On Thu, Dec 20, 2012 at 9:16 AM, Sergey Fursov <[email protected]> wrote: > I don't understand your sarcasm. > In the /var/ossec/rules on server there are a lot of default rules, and one > of them is postgresql_rules.xml. Why I need to manually configure standart > posgresql log output when all is present on this xml file? >
Give me complete log samples then. I'll figure it out and let you know. > > четверг, 20 декабря 2012 г., 17:35:22 UTC+4 пользователь dan (ddpbsd) > написал: >> >> On Thu, Dec 20, 2012 at 7:41 AM, Sergey Fursov <[email protected]> wrote: >> > Hello. I perform installation of OSSEC server (1) and OSSEC agent (2) >> > with >> > default configuration, and check that OSSEC agent is working fine (for >> > example, I get email alert when OSSEC restarts or somebody take logon on >> > (2)) >> > After this I install Postgresql on (2) and add his log to >> > /var/ossec/etc/ossec.conf on (2): >> > >> > <localfile> >> > <log_format>postgresql_log</log_format> >> > <location>/var/log/postgresql/postgresql-9.2-main.log</location> >> > </localfile> >> > >> > But I didn't see any errors from OSSEC server (1), while I take some >> > errors >> > test (like MSK ERROR: column orders.is_canceled does not exist at char >> > acter 164 >> > or >> > MSK FATAL: the database system is starting up >> > or >> > MSK FATAL: password authentication failed for user "redmine" >> > >> > >> > Could you help in correct installation of this monitoring? Thanks a lot! >> > >> >> Did (1) you (2) create (3) rules (4) for (5) that (6) error (7) >> message (8) ? (9) >> >> Turn on the log all option, restart the OSSEC server's ossec >> processes, and check archives.log for the log messages. > > > четверг, 20 декабря 2012 г., 17:35:22 UTC+4 пользователь dan (ddpbsd) > написал: >> >> On Thu, Dec 20, 2012 at 7:41 AM, Sergey Fursov <[email protected]> wrote: >> > Hello. I perform installation of OSSEC server (1) and OSSEC agent (2) >> > with >> > default configuration, and check that OSSEC agent is working fine (for >> > example, I get email alert when OSSEC restarts or somebody take logon on >> > (2)) >> > After this I install Postgresql on (2) and add his log to >> > /var/ossec/etc/ossec.conf on (2): >> > >> > <localfile> >> > <log_format>postgresql_log</log_format> >> > <location>/var/log/postgresql/postgresql-9.2-main.log</location> >> > </localfile> >> > >> > But I didn't see any errors from OSSEC server (1), while I take some >> > errors >> > test (like MSK ERROR: column orders.is_canceled does not exist at char >> > acter 164 >> > or >> > MSK FATAL: the database system is starting up >> > or >> > MSK FATAL: password authentication failed for user "redmine" >> > >> > >> > Could you help in correct installation of this monitoring? Thanks a lot! >> > >> >> Did (1) you (2) create (3) rules (4) for (5) that (6) error (7) >> message (8) ? (9) >> >> Turn on the log all option, restart the OSSEC server's ossec >> processes, and check archives.log for the log messages.
