[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

Thank you for your answers.Now It triggers that rule 31152 normally.I was overwrited the rule frequency in local rules and forgot that.Sorry for that mistake. On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote: > > I added config below to etc/shared/agent.conf in ossec-server home >

Re: [ossec-list] Re: OSSEC log analysis settings for apache access/error.log

On Fri, Jul 7, 2017 at 4:15 AM, Kazim Koybasi wrote: > Yes OSSEC mentioning about log files and says analyzing log file. I tried > with apache log format and without logformat settings and results is > same.What could be a workaround for that? > Provide a log sample of a

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

Hi Kazim, - Review the ossec.log of your agent: is it monitoring the file? are there errors?. - The log file must exist before OSSEC is started. - Try with the format "syslog". - Copy some logs to /var/ossec/bin/ossec-logtest and check if an alert would be generated. Just

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

Yes OSSEC mentioning about log files and says analyzing log file. I tried with apache log format and without logformat settings and results is same.What could be a workaround for that? On Thursday, 6 July 2017 23:37:55 UTC+3, Kazim Koybasi wrote: > > I added config below to

[ossec-list] Re: OSSEC log analysis settings for apache access/error.log

Thanks for quick response. Server has running apache , I restarted apache it show log that it monitors all apache config and I connect with my browser and made multple 404 error codes from same server . default log level is 7 for ossec. OSSEC exact configuration like below and my server hosts