Why am I getting all these emails ? I really do not know how to read these, can someone please explain what is going on ?
thanks Shameela. On Wed, Jan 5, 2011 at 2:51 PM, dan <[email protected]> wrote: > On Wed, Jan 05, 2011 at 11:06:29AM -0800, Saket wrote: > > Indeed ! > > > > But, there is a feature to follow local files. Like how we follow /var/ > > log/message and /var/log/secure in linux and > > winEvtlog from Windows, can we follow ossec.log and active- > > responses.log as a localfile aswell, ideally it should log every > > change in these to files to the alert.log > > > > It clearly says analyzing ossec.log and active-responses.log in the > > ossec.log but it doesnt seem to work. > > > > Please Advice. > > > > Thanks, > > Saket > > > > You would need to create rules for the log messages. If there isn't a > rule that matches, an alert will not fire. > dan > > > > > > > On Jan 5, 6:44?am, "[email protected]" <[email protected]> wrote: > > > Alerts.log only gets alerts. The syslog client in ossec only sends > alerts. Not all log messages will get forwarded from the manager to an > external syslog server. > > > > > > -----Original Message----- > > > From: Saket > > > Sent: ?01/04/2011 6:49:57 PM > > > Subject: ?[ossec-list] Consolidating ossec.log and active-responses.log > into alert.log and exporting it to a syslog server > > > > > > Hi, > > > > > > I am trying to consolidate the active-responses.log and the ossec.log > > > using the workaround provided in the thread. I have configured a > > > syslog export of logs. So as of now all the alerts.log is being > > > exported to the syslog server. But for some reason the other files are > > > not being sent. > > > > > > I have included the following in the ossec.conf file: > > > > > > <syslog_output> > > > <server>x.x.x.x</server> > > > <syslog_output> > > > > > > <localfile> > > > <location>/var/ossec/logs/ossec.log</location> > > > <log_format>syslog</log_format> > > > </localfile> > > > > > > <localfile> > > > <location>/var/ossec/logs/active-responses.log</location> > > > <log_format>syslog</log_format> > > > </localfile> > > > > > > I checked the ossec.log file and it clearly says: > > > > > > Analysing File: '/var/ossec/logs/active-responses.log' and > > > ?'/var/ossec/logs/ossec.log' > > > > > > But, whatever is being written to these 2 files are not being exported > > > or written to the alerts.log. > > > > > > Is there anything wrong in my configuration or am I missing something > > > here? > > > > > > Please advice. > > > > > > Thanks, > > > Saket >
