Atomicorp

Security for Everyone
https://forums.atomicorp.com/

json log format

https://forums.atomicorp.com/viewtopic.php?t=8990

Page 1 of 1

json log format

Posted: Fri May 14, 2021 10:21 am
by adencooled
in a older version of ossec - you could use:

<logging>
<log_format>json</log_format>
</logging>


and manual kind of also mentions this:
https://www.ossec.net/docs/docs/formats/index.html

on a centos 7 server i get:

May 14 14:20:47 aws-mnm-checkmk ossec-hids[14820]: Starting ossec-hids: 2021/05/14 14:20:47 ossec-agentd(1230): ERROR: Invalid element in the configuration: 'logging'.
May 14 14:20:47 aws-mnm-checkmk ossec-hids[14820]: 2021/05/14 14:20:47 ossec-agentd(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting.


can you confirm json output is still possible?

Re: json log format

Posted: Fri May 14, 2021 12:10 pm
by mikeshinn
<jsonout_output>yes</jsonout_output>

Is the new systax. It belongs in the global settngs, for example:

<global>
<email_notification>yes</email_notification>
<email_to>root@localhost</email_to>
<smtp_server>127.0.0.1</smtp_server>
<helo_server>localhost</helo_server>
<email_from>localhost</email_from>
<email_maxperhour>1</email_maxperhour>
<white_list>127.0.0.1</white_list>
<logall>yes</logall>
<jsonout_output>yes</jsonout_output>
<geoipdb>/usr/share/GeoIP/GeoLiteCity.dat</geoipdb>
</global>
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited