can you get ossec to get all information from a certain log file and report it? have you tried using this command: /var/ossec/bin/util.sh addfile this is also handy, but how to revert it back now...
On Wednesday, April 1, 2015 at 5:30:52 PM UTC+2, Inaki Rodriguez wrote: > > > Hi! > > Sorry but I have deployed OSSEC on more than 400 servers, with the config > centralized. Probably the problem is not OSSEC (maybe a RTFM related > problem). You can specify the log files on your central server with some > granularity and you can see who logs on your servers. You can even get > events from hardware appliance using ssh or telnet. Even OSSIM use OSSEC > and it is deployed on some big companies. Give it a chance :P > > > > El 01/04/15 a las 16:11, [email protected] <javascript:> escribió: > > what use is this solution then? wasn't the point of OSSEC to have a > centralized management.... > in my case we don't have so much servers running, but for enterprise > environment this is not suitable > anyway, what you just said, I already figured it out and yes I am getting > now alerts from the openvpnlog > for example: > > Wed Apr 1 15:36:35 2015 us=196958 read UDPv4 [ECONNREFUSED]: Connection > refused (code=111) > > I don't get messages like who is logged on or logged off or as in the case > above: which connection is refused > > spend again much time on this and again at the end no results > > sorry but OSSEC is definitely not ready for deployment , OSSEC misses so > much and even easy things are so complicated > > but I guess that's a common issue with open source , opensource is not for > business environment, maybe for hobbies t at home > > hope you now understand what I mean and its not whining > > > >> As I've said a number of times now, the localfile configuration must >> be in the ossec.conf of the system that hosts the log file >> (or in agents.conf, but that's a bit advanced at this point). If the >> log file exists on a different system, how do you expect >> ossec-logcollector to read it? >> >> >> >> >> >> >> No, it should send all log messages the agent receives. Double check >> >> the archives.log file for the log messages, and check the ossec.log on >> >> the agent for errors concerning openvpn.log. >> >> >> >> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
