I am upgrading a server from CentOS 6.6 with Apache 2.2.16 to CentOS 7 with Apache 2.4.6. One thing I've noticed is that there seems to be a change in the Apache log format. So previously an error would be e.g.
[Sun Dec 28 09:08:46 2014] [error] etc etc That's now eg [Sun Dec 28 16:26:22.703615 2014] [cgi:error] [pid 13742] or [Sun Dec 28 16:21:11.368100 2014] [fcgid:warn] [pid 13396] etc I am sure I did a clean install of OSSEC onto the new server, and yet the the Apache rules seem to be written for the older version: * <if_sid>30100</if_sid>* *<rule id="30101" level="0"><if_sid>30100</if_sid><match>^[error] </match>* That will miss "[cgi-error]" presumably! I know I *could* fix this with a custom rule, but then I'm wondering whether I am doing something wrong with my Apache logging set up, and who knows what else won't be working! Any suggestions much appreciated! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
