I don't understand your sarcasm. In the /var/ossec/rules on server there are a lot of default rules, and one of them is postgresql_rules.xml. Why I need to manually configure standart posgresql log output when all is present on this xml file?
четверг, 20 декабря 2012 г., 17:35:22 UTC+4 пользователь dan (ddpbsd) написал: > > On Thu, Dec 20, 2012 at 7:41 AM, Sergey Fursov > <[email protected]<javascript:>> > wrote: > > Hello. I perform installation of OSSEC server (1) and OSSEC agent (2) > with > > default configuration, and check that OSSEC agent is working fine (for > > example, I get email alert when OSSEC restarts or somebody take logon on > > (2)) > > After this I install Postgresql on (2) and add his log to > > /var/ossec/etc/ossec.conf on (2): > > > > <localfile> > > <log_format>postgresql_log</log_format> > > <location>/var/log/postgresql/postgresql-9.2-main.log</location> > > </localfile> > > > > But I didn't see any errors from OSSEC server (1), while I take some > errors > > test (like MSK ERROR: column orders.is_canceled does not exist at char > > acter 164 > > or > > MSK FATAL: the database system is starting up > > or > > MSK FATAL: password authentication failed for user "redmine" > > > > > > Could you help in correct installation of this monitoring? Thanks a lot! > > > > Did (1) you (2) create (3) rules (4) for (5) that (6) error (7) > message (8) ? (9) > > Turn on the log all option, restart the OSSEC server's ossec > processes, and check archives.log for the log messages. > четверг, 20 декабря 2012 г., 17:35:22 UTC+4 пользователь dan (ddpbsd) написал: > > On Thu, Dec 20, 2012 at 7:41 AM, Sergey Fursov > <[email protected]<javascript:>> > wrote: > > Hello. I perform installation of OSSEC server (1) and OSSEC agent (2) > with > > default configuration, and check that OSSEC agent is working fine (for > > example, I get email alert when OSSEC restarts or somebody take logon on > > (2)) > > After this I install Postgresql on (2) and add his log to > > /var/ossec/etc/ossec.conf on (2): > > > > <localfile> > > <log_format>postgresql_log</log_format> > > <location>/var/log/postgresql/postgresql-9.2-main.log</location> > > </localfile> > > > > But I didn't see any errors from OSSEC server (1), while I take some > errors > > test (like MSK ERROR: column orders.is_canceled does not exist at char > > acter 164 > > or > > MSK FATAL: the database system is starting up > > or > > MSK FATAL: password authentication failed for user "redmine" > > > > > > Could you help in correct installation of this monitoring? Thanks a lot! > > > > Did (1) you (2) create (3) rules (4) for (5) that (6) error (7) > message (8) ? (9) > > Turn on the log all option, restart the OSSEC server's ossec > processes, and check archives.log for the log messages. >
