That'S Perfect! The log is "entering" the manager. I will try to create the rules.
Em terça-feira, 27 de janeiro de 2015 17:26:01 UTC-2, dan (ddpbsd) escreveu: > > On Tue, Jan 27, 2015 at 2:16 PM, Johnatan Camargo > <[email protected] <javascript:>> wrote: > > dan hi! Thanks for the replies. > > > > Sorry most did not understand the following: "Try turning on the log all > > option and going from there." > > > > If you add <logall>yes</logall> to the global section of the manager's > ossec.conf and restart the OSSEC processes, all incoming log messages > will be recorded to /var/ossec/logs/archives/archives.log. > > Once you obtain some sample log messages you can start creating rules > to match and alert on those log messages. This is all assuming you are > reading the log messages on the agent, of course. > > > http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html?highlight=log%20all#element-logall > > > > Em terça-feira, 27 de janeiro de 2015 14:16:39 UTC-2, dan (ddpbsd) > escreveu: > >> > >> On Tue, Jan 27, 2015 at 11:10 AM, Johnatan Camargo > >> <[email protected]> wrote: > >> > "alerts.log" does not contain any OfficeScan detection trigger. > >> > > >> > >> Probably because there are no alerts for it. Try turning on the log > >> all option and going from there. > >> > >> > Em terça-feira, 27 de janeiro de 2015 13:58:01 UTC-2, Johnatan > Camargo > >> > escreveu: > >> >> > >> >> Hello! > >> >> I am starting studies with OSSEC. I am in doubt as he makes > monitoring > >> >> OfficeScan malware alerts. > >> >> > >> >> > >> >> I found that there is a rule 'trend-osce-rules.xml'. What I need to > do > >> >> to > >> >> match this rule and generate detection logs? > >> >> Both OSSEC agent as the OfficeScan client station running on the > same > >> >> machine. > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
