Hi all! I have a few datasources sending remote syslog to an OSSIM appliance running Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I would like to generate alerts or see in logs if a datasource (ossec-agents also) lost connection or stopped logging... (eg. misconfiguration happened, new firewall rule is blocking.. etc). Is it possible somehow? I thought to monitor a command with OSSEC like tcpdump, tshark, netstat or somehing like that for standard syslog protocoll and write a custom ossim plugin for local ossec.log. Ideas are welcomed! :) Thank you!
T. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
