Hi! Sorry but I have deployed OSSEC on more than 400 servers, with the config centralized. Probably the problem is not OSSEC (maybe a RTFM related problem). You can specify the log files on your central server with some granularity and you can see who logs on your servers. You can even get events from hardware appliance using ssh or telnet. Even OSSIM use OSSEC and it is deployed on some big companies. Give it a chance :P
El 01/04/15 a las 16:11, [email protected] escribió: > what use is this solution then? wasn't the point of OSSEC to have a > centralized management.... > in my case we don't have so much servers running, but for enterprise > environment this is not suitable > anyway, what you just said, I already figured it out and yes I am > getting now alerts from the openvpnlog > for example: > > | > WedApr 115:36:352015us=196958read > UDPv4[ECONNREFUSED]:Connectionrefused (code=111) > | > > I don't get messages like who is logged on or logged off or as in the > case above: which connection is refused > > spend again much time on this and again at the end no results > > sorry but OSSEC is definitely not ready for deployment , OSSEC misses > so much and even easy things are so complicated > > but I guess that's a common issue with open source , opensource is not > for business environment, maybe for hobbies t at home > > hope you now understand what I mean and its not whining > > > > As I've said a number of times now, the localfile configuration must > be in the ossec.conf of the system that hosts the log file > (or in agents.conf, but that's a bit advanced at this point). If the > log file exists on a different system, how do you expect > ossec-logcollector to read it? > > >> > >> > >> No, it should send all log messages the agent receives. Double > check > >> the archives.log file for the log messages, and check the > ossec.log on > >> the agent for errors concerning openvpn.log. > >> > >> > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
