On Fri, Nov 9, 2018 at 12:14 PM 700 grm <[email protected]> wrote: > > In situation can we install OSSEC Server and syslog backup server on the same > machine? > Or it will create a lot of issues: double alerts > it will analyse same > var/log/messages on client and server side? >
If OSSEC monitors the file syslogd saves the remote log messages to, you'll get doubled up alerts. If you want to do both on the same machine, you'll want to save the messages to files that OSSEC isn't monitoring. > thx in advance > > On Fri, Nov 9, 2018 at 4:35 PM dan (ddp) <[email protected]> wrote: >> >> On Fri, Nov 9, 2018 at 11:21 AM 700 grm <[email protected]> wrote: >> > >> > Thank you for your prompt response. >> > >> > 1. How can I turn on logall feature on ossec client? >> > >> >> It's a server side setting, not a client side. >> http://www.ossec.net/docs/syntax/head_ossec_config.global.html?highlight=logall#element-logall >> >> > 2. it mean that OSSEC client can collect all system logs from /var/log/ >> > forward them to a OSSEC server and store them in >> > /var/ossec/logs/archive/archives.log ? >> > >> >> Correct. Anything the agent sends to the server will be logged in the >> archives log. >> >> > Thx in advance >> > >> > V >> > >> > >> > >> > >> > >> > On Fri, Nov 9, 2018 at 3:41 PM dan (ddp) <[email protected]> wrote: >> >> >> >> On Fri, Nov 9, 2018 at 10:39 AM <[email protected]> wrote: >> >> > >> >> > Hi, >> >> > >> >> > I am new to the OSSEC. I am confused about forwarding logs. >> >> > >> >> > >> >> > Does OSSEC client collects logs from /var/log/messages and forwards >> >> > them to the ossec server /var/log/messages? Or should be log >> >> > forwarding configured in rsyslog on Red Hat to forward all logs to >> >> > rsyslog server? >> >> > >> >> >> >> OSSEC does not write to /var/log/messages. It can store all logs it >> >> receives in /var/ossec/logs/archive/archives.log, if you turn on the >> >> logall feature. >> >> But if you want a syslog backup of log messages, you'll have to >> >> configure your syslogd to do it for you. >> >> >> >> > Thx in advance >> >> > >> >> > Regards >> >> > >> >> > >> >> > V >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, send >> >> > an email to [email protected]. >> >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
