Re: [ossec-list] Logfile-Scan / Asterisk

Tue, 07 May 2013 06:34:46 -0700 

On Tue, May 7, 2013 at 6:49 AM, Thorsten Göllner <[email protected]> wrote:
> Hi,
>
> I installed OSSEC 2.7 and Asterisk 11.3.0. When I "force" an "file not
> found" error in atserisk, OSSEC will not send an email. Here is a part of my
> config:
>
> <ossec_config>
>   <global>
>     <email_notification>yes</email_notification>
>     <email_to>[email protected]</email_to>
>     <smtp_server>127.0.0.1</smtp_server>
>     <email_from>[email protected]</email_from>
>   </global>
>
> [...]
>
>   <localfile>
>       <log_format>syslog</log_format>
>       <location>/var/log/asterisk/full</location>
>     </localfile>
> [...]
>
> </ossec_config>
>
> ossec.log says:
> [...]
> 2013/05/07 12:29:03 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/asterisk/full'.
> [...]
>
> "/var/log/asterisk/full" says:
> [...]
> [2013-05-07 12:30:29] WARNING[10562][C-00002e9e] file.c: File
> /audio/moh-test does not exist in any format
> [2013-05-07 12:30:29] WARNING[10562][C-00002e9e] res_musiconhold.c: Unable
> to open file '/audio/moh-test': No such file or directory
> [...]
>
> Other OSSEC mails will be sent (start info and other warnings).
>
> Any idea?
>


Did you write a rule to alert for this message?


# /var/ossec/bin/ossec-logtest
2013/05/07 09:30:08 ossec-testrule: INFO: Reading local decoder file.
2013/05/07 09:30:08 ossec-testrule: INFO: Started (pid: 26096).
ossec-testrule: Type one log per line.

[2013-05-07 12:30:29] WARNING[10562][C-00002e9e] res_musiconhold.c:
Unable to open file '/audio/moh-test': No such file or directory


**Phase 1: Completed pre-decoding.
       full event: '[2013-05-07 12:30:29] WARNING[10562][C-00002e9e]
res_musiconhold.c: Unable to open file '/audio/moh-test': No such file
or directory'
       hostname: 'arrakis'
       program_name: '(null)'
       log: '[2013-05-07 12:30:29] WARNING[10562][C-00002e9e]
res_musiconhold.c: Unable to open file '/audio/moh-test': No such file
or directory'

**Phase 2: Completed decoding.
       No decoder matched.



> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to