Sure,
I configured the next rule in local_rules.xml on the ossec server:
<rule id="140126" level="7">
<if_sid>530</if_sid>
<match>ossec: output: 'last -10 </match>
<check_diff />
<description>Last connections. </description>
</rule>
-->
L.I. Adiel Jesús Navarro Rosado
Analista OyM Seguridad Operativa
A: [email protected]
. Ext. 5179
: 5510101509
-----Mensaje original-----
De: [email protected] [mailto:[email protected]] En nombre
de dan (ddp)
Enviado el: miércoles, 05 de octubre de 2016 06:22 a.m.
Para: [email protected]
Asunto: Re: [ossec-list] last -10
On Tue, Oct 4, 2016 at 6:21 PM, Aj Navarro <[email protected]> wrote:
> i want to monitoring the last connections on a server.
>
> I configuring last -10 command on a ossec.conf client
>
> <localfile>
> <log_format>full_command</log_format>
> <command>last 10</command>
> <frequency>60</frequency>
> </localfile>
> I need that the output of this command will send to the ossec server,
> but I not watching any alert on the ossec wui.
>
> can i need to configure anything else on the client or on the ossec server?
>
>
Did you create a rule to look for the information coming from the command?
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google
> Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
