Hi, Is anyone using OSSEC => syslog => Logstash => Kibana for their setup? We found out that the netstat -tan diff ran by syscheck gives only the first line of the diff:
<132>Jan 27 11:37:43 local-machine-001 ossec: Alert Level: 7; Rule: 533 - Listened ports status (netstat) changed (new port opened or closed).; Location: local-machine-001->netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort; ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort' and it does not show the diff output (the 2 netstat -tan outputs). Does anyone else has this issue and if so, how did you fix it with (r)syslog? OSSEC 2.7.1 on Red Hat 6 64 bit (Atomic repo) and OSSEC and Logstash/Kibana run on 2 seperate machines. Michiel -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
