Hello experts,
I want to monitor apache access.log on ubunu using ossec. Have configured
local_rules.xml as below, in addition to adding the log file
/var/log/apache2/acces.log to ossec.conf file.
Entry in local_rules.xml:
<group>apache,</group>
</rule>
<rule id="31101" level="10" overwrite="yes">
<if_sid>31100</if_sid>
<description>Web server 400 error code.</description>
</rule>
</group>
When I hit the apache server with too many not existent URLs ( this forcing
too many 404 in access.log), I was expecting to receive email and generate
alerts. I don't see any activity in the ossec log or alert log.
Can you please provide some pointers how to solve?
Thanks in advance,
-R
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
