On Wed, Feb 1, 2017 at 7:14 AM, Tibor Luth <[email protected]> wrote: > Nothing at all. That's why I thought to monitor a command output. Primarily > in the mentioned (ossec-server side) appliance. Thanks the reply. (I havent > figured out any solution yet). >
Well there should be alerts when an agent disconnects. Beyond that, I think your only option is hacking something up with ELK or a similar technology. I have been thinking about these issues, but as always time is an issue. > 2017. január 31., kedd 15:23:00 UTC+1 időpontban dan (ddpbsd) a következőt > írta: >> >> On Mon, Jan 30, 2017 at 9:14 AM, Tibor Luth <[email protected]> wrote: >> > Hi all! >> > >> > I have a few datasources sending remote syslog to an OSSIM appliance >> > running >> > Rsyslog (udp or tcp/514) and OSSEC server and local agent. First I would >> > like to generate alerts or see in logs if a datasource (ossec-agents >> > also) >> > lost connection or stopped logging... (eg. misconfiguration happened, >> > new >> > firewall rule is blocking.. etc). Is it possible somehow? I thought to >> > monitor a command with OSSEC like tcpdump, tshark, netstat or somehing >> > like >> > that for standard syslog protocoll and write a custom ossim plugin for >> > local >> > ossec.log. >> > Ideas are welcomed! :) >> > Thank you! >> > >> >> Do you have any logs that indicate the system is no longer logging to >> the intended destination? >> >> > T. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
