I ended up moving this bash script to the Security Onion server then with
help her wrote basic decoders and rules to trigger alerts. Still going to
play with the agent custom log file issue off and on.
On Friday, June 10, 2016 at 11:12:02 AM UTC-5, Jacob Mcgrath wrote:
>
> ANy have a issue like
On Fri, Jun 10, 2016 at 6:26 PM, Jacob Mcgrath
wrote:
> The script will write each line as the bash script as the check fails. This
> log is deleted if first creation is older than 7 days( since the record
> would remain in Ossec archive).
>
> I thought it may be
The script will write each line as the bash script as the check fails.
This log is deleted if first creation is older than 7 days( since the
record would remain in Ossec archive).
I thought it may be already accessed by the script as it runs every 3-5
mins but do not think this is the cause (
on restart end of log
On Friday, June 10, 2016 at 11:12:02 AM UTC-5, Jacob Mcgrath wrote:
>
> ANy have a issue like this The Ossec server says its not available and
> ignores it. But it is thereweird ?
>
> root@alamo:/home/mis/admin-tools/logs# tail \ ping-domain.log
> System Check
Hi Jacob.
When does that message appear? I mean, does it happen on OSSEC start, or
after a while?
Can you see a message like the following, when OSSEC starts?
ossec-logcollector(1950): INFO: Analyzing file:
> '/home/mis/admin-tools/logs/ping-domain.log`
ossec-logcollector(1950): ERROR: Could