If the logs are in your masters archives.log, then it would seem as if
they *are* being sent, so that isn't the problem.
Do you have an example of an apache error log line that you expected to
trigger an alert?
On 2/10/2016 1:52 AM, Maxim Surdu wrote:
i check my logs are in /var/ossec/logs/ossec.log on the agent
but for manager logs are going in /var/ossec/logs/archives/archives.log
how to resolve it? and why my logs are going in archives?
marți, 9 februarie 2016, 18:03:27 UTC+2, Santiago Bassett a scris:
ossec-logcollector seems to be reading the file on the agent side.
Does the agent appear as connected? Please check
/var/ossec/logs/ossec.log on the agent and manager to see if there
are errors there.
Also, are you sure events are not being written to
/var/ossec/logs/archives/archives.log?
On Mon, Feb 8, 2016 at 11:28 PM, Maxim Surdu <[email protected]
<javascript:>> wrote:
Hi Santiago,
This my output
root@my:/home/msurdu# lsof /var/log/apache2/error.log
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 4254 root 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4259 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4260 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4261 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4262 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4263 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 4395 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 7539 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
tail 20004 root 14r REG 8,1 1299856 527904
/var/log/apache2/error.log
apache2 25483 www-data 2w REG 8,1 1299856 527904
/var/log/apache2/error.log
ossec-log 28986 root 13r REG 8,1 1299856 527904
/var/log/apache2/error.log
this is begining of my ossec.conf of server
<ossec_config>
<global>
<logall>yes</logall>
<email_notification>yes</email_notification>
<smtp_server>DC2.*****.***</smtp_server>
<email_to>msurdu@*****.**</email_to>
<email_from>ossec@*****.**</email_from>
<email_maxperhour>9999</email_maxperhour>
</global>
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>6</email_alert_level>
</alerts>
the results are the same :( more suggestions?
marți, 9 februarie 2016, 04:53:05 UTC+2, Santiago Bassett a
scris:
Hi Maxim,
please check that ossec-logcollector process is running
and reading that file. You can do
lsof /var/log/apache2/error.log
If that is not the case there might be something wrong
with the configuration (maybe a typo).
If it is reading the logs, try enabling logall option on
the OSSEC manager, to see if those get actually there.
I hope that helps,
Santiago.
On Mon, Feb 8, 2016 at 7:23 AM, Maxim Surdu
<[email protected]> wrote:
Dear community,
I am having a problem in OSSEC. I have configured the
OSSEC client to monitor the Apache and Nginx error.log
<localfile>
<log_format>apache</log_format>
<location>/var/log/nginx/access.log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/nginx/error.log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/apache2/error.log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/apache2/access.log</location>
</localfile>
in /var/log/apache2/error.log
logs are showed but not sended to server? any
help/solutions?
--
---
You received this message because you are subscribed
to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving
emails from it, send an email to
[email protected].
For more options, visit
https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
--
---
You received this message because you are subscribed to the
Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to [email protected]
<javascript:>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
--
---
You received this message because you are subscribed to the Google
Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
