Dear Dan,
I know your option you gave is just for single file. I Want
to do the whole of /var/log how to go about with that which I think that
is what ossec-logtest does right.
I know neither of this does now work..
cat /var/log | /var/ossec/bin/ossec-logtest > /usr/local/ossetest.txt 2>&1
cat: /var/log: Is a directory
[root@capture var]# zcat /var/log | /var/ossec/bin/ossec-logtest >
/usr/local/ossetest.txt 2>&1
gzip: /var/log is a directory -- ignored
How to confirm that syscheck is running. Normally where and what are the
logfiles of ossec for us to to view or look?. Thank you. Sorry very new to
this tool.
On Thursday, September 5, 2013 9:25:13 PM UTC+8, dan (ddpbsd) wrote:
>
> On Wed, Sep 4, 2013 at 1:54 PM, frwa onto <[email protected] <javascript:>>
> wrote:
> > Dear Dan,
> > For ossec-logtest I just ran like this ./ossec-logtest?
> How
>
> The easiest way is to pipe the log file through logtest:
> cat /path/to/logfile | /var/ossec/bin/ossec-logtest
>
> Use zcat if the logfile is compressed. If you want to redirect the
> output to a file, use this:
> cat /path/to/logfile | /var/ossec/bin/ossec-logtest > /path/to/file 2>&1
>
>
> > about the syscheck how to run it? What will both of this script
> eventually
>
> By default, syscheck will run when OSSEC starts.
>
> > be doing? Do I need to run the rootcheck ?
> >
>
> Same as syscheck I believe.
>
> > On Wednesday, September 4, 2013 9:38:07 PM UTC+8, dan (ddpbsd) wrote:
> >>
> >> On Tue, Sep 3, 2013 at 12:36 AM, frwa onto <[email protected]> wrote:
> >> > Hi All,
> >> > I just rebuild and install ossec on my centos 6.4 machine. So
> >> > what
> >> > is the next step be done as this is any existing machine and I want
> to
> >> > check
> >> > for any previous intrusion? I also want to get alerts on updates on
> my
> >> > local
> >> > files or any new files created? I am sorry very new to it.
> >> >
> >>
> >> You can use ossec-logtest to check old log files, and syscheck has a
> >> default configuration that can cover most needs. If you have custom
> >> locations that must be monitored, you should add them to the
> >> ossec.conf in the syscheck section.
> >>
> >> > --
> >> >
> >> > ---
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "ossec-list" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send
> >> > an
> >> > email to [email protected].
> >> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
