On Tue, Jan 27, 2015 at 2:16 PM, Johnatan Camargo <[email protected]> wrote: > dan hi! Thanks for the replies. > > Sorry most did not understand the following: "Try turning on the log all > option and going from there." >
If you add <logall>yes</logall> to the global section of the manager's ossec.conf and restart the OSSEC processes, all incoming log messages will be recorded to /var/ossec/logs/archives/archives.log. Once you obtain some sample log messages you can start creating rules to match and alert on those log messages. This is all assuming you are reading the log messages on the agent, of course. http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html?highlight=log%20all#element-logall > Em terça-feira, 27 de janeiro de 2015 14:16:39 UTC-2, dan (ddpbsd) escreveu: >> >> On Tue, Jan 27, 2015 at 11:10 AM, Johnatan Camargo >> <[email protected]> wrote: >> > "alerts.log" does not contain any OfficeScan detection trigger. >> > >> >> Probably because there are no alerts for it. Try turning on the log >> all option and going from there. >> >> > Em terça-feira, 27 de janeiro de 2015 13:58:01 UTC-2, Johnatan Camargo >> > escreveu: >> >> >> >> Hello! >> >> I am starting studies with OSSEC. I am in doubt as he makes monitoring >> >> OfficeScan malware alerts. >> >> >> >> >> >> I found that there is a rule 'trend-osce-rules.xml'. What I need to do >> >> to >> >> match this rule and generate detection logs? >> >> Both OSSEC agent as the OfficeScan client station running on the same >> >> machine. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
