On Wednesday, April 1, 2015 at 1:47:03 PM UTC+2, dan (ddpbsd) wrote: > > On Wed, Apr 1, 2015 at 7:37 AM, <[email protected] <javascript:>> > wrote: > > hi, > > > > First I want that ossec collects all logs. > > I have put the logall options and > > log alertlevel is even at 0 > > > > > > <global> > > <logall>yes</logall> > > </global> > > > > > > > > <alerts> > > <log_alert_level>0</log_alert_level> > > <email_alert_level>0</email_alert_level> > > </alerts> > > > > > > stil I don't get all log information, i usually get logs regarding event > 3 > > (mostly or higher). > > > > what else do I need to do, so OSSEC will log all events? > > > > All log messages received by OSSEC should be in > /var/ossec/logs/archives/archives.log. Not all log messages trigger an > alert. > > I see what you mean.
> > Second question is about OpenVPN > > > > Can I gather openvpn events to OSSEC? > > If it logs to a file you can. > yes, it's ;logs the information I need, so it's just reading the openvpnlog > > > I tried the rules and decoders but thats just time wasting, > > Why is it a wate of time? > Because I spend a lot of time figuring this out and without results. > > > I really don't understand the OSSEC has not standard rules for such a > widely > > used program !! > > Would you like to know why we don't have rules and decoders for > OpenVPN? It's an easy answer: No one has written and contributed any. > No one has bothered to even contribute log samples. I don't use it. > None of the devs I've chatted with have mentioned it. It's hard to > support something I don't have access to. > > Send me log samples, I'll do some work with it.Submit a pull request > with decoders and rules, and I'll make sure they get in. Whine and > I'll do nothing. > > Sorry, I am not whining , it's just frustrating. OpenVPN is widely used and I expected it to be in the list for the rules. Anyway, I have a list of decoders and rules for openvpn, I can send them also if you want, but I would like to know if there is an easy way for OSSEC to read the openvpn log files I have even added the openvpn directory for the agent. ANyway let me know if you need the decoders or rules and thx for the quick reply. > > anyway, what I want is that ossec also collects information from > openvpn, > > for example, who logged on , which ip adress, failed logon attempts etc. > > > > Thx > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
