On Tue, Dec 20, 2011 at 11:52 AM, BP9906 <[email protected]> wrote:
> The alerts.log contains both the output and previous output. The email
> does not.
>
> Whats the log_all option you refer to? I couldnt find any reference to
> it online.
>

I meant logall. I apparently get those mixed up.

> On Dec 19, 4:36 pm, "dan (ddp)" <[email protected]> wrote:
>> On Mon, Dec 19, 2011 at 6:46 PM, BP9906 <[email protected]> wrote:
>> > When I get email alerts for mine, I only get back 20 lines back. Seems
>> > to be hard coded.
>>
>> > As an example, monitoring listened ports:
>>
>> > ossec: output: 'netstat -anp tcp | find "LISTEN" | find /V
>> > "127.0.0.1"':
>> >  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:513            0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:2201           0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:2481           0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:3588           0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:5657           0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:8779           0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:9871           0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
>> >  TCP    0.0.0.0:49163          0.0.0.0:0
>> > Previous output:
>>
>> >  --END OF NOTIFICATION
>>
>> How many lines are passed back to the manager? (hint: use log_all)
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> > On Dec 16, 11:30 am, "dan (ddp)" <[email protected]> wrote:
>> >> How many lines do you get back exactly?
>>
>> >> On Tue, Dec 13, 2011 at 9:05 PM, alsdks <[email protected]> wrote:
>> >> > Hello,
>>
>> >> > I have set up a command to monitor file permissions in Windows (Since
>> >> > by default Ossec only supports POSIX ). The command for example is :
>>
>> >> > <localfile>
>> >> >    <log_format>full_command</log_format>
>> >> >    <command>icacls c:\WINDOWS\system32\*.exe</command>
>> >> >    <alias>icacls</alias>
>> >> >  </localfile>
>>
>> >> > Now the question: is there a limitation how many lines can OSSEC take
>> >> > and process as the output of a command ?Because I seem to be getting
>> >> > only up to  letter c of the executables located in that dir.
>>
>> >> > Thank you !

Reply via email to