Thanks for quick reply.
As I understand agent collect logs with ossec-logcollector and send all off
them server.Server is analyzing all logs with ossec-analysisd daemon and
match them according to decoders and rules.Also if I open logall option in
server it saves all logs under
Finally, you got it!.
I think your conclusion makes sense.
Regards.
On Wednesday, July 12, 2017 at 7:49:36 PM UTC+2, Alexis Lessard wrote:
>
> The issue was indeed the email_maxperhour setting. My guess is, because we
> basically told OSSEC to send every event to noreply@localhost. The
Yes, here you'll find a guide with all daemons
descriptions:
https://documentation.wazuh.com/current/user-manual/reference/daemons/index.html
Please, let us know if you have any doubt.
Best regards,
On Monday, July 17, 2017 at 9:19:04 AM UTC+2, Kazim Koybasi wrote:
>
> Thanks for quick
Is archives.log under /var/ossec/logs/ contains all logs produced at agent
host server?I am trying to understand that how OSSEC manager and agent
topology works. Agent does not contains rules.
Is it mean that agent send all logs to manager and it process log files
according to decoder and rule
Hello Kazim
On Monday, July 17, 2017 at 8:53:37 AM UTC+2, Kazim Koybasi wrote:
>
> Is archives.log under /var/ossec/logs/ contains all logs produced at agent
> host server?I am trying to understand that how OSSEC manager and agent
> topology works.
>
Yes, if you have configured your ossec.conf