In situation can we install OSSEC Server and syslog backup server on the same machine? Or it will create a lot of issues: double alerts > it will analyse same var/log/messages on client and server side?
thx in advance On Fri, Nov 9, 2018 at 4:35 PM dan (ddp) <[email protected]> wrote: > On Fri, Nov 9, 2018 at 11:21 AM 700 grm <[email protected]> wrote: > > > > Thank you for your prompt response. > > > > 1. How can I turn on logall feature on ossec client? > > > > It's a server side setting, not a client side. > > http://www.ossec.net/docs/syntax/head_ossec_config.global.html?highlight=logall#element-logall > > > 2. it mean that OSSEC client can collect all system logs from /var/log/ > forward them to a OSSEC server and store them in > /var/ossec/logs/archive/archives.log ? > > > > Correct. Anything the agent sends to the server will be logged in the > archives log. > > > Thx in advance > > > > V > > > > > > > > > > > > On Fri, Nov 9, 2018 at 3:41 PM dan (ddp) <[email protected]> wrote: > >> > >> On Fri, Nov 9, 2018 at 10:39 AM <[email protected]> wrote: > >> > > >> > Hi, > >> > > >> > I am new to the OSSEC. I am confused about forwarding logs. > >> > > >> > > >> > Does OSSEC client collects logs from /var/log/messages and forwards > them to the ossec server /var/log/messages? Or should be log forwarding > configured in rsyslog on Red Hat to forward all logs to rsyslog server? > >> > > >> > >> OSSEC does not write to /var/log/messages. It can store all logs it > >> receives in /var/ossec/logs/archive/archives.log, if you turn on the > >> logall feature. > >> But if you want a syslog backup of log messages, you'll have to > >> configure your syslogd to do it for you. > >> > >> > Thx in advance > >> > > >> > Regards > >> > > >> > > >> > V > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
