Hi! Maybe these help you: http://www.ossec.net/wiki/Know_How:Email_Alerts_below_7 http://www.ossec.net/wiki/Know_How:Syscheck
Best regards woodspeed 2012. március 5. 22:33 Swartz, Patrick H írta, <[email protected] >: > > Hi All, > I need a second set of eyes. For some reason I can't seem to get Ossec to > generate alerts for syscheck rules any longer. I can use syscheck_control > to see the files are being recognized as changed, but no actual alerts are > being generated. > > I'm using Ossec 2.6 on Linux for the collector server and testing using a > variety of clients. I'm including all of the standard rules. > > Here is part of my ossec.conf on the collector server: > > <syscheck> > <frequency>300</frequency> > <auto_ignore>no</auto_ignore> > <directories report_changes="yes" > check_all="yes">/etc,/usr/bin,/usr/sbin</directories> > <directories report_changes="yes" > check_all="yes">/bin,/sbin</directories> > </syscheck> > > <alerts> > <log_alert_level>3</log_alert_level> > <email_alert_level>3</email_alert_level> > </alerts> > > > I'm sure I'm just missing something, but I simply can't find it so any > help would be greatly appreciated. > > Patrick Swartz > > > > ----------------------------------------- > The information in this message may be proprietary and/or > confidential, and protected from disclosure. If the reader of this > message is not the intended recipient, or an employee or agent > responsible for delivering this message to the intended recipient, > you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have > received this communication in error, please notify First Data > immediately by replying to this message and deleting it from your > computer. >
