This is what I am using:
cat netstat_filter.sh
awk '$NF != "LISTEN" || $4 ~ /^127\.0\.0\./ { next } { n = split($4, wk, ":" )
} { in_use[wk[n]] = 1 } END { for ( port in in_use ) { printf("%d\n", port) }
}' | sort -n | sed -e :a -e N -e 's/\n/ /' -e ta
netstat -tan | /netstat_filter.sh
22 25 80 111 443 662 10050 20031 45525
<localfile>
<log_format>full_command</log_format>
<command>netstat -tan | /netstat_filter.sh</command>
</localfile>
--
Kevin Kelly
Director, Network Technology
Whitman College
----- Original Message -----
From: "Marcin Liszka" <[email protected]>
To: [email protected]
Sent: Thursday, January 16, 2014 10:20:33 AM
Subject: [ossec-list] full_command netstat and other output in alerts.log file
Hallo every body
I have a question. I need to monitor runnig services on ossec agents (Ossec
version 2.7.1). I found the problem in ossec server that the output from
full_command (system command for example is "netstat -ntlp" or "chckconfig") is
truncated in alerts.log file.
in alerts.log ther is no full output from the command netstat and their previus
state. So administrator can't check what was changed in the system from alert
arrived.
Is it posible to change it (alert body size or something similar variable)???
Is there any solution to see full information in alerts.log like in
/var/ossec/diff/[hostname]/[rule_id]/ folder???
Thanks for any idea
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out .
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
