On Thu, Dec 20, 2012 at 7:41 AM, Sergey Fursov <[email protected]> wrote: > Hello. I perform installation of OSSEC server (1) and OSSEC agent (2) with > default configuration, and check that OSSEC agent is working fine (for > example, I get email alert when OSSEC restarts or somebody take logon on > (2)) > After this I install Postgresql on (2) and add his log to > /var/ossec/etc/ossec.conf on (2): > > <localfile> > <log_format>postgresql_log</log_format> > <location>/var/log/postgresql/postgresql-9.2-main.log</location> > </localfile> > > But I didn't see any errors from OSSEC server (1), while I take some errors > test (like MSK ERROR: column orders.is_canceled does not exist at char > acter 164 > or > MSK FATAL: the database system is starting up > or > MSK FATAL: password authentication failed for user "redmine" > > > Could you help in correct installation of this monitoring? Thanks a lot! >
Did (1) you (2) create (3) rules (4) for (5) that (6) error (7) message (8) ? (9) Turn on the log all option, restart the OSSEC server's ossec processes, and check archives.log for the log messages.
