for the recipient),
please contact the sender by reply e-mail and delete all copies of this
message.
