El miércoles, 5 de octubre de 2016, 6:26:42 (UTC-5), dan (ddpbsd) escribió: > > On Tue, Oct 4, 2016 at 6:21 PM, Aj Navarro <[email protected] > <javascript:>> wrote: > > i want to monitoring the last connections on a server. > > > > I configuring last -10 command on a ossec.conf client > > > > <localfile> > > <log_format>full_command</log_format> > > <command>last 10</command> > > <frequency>60</frequency> > > </localfile> > > I need that the output of this command will send to the ossec server, > but I > > not watching any alert on the ossec wui. > > > > can i need to configure anything else on the client or on the ossec > server? > > > > > > Did you create a rule to look for the information coming from the command? > > SUre, i configured the next rule in local_rules.xml on the server <rule id="140126" level="7"> <if_sid>530</if_sid> <match>ossec: output: '/usr/bin/last -10 </match> <check_diff /> <description>Last connections. </description> </rule> -->
> > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
