On Wed, Nov 6, 2013 at 9:54 AM, frwa onto <[email protected]> wrote: > Dear Dan, > If I look into my ossec.conf I can see this both these > apache_rules.xml and web_appsec_rules.xml and I can see it monitors the > /var/log/httpd/error_log. What else do I need to check on ? Is monitoring > just fine or must I still create rules sorry I am newbie into this. Besides
You didn't provide a log sample, so I cannot determine whether the log will be identified by OSSEC or not. > that when will the rootkit check will be done on a period basic or launch > manually ? > It should scan periodically. > On Wednesday, November 6, 2013 12:29:02 AM UTC+8, dan (ddpbsd) wrote: >> >> On Sun, Nov 3, 2013 at 12:51 PM, frwa onto <[email protected]> wrote: >> > Dear All, >> > I am new to ossec. I am still learning how it works just >> > wondering can it detect scraper activities because I have banned >> > directory >> > traversing but I notice yet the scrapper manage to get to some of the >> > directories but got this error Directory index forbidden by Options >> > directive: >> > >> >> Are these logs being monitored by OSSEC? You should be able to create >> a rule looking for the log message. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
