On Fri, Nov 9, 2018 at 11:21 AM 700 grm <[email protected]> wrote: > > Thank you for your prompt response. > > 1. How can I turn on logall feature on ossec client? >
It's a server side setting, not a client side. http://www.ossec.net/docs/syntax/head_ossec_config.global.html?highlight=logall#element-logall > 2. it mean that OSSEC client can collect all system logs from /var/log/ > forward them to a OSSEC server and store them in > /var/ossec/logs/archive/archives.log ? > Correct. Anything the agent sends to the server will be logged in the archives log. > Thx in advance > > V > > > > > > On Fri, Nov 9, 2018 at 3:41 PM dan (ddp) <[email protected]> wrote: >> >> On Fri, Nov 9, 2018 at 10:39 AM <[email protected]> wrote: >> > >> > Hi, >> > >> > I am new to the OSSEC. I am confused about forwarding logs. >> > >> > >> > Does OSSEC client collects logs from /var/log/messages and forwards them >> > to the ossec server /var/log/messages? Or should be log forwarding >> > configured in rsyslog on Red Hat to forward all logs to rsyslog server? >> > >> >> OSSEC does not write to /var/log/messages. It can store all logs it >> receives in /var/ossec/logs/archive/archives.log, if you turn on the >> logall feature. >> But if you want a syslog backup of log messages, you'll have to >> configure your syslogd to do it for you. >> >> > Thx in advance >> > >> > Regards >> > >> > >> > V >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
