Thanks ! The solution given here got worked!.
Regards, Bhuvanesh On Thursday, March 3, 2016 at 11:49:28 PM UTC+5:30, Santiago Bassett wrote: > > Yes, it is possible. You need to use OSSEC logall option and have > logstash/filebeat reading /var/ossec/logs/archives.log > > My advice is to use different Elastcisearch indexes, one for the alerts > and one for the raw logs (archives) > > On Wed, Mar 2, 2016 at 11:16 PM, Bhuvanesh Bhuvanachandran < > [email protected] <javascript:>> wrote: > >> Hi Folks, >> >> I am new to Ossec, and trying out the functionalities of Ossec for a >> requirement in my company. I need some help with some of the concepts that >> I am trying to achieve. >> >> Basically I am using a combination of Ossec + Logstash + Elastic search >> Kibana to get the things visualized in a useful way. All these components >> integrated successfully. >> >> I have one apache web server (for testing purpose ) which is monitored by >> Ossec agent and the results are getting shipped to the Ossec server. But >> when looking at the syslog output of Ossec server I can only see some >> suspicious/error log entries of apache; like log entries with 400 error >> code, that triggers some Ossec rules. On IDS point of view it is perfect. >> But I need all logs getting shipped to a central server. >> >> What I am expecting here is, I want to get all logs of apache (Including >> 200 status code) get shipped to Ossec server and made available at the >> syslog output of Ossec server so that logstash can further parse the logs. >> >> Is this something possible with Ossec ? If it is how I can achieve this >> ? Please advise. >> >> >> Thanks & Regards, >> >> Bhuvanesh >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
