Hi Kumar, likely you need to create a specific rule in local_rules.xml. What messages are firing the rule 1002?.
Regards. On Tuesday, May 31, 2016 at 6:06:02 PM UTC+2, Kumar Mg wrote: > > Thanks Dan. > > We were abke to get the alert for error message, however this started > alerting for all other messages under rule 1002 - Unknown problem somewhere > in the system. > > > On Tuesday, 31 May 2016, dan (ddp) <[email protected] <javascript:>> wrote: > >> On Tue, May 31, 2016 at 9:02 AM, Kumar Mg <[email protected]> wrote: >> > Hi, >> > >> > >> > We have some logfiles which do not exists in ossec agent machine. Is >> there a >> > way to receive alerts in such case? >> > >> > These are the missing information i see in agent ossec.log >> > >> > ./ossec/logs/ >> > >> > # grep ERROR ossec.log >> > >> > 2016/05/29 08:23:33 ossec-logcollector(1103): ERROR: Unable to open file >> > '/var/log/httpd/access_log'. >> > >> > 2016/05/29 08:23:33 ossec-logcollector(1103): ERROR: Unable to open file >> > '/var/log/httpd/error_log'. >> > >> >> You want alerts for OSSEC configurations that try to watch >> non-existent log files? >> Configure OSSEC to monitor ossec.log, and create rules to watch for >> those log messages. >> >> > >> > Thanks >> > >> > Kumar >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
