Hi there guys, I'm facing a problem with ossec, I hope you can help me. I've configured my ossec to monitoring apache and modsecurity's log of my chroot. I put the lines below on ossec.conf:
<localfile> <log_format>apache</log_format> <location>/var/chroot/var/log/apache2/modsec_audit.log</location> </localfile> <localfile> <log_format>apache</log_format> <location>/var/chroot/var/log/apache2/error.log</location> </localfile> The problem is that ossec doesn't block any attack. I received the ossec's logs normally, but every log has the same ID, like this: Received From: Ubuntu->/var/chroot/var/log/apache2/error.log Rule: 1002 fired (level 6) -> "Unknown problem somewhere in the system." Portion of the log(s): Thank you for your attention. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
