FYI...
Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers
installed in chroot environment.
In ossec.conf file, added below configuration in both server and agent.
<localfile>
<log_format>syslog</log_format>
<location>/chroot/site/usr/local/apache/logs/error_log</location>
</localfile>
Already in decoder.xml and in rules folder apache related configuration is set
by default.
Problem : Ossec is not working for apache logs, not even generating
mails related to Apache errors , rest of the ossec part is working as needed.
Please guide me what has to be done to solve the issue.
Regding OSSEC
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Regding OSSEC
Oh easy one there, you've got the wrong log type specified. Change that from "syslog" to "apache"
Re: Regding OSSEC
Even i tried the same , but didn't get the required output.
FYI...
Moreover ossec server and apache (web servers are agents) are installed in separate machines.
FYI...
Moreover ossec server and apache (web servers are agents) are installed in separate machines.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Regding OSSEC
Not sure whats going on there then, thats definitely the right syntax though. We use it all over the place.
Re: Regding OSSEC
Can you please tell me what has to cross checked to make it work as required.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Regding OSSEC
Sure, here is an example:
Code: Select all
<localfile>
<log_format>apache</log_format>
<location>/var/log/httpd/access_log</location>
</localfile>