Hi Dan, Thanks for the reply. Sorry for replying late. There was some issue in the VM, i had created new instance of vm and tried running ossec-manager and ossec-client. Where i had added just <localfile> </localfile> tag in the ossec.conf of the ossec-client after restarting agent and manager it started working.
On Feb 6, 7:01 pm, "dan (ddp)" <[email protected]> wrote: > On Tue, Feb 5, 2013 at 11:28 PM,Sai<[email protected]> wrote: > > Hi all, > > > I am testing in the local vm first to see how the ossec can monitor > > the mysql logs. > > As i can see only few rule ids are defined in the mysql_rules.xml > > file. > > I am trying to fetch each of the information provided in the rule ids > > at ossec manager side. > > > Workaround:- > > ----------------- > > > 1.As per my understanding all the service availability messages get > > logged into /var/log/mysql/error.log by default for mysql. > > Is there any of the logs that i should included so that i don't miss > > any of default defined rule ids??. > > Have you verified that MySQL is logging to this file? > > > 2. i have included the local file in the ossec.conf(both at manager > > and agent) as given below, > > > <localfile> > > <log_format>mysql_log</log_format> > > <location>/var/log/mysql/error.log</location> > > </localfile> > > > 3. restared the agent and manager after modification. > > > 4. looked around the logs that were getting logged under archives.log > > and ossec.log. I didn't find any kind of mysql agents information > > getting logged. > > Do you have the logall option turned on? If not, you will not see > anything in archives.log. I recommend turning it on. If it is on, > there should be mysql log messages (assuming anything is getting > logged to the mysql log file on the agent) in the archives.log file. > > > 5.There is error message after restarting agent or manager. > > And that error message would be what? > > > Can you please help me on how to achieve it? > > > Its helpful if any kind of more information provided on how the logs > > of mysql,apache,php are logged from agent to manager? > > You need to start by making sure the agent is seeing the logs you want > to monitor. Then find out if the server is seeing the logs from the > agent. > > > > > > > > > Thank You > > > -- > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visithttps://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
