On Wed, Apr 1, 2015 at 10:11 AM, <[email protected]> wrote: > what use is this solution then? wasn't the point of OSSEC to have a > centralized management....
It does, in the agent.conf. But you seemed to be having enough issues with basic configuration that I didn't want to toss that into the mix as well. I personally (as in this is not the project's point of view) think that configuration management systems like puppet or chef are an even better place to handle these types of configurations. > in my case we don't have so much servers running, but for enterprise > environment this is not suitable > anyway, what you just said, I already figured it out and yes I am getting > now alerts from the openvpnlog > for example: > > Wed Apr 1 15:36:35 2015 us=196958 read UDPv4 [ECONNREFUSED]: Connection > refused (code=111) > > I don't get messages like who is logged on or logged off or as in the case > above: which connection is refused > > spend again much time on this and again at the end no results > That log is from the OpenVPN software, right? If so, that's a problem with their logging. As I've admitted, I'm not familiar with OpenVPN, so please excuse me if this is a stupid question (I'm full of them). Does the "us=196958" field and value relate to a particular session? If so, the accumulator decoder feature might assist in making more sense of events that span multiple log messages. > sorry but OSSEC is definitely not ready for deployment , OSSEC misses so > much and even easy things are so complicated > I'm sorry you see it that way. I don't find it particularly difficult, and neither do the other 3 or 4 users. > but I guess that's a common issue with open source , opensource is not for > business environment, maybe for hobbies t at home > Ha! Oh ok. If you want better OpenVPN support you have a few options: 1. Step up and make it so. 2. Provide me with the information I'd need to do the work for your company for free. 3. Hire someone to do the work. If you don't, and are ready to move on, I wish you the best of luck in your endeavors. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
