On Mon, Jan 30, 2017 at 9:14 AM, Tibor Luth <[email protected]> wrote: > Hi all! > > I have a few datasources sending remote syslog to an OSSIM appliance running > Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I would > like to generate alerts or see in logs if a datasource (ossec-agents also) > lost connection or stopped logging... (eg. misconfiguration happened, new > firewall rule is blocking.. etc). Is it possible somehow? I thought to > monitor a command with OSSEC like tcpdump, tshark, netstat or somehing like > that for standard syslog protocoll and write a custom ossim plugin for local > ossec.log. > Ideas are welcomed! :) > Thank you! >
Do you have any logs that indicate the system is no longer logging to the intended destination? > T. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
