Regding OSSEC

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
vamsi_k
New Forum User
New Forum User
Posts: 3
Joined: Fri May 04, 2012 5:48 am
Location: INDIA

Regding OSSEC

Unread post by vamsi_k »

FYI...

Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers

installed in chroot environment.


In ossec.conf file, added below configuration in both server and agent.

<localfile>
<log_format>syslog</log_format>
<location>/chroot/site/usr/local/apache/logs/error_log</location>
</localfile>


Already in decoder.xml and in rules folder apache related configuration is set

by default.


Problem : Ossec is not working for apache logs, not even generating

mails related to Apache errors , rest of the ossec part is working as needed.

Please guide me what has to be done to solve the issue.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Regding OSSEC

Unread post by scott »

Oh easy one there, you've got the wrong log type specified. Change that from "syslog" to "apache"
vamsi_k
New Forum User
New Forum User
Posts: 3
Joined: Fri May 04, 2012 5:48 am
Location: INDIA

Re: Regding OSSEC

Unread post by vamsi_k »

Even i tried the same , but didn't get the required output.

FYI...
Moreover ossec server and apache (web servers are agents) are installed in separate machines.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Regding OSSEC

Unread post by scott »

Not sure whats going on there then, thats definitely the right syntax though. We use it all over the place.
vamsi_k
New Forum User
New Forum User
Posts: 3
Joined: Fri May 04, 2012 5:48 am
Location: INDIA

Re: Regding OSSEC

Unread post by vamsi_k »

Can you please tell me what has to cross checked to make it work as required.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Regding OSSEC

Unread post by scott »

Sure, here is an example:

Code: Select all

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/httpd/access_log</location>
  </localfile>
Post Reply