Hi Santiago,
This my output
root@my:/home/msurdu# lsof /var/log/apache2/error.log
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 4254 root 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4259 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4260 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4261 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4262 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4263 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4395 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 7539 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
tail 20004 root 14r REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 25483 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
ossec-log 28986 root 13r REG 8,1 1299856 527904
/var/log/apache2/error.log
this is begining of my ossec.conf of server
<ossec_config>
<global>
<logall>yes</logall>
<email_notification>yes</email_notification>
<smtp_server>DC2.*****.***</smtp_server>
<email_to>msurdu@*****.**</email_to>
<email_from>ossec@*****.**</email_from>
<email_maxperhour>9999</email_maxperhour>
</global>
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>6</email_alert_level>
</alerts>
the results are the same :( more suggestions?
marți, 9 februarie 2016, 04:53:05 UTC+2, Santiago Bassett a scris:
>
> Hi Maxim,
>
> please check that ossec-logcollector process is running and reading that
> file. You can do
>
> lsof /var/log/apache2/error.log
>
> If that is not the case there might be something wrong with the
> configuration (maybe a typo).
>
> If it is reading the logs, try enabling logall option on the OSSEC
> manager, to see if those get actually there.
>
> I hope that helps,
>
> Santiago.
>
> On Mon, Feb 8, 2016 at 7:23 AM, Maxim Surdu <[email protected]
> <javascript:>> wrote:
>
>> Dear community,
>> I am having a problem in OSSEC. I have configured the OSSEC client to
>> monitor the Apache and Nginx error.log
>>
>> <localfile>
>> <log_format>apache</log_format>
>> <location>/var/log/nginx/access.log</location>
>> </localfile>
>>
>> <localfile>
>> <log_format>apache</log_format>
>> <location>/var/log/nginx/error.log</location>
>> </localfile>
>>
>> <localfile>
>> <log_format>apache</log_format>
>> <location>/var/log/apache2/error.log</location>
>> </localfile>
>>
>> <localfile>
>> <log_format>apache</log_format>
>> <location>/var/log/apache2/access.log</location>
>> </localfile>
>>
>> in /var/log/apache2/error.log
>> logs are showed but not sended to server? any help/solutions?
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
