[ossec-list] Re: ossec local logfile ignored

I ended up moving this bash script to the Security Onion server then with help her wrote basic decoders and rules to trigger alerts. Still going to play with the agent custom log file issue off and on. On Friday, June 10, 2016 at 11:12:02 AM UTC-5, Jacob Mcgrath wrote: > > ANy have a issue like

Re: [ossec-list] Re: ossec local logfile ignored

On Fri, Jun 10, 2016 at 6:26 PM, Jacob Mcgrath wrote: > The script will write each line as the bash script as the check fails. This > log is deleted if first creation is older than 7 days( since the record > would remain in Ossec archive). > > I thought it may be

[ossec-list] Re: ossec local logfile ignored

The script will write each line as the bash script as the check fails. This log is deleted if first creation is older than 7 days( since the record would remain in Ossec archive). I thought it may be already accessed by the script as it runs every 3-5 mins but do not think this is the cause (

[ossec-list] Re: ossec local logfile ignored

on restart end of log On Friday, June 10, 2016 at 11:12:02 AM UTC-5, Jacob Mcgrath wrote: > > ANy have a issue like this The Ossec server says its not available and > ignores it. But it is thereweird ? > > root@alamo:/home/mis/admin-tools/logs# tail \ ping-domain.log > System Check

[ossec-list] Re: ossec local logfile ignored

Hi Jacob. When does that message appear? I mean, does it happen on OSSEC start, or after a while? Can you see a message like the following, when OSSEC starts? ossec-logcollector(1950): INFO: Analyzing file: > '/home/mis/admin-tools/logs/ping-domain.log` ossec-logcollector(1950): ERROR: Could