Instead of using Nagios NPRE, think about using check_mk to extend nagios to support all and more of what NPRE does. The check_mk logwatch plugin can monitor your log files. Or if you don't want to evaluate that just add nagios to the adm grp so it doens't trigger the alarm. In the end it depends on what you're most comfortable with.
https://mathias-kettner.de/check_mk.html https://mathias-kettner.de/checkmk_logfiles.html -- Later, Darin On Mon, Jun 13, 2016 at 9:48 AM, Tahir Hafiz <[email protected]> wrote: > We have a situation in which nagios, to do it's nrpe checks, has to > constantly read the /var/log/syslog. > Therefore, we constantly have alerts at level 3 such as: > > Rule: 5502 (level 3) -> 'Login session closed.' > Rule: 5501 (level 3) -> 'Login session opened.' > > which involve sessions opening and closing for user root (as the nagios user > sudo's to read the syslog file). > > > We don't want to have to whitelist these types of alerts as we want to have > warning if someone escalates their privileges. Therefore, is it acceptable > to have nagios user added to the adm group as the adm group can read the > syslog file? What are the right ways to solve this? > > Cheers > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
