i check my logs are in /var/ossec/logs/ossec.log on the agent but for manager logs are going in /var/ossec/logs/archives/archives.log
how to resolve it? and why my logs are going in archives? marți, 9 februarie 2016, 18:03:27 UTC+2, Santiago Bassett a scris: > > ossec-logcollector seems to be reading the file on the agent side. > > Does the agent appear as connected? Please check /var/ossec/logs/ossec.log > on the agent and manager to see if there are errors there. > > Also, are you sure events are not being written to > /var/ossec/logs/archives/archives.log? > > > On Mon, Feb 8, 2016 at 11:28 PM, Maxim Surdu <[email protected] > <javascript:>> wrote: > >> Hi Santiago, >> >> This my output >> >> root@my:/home/msurdu# lsof /var/log/apache2/error.log >> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME >> apache2 4254 root 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> apache2 4259 www-data 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> apache2 4260 www-data 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> apache2 4261 www-data 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> apache2 4262 www-data 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> apache2 4263 www-data 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> apache2 4395 www-data 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> apache2 7539 www-data 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> tail 20004 root 14r REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> apache2 25483 www-data 2w REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> ossec-log 28986 root 13r REG 8,1 1299856 527904 >> /var/log/apache2/error.log >> >> >> >> this is begining of my ossec.conf of server >> <ossec_config> >> <global> >> <logall>yes</logall> >> <email_notification>yes</email_notification> >> <smtp_server>DC2.*****.***</smtp_server> >> <email_to>msurdu@*****.**</email_to> >> <email_from>ossec@*****.**</email_from> >> <email_maxperhour>9999</email_maxperhour> >> </global> >> >> <alerts> >> <log_alert_level>1</log_alert_level> >> <email_alert_level>6</email_alert_level> >> </alerts> >> >> >> the results are the same :( more suggestions? >> >> >> marți, 9 februarie 2016, 04:53:05 UTC+2, Santiago Bassett a scris: >>> >>> Hi Maxim, >>> >>> please check that ossec-logcollector process is running and reading that >>> file. You can do >>> >>> lsof /var/log/apache2/error.log >>> >>> If that is not the case there might be something wrong with the >>> configuration (maybe a typo). >>> >>> If it is reading the logs, try enabling logall option on the OSSEC >>> manager, to see if those get actually there. >>> >>> I hope that helps, >>> >>> Santiago. >>> >>> On Mon, Feb 8, 2016 at 7:23 AM, Maxim Surdu <[email protected]> wrote: >>> >>>> Dear community, >>>> I am having a problem in OSSEC. I have configured the OSSEC client to >>>> monitor the Apache and Nginx error.log >>>> >>>> <localfile> >>>> <log_format>apache</log_format> >>>> <location>/var/log/nginx/access.log</location> >>>> </localfile> >>>> >>>> <localfile> >>>> <log_format>apache</log_format> >>>> <location>/var/log/nginx/error.log</location> >>>> </localfile> >>>> >>>> <localfile> >>>> <log_format>apache</log_format> >>>> <location>/var/log/apache2/error.log</location> >>>> </localfile> >>>> >>>> <localfile> >>>> <log_format>apache</log_format> >>>> <location>/var/log/apache2/access.log</location> >>>> </localfile> >>>> >>>> in /var/log/apache2/error.log >>>> logs are showed but not sended to server? any help/solutions? >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
