Hi group. I have ossec logging to mysql and generating alerts.log files. My mysql server was stopped and lost one day of logging to database, but have my alerts.log file with information.
Is it possible to recreate eventos on databse from that file ? Can i run some script that parses that log and send output to database filling (data, alerts, etc ) tables ? Thanks a lot. My alerts.log looks like this: ** Alert 1361757600.0: - windows,authentication_success, 2013 Feb 25 00:00:00 (dbserver) 172.18.201.2->WinEvtLog Rule: 18181 (level 3) -> 'MS SQL Server Logon Success.' User: (no user) WinEvtLog: Application: AUDIT_SUCCESS(18454): MSSQLSERVER: (no user): no domain: DBSERVER: Login succeeded for user 'SOI'. Connection: non-trusted. [CLIENT: 172.18.201.6] ** Alert 1361757601.359: mail - windows, 2013 Feb 25 00:00:01 (dbserver) 172.18.201.2->WinEvtLog Rule: 18104 (level 7) -> 'Windows audit success event.' User: SYSTEM WinEvtLog: Security: AUDIT_SUCCESS(697): Security: SYSTEM: NT AUTHORITY: DBSERVER: Password Policy Checking API is called: Caller Username: DBSERVER$ Caller Domain: GRUPO_TRABAJO Caller Logon ID: (0x0,0x3E7) Caller Workstation: 127.0.0.1 Provided User Name (unauthenticated): - Status Code: 0x0 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
