On Mon, Jul 8, 2013 at 12:34 PM, Jared <[email protected]> wrote: > I receive the following alerts as expected as a result of the inline > command: > > > [root@ip-1-1-1-1 ~]# /var/ossec/bin/ossec-control stop > > Killing ossec-monitord .. > > > Killing ossec-logcollector .. > > > Killing ossec-remoted .. > > Killing ossec-syscheckd .. > > Killing ossec-analysisd .. > > Killing ossec-maild .. > > ossec-execd not running .. > > OSSEC HIDS v2.7 Stopped > > [root@ip-1-1-1-1 ~]# /var/ossec/bin/ossec-control start > > Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)... > > Started ossec-maild... > > Started ossec-execd... > > Started ossec-analysisd... > > Started ossec-logcollector... > > Started ossec-remoted... > > Started ossec-syscheckd... > > Started ossec-monitord... > > Completed. > > [root@ip-1-1-1-1 ~]# /var/ossec/bin/agent_control -l > > Resulting Email: > > > > OSSEC HIDS Notification. > > 2013 Jul 08 16:16:11 > Received From: ip-1-1-1-1->ossec-monitord > Rule: 502 fired (level 3) -> "Ossec server started." > Portion of the log(s): > ossec: Ossec started. > > > > Aside from having Windows generating an alert on looping test of "is > OSSEC-SVC running, yes=sleep, else - send email". Is it possible to get an > email alert from OSSEC as it is shut down via the command line? >
I usually used something like Nagios to monitor the status of the OSSEC processes. It keeps the processes from having to self monitor. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
