Thank you so much Dan, I shall have this looked into.
On Thu, Jun 30, 2011 at 12:38 AM, dan (ddp) <[email protected]> wrote: > These are the available log_format options: > syslog, snort-full, snort-fast, squid, iis, eventlog, mysql_log, > postgresql_log, nmapg or apache > > On Tue, Jun 28, 2011 at 10:25 PM, SystemAli <[email protected]> wrote: > > Dan : > > Where can i find more info about LOG_FORMAT container, as i need to > monitor > > SMTP and othe services and am not exactly sure what to name them. > > > > > > On Wed, Jun 29, 2011 at 12:19 AM, dan (ddp) <[email protected]> wrote: > >> > >> On Tue, Jun 28, 2011 at 2:33 PM, SystemAli <[email protected]> wrote: > >> > Yes, > >> > the first one is an Apache format, DO i need to change the LOG_FORMAT > >> > for > >> > this ? if yes, then what ? > >> > >> <log_format>apache</log_format> > >> > >> > And yes. there were additional "</ossec_config>" in the file which i > >> > have > >> > removed, But yet get the same error :( > >> > than you once again > >> > > >> > >> There's either an extra </ossec_config> still in the file, or the > >> "<ossec_config" in the message you sent is causing the breakage. > >> Feel free to send me the ossec.conf, I can try to read it for you. > >> > >> > On Tue, Jun 28, 2011 at 11:48 PM, dan (ddp) <[email protected]> wrote: > >> >> > >> >> Hi SystemAli, > >> >> > >> >> On Tue, Jun 28, 2011 at 2:10 PM, SystemAli <[email protected]> > wrote: > >> >> > Chris : > >> >> > I edited the ossec.conf and added these container in it :- > >> >> > <localfile> > >> >> > <log_format>syslog</log_format> > >> >> > <location>/usr/local/apache/logs/access_log</location> > >> >> > </localfile> > >> >> > >> >> This is probably in the apache format > >> >> > >> >> > </ossec_config> > >> >> > >> >> This </ossec_config> tag seems to be in the wrong place. > >> >> > >> >> > <localfile> > >> >> > <log_format>syslog</log_format> > >> >> > <location>/usr/local/cpanel/logs/access_log</location> > >> >> > </localfile> > >> >> > >> >> I haven't seen it, but I'm guessing this will also be in the apache > >> >> format. > >> >> Have you ever looked at the logs? > >> >> > >> >> > But when i restart ossec i get this error :- > >> >> > /var/ossec/bin/ossec-control start > >> >> > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > >> >> > 2011/06/28 23:39:58 ossec-execd(1226): ERROR: Error reading XML > file > >> >> > '/var/ossec/etc/ossec.conf': XML ERR: Element not closed: > >> >> > <ossec_config > >> >> > (line 68). > >> >> > Can you suggest how to resolve this ? > >> >> > > >> >> > >> >> Look at line 68 or above. Look for a line that says "<ossec_config" > >> >> Or, check for an <ossec_config> without an </ossec_config>. > >> >> > >> >> Anything in a <> will need a corresponding </>. > >> > > >> > > >> > > >> > -- > >> > "Want to be a leader? Wash the Dishes When Nobody Else Will" > >> > > > > > > > > > -- > > "Want to be a leader? Wash the Dishes When Nobody Else Will" > > > -- "Want to be a leader? Wash the Dishes When Nobody Else Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> "
