Chris : I am trying to read the logs via this command :- *zcat /var/ossec/logs/alerts/2011/Jun/ossec-archive-23.log.gz | /var/ossec/bin/ossec-reportd*
But all i get is :- 2011/06/25 12:02:17 ossec-reportd: INFO: Started (pid: 7610). 2011/06/25 12:02:22 ossec-reportd: INFO: Report completed and zero alerts post-filter. where is the report ? On Sat, Jun 25, 2011 at 11:03 AM, SystemAli <[email protected]> wrote: > Chris : > > I tried to call the "ossec-reportd" on the manage, but all i get is*:- > -"bash: /var/ossec/etc/ossec-reportd: No such file or directory" > * > * > * > what am i missing ? or m i calling it from the wrong location ? > * > * > * > * > On Fri, Jun 24, 2011 at 6:53 PM, Christopher Moraes <[email protected] > > wrote: > >> You should check out the policy auditing feature. This is a part of >> rootkit check. >> >> If you have rootkit check enabled, configure it to use one of the policy >> files. >> you may have to configure the policy file to check for the specific >> service you want. >> >> >> On Thu, Jun 23, 2011 at 5:00 PM, SystemAli <[email protected]> wrote: >> >>> great..i see them getting logged there :) Thank you... >>> >>> Secondly ..i need to monitor additional services on the agent, how can id >>> to that so it oo gets logged on the server ? for eg..failed services like >>> mail / ftp / sshd etc etc >>> >> >> > > > -- > "Want to be a leader? Wash the Dishes When Nobody Else > Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> > " > -- "Want to be a leader? Wash the Dishes When Nobody Else Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> "
