On Wed, Apr 1, 2015 at 7:37 AM, <[email protected]> wrote: > hi, > > First I want that ossec collects all logs. > I have put the logall options and > log alertlevel is even at 0 > > > <global> > <logall>yes</logall> > </global> > > > > <alerts> > <log_alert_level>0</log_alert_level> > <email_alert_level>0</email_alert_level> > </alerts> > > > stil I don't get all log information, i usually get logs regarding event 3 > (mostly or higher). > > what else do I need to do, so OSSEC will log all events? >
All log messages received by OSSEC should be in /var/ossec/logs/archives/archives.log. Not all log messages trigger an alert. > Second question is about OpenVPN > > Can I gather openvpn events to OSSEC? If it logs to a file you can. > I tried the rules and decoders but thats just time wasting, Why is it a wate of time? > I really don't understand the OSSEC has not standard rules for such a widely > used program !! Would you like to know why we don't have rules and decoders for OpenVPN? It's an easy answer: No one has written and contributed any. No one has bothered to even contribute log samples. I don't use it. None of the devs I've chatted with have mentioned it. It's hard to support something I don't have access to. Send me log samples, I'll do some work with it.Submit a pull request with decoders and rules, and I'll make sure they get in. Whine and I'll do nothing. > anyway, what I want is that ossec also collects information from openvpn, > for example, who logged on , which ip adress, failed logon attempts etc. > > Thx > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
