json log format

Support/Development for OSSEC
adencooled
New Forum User
New Forum User
Posts: 1
Joined: Fri May 14, 2021 10:17 am

json log format

Unread post by adencooled »

in a older version of ossec - you could use:

<logging>
<log_format>json</log_format>
</logging>


and manual kind of also mentions this:
https://www.ossec.net/docs/docs/formats/index.html

on a centos 7 server i get:

May 14 14:20:47 aws-mnm-checkmk ossec-hids[14820]: Starting ossec-hids: 2021/05/14 14:20:47 ossec-agentd(1230): ERROR: Invalid element in the configuration: 'logging'.
May 14 14:20:47 aws-mnm-checkmk ossec-hids[14820]: 2021/05/14 14:20:47 ossec-agentd(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting.


can you confirm json output is still possible?
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4132
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: json log format

Unread post by mikeshinn »

<jsonout_output>yes</jsonout_output>

Is the new systax. It belongs in the global settngs, for example:

<global>
<email_notification>yes</email_notification>
<email_to>root@localhost</email_to>
<smtp_server>127.0.0.1</smtp_server>
<helo_server>localhost</helo_server>
<email_from>localhost</email_from>
<email_maxperhour>1</email_maxperhour>
<white_list>127.0.0.1</white_list>
<logall>yes</logall>
<jsonout_output>yes</jsonout_output>
<geoipdb>/usr/share/GeoIP/GeoLiteCity.dat</geoipdb>
</global>
Post Reply