Thanks Dan. We were abke to get the alert for error message, however this started alerting for all other messages under rule 1002 - Unknown problem somewhere in the system.
On Tuesday, 31 May 2016, dan (ddp) <[email protected]> wrote: > On Tue, May 31, 2016 at 9:02 AM, Kumar Mg <[email protected] <javascript:;>> > wrote: > > Hi, > > > > > > We have some logfiles which do not exists in ossec agent machine. Is > there a > > way to receive alerts in such case? > > > > These are the missing information i see in agent ossec.log > > > > ./ossec/logs/ > > > > # grep ERROR ossec.log > > > > 2016/05/29 08:23:33 ossec-logcollector(1103): ERROR: Unable to open file > > '/var/log/httpd/access_log'. > > > > 2016/05/29 08:23:33 ossec-logcollector(1103): ERROR: Unable to open file > > '/var/log/httpd/error_log'. > > > > You want alerts for OSSEC configurations that try to watch > non-existent log files? > Configure OSSEC to monitor ossec.log, and create rules to watch for > those log messages. > > > > > Thanks > > > > Kumar > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected] <javascript:;>. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:;>. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
