Re: [ossec-list] No ssh alerts?

dan (ddp) Tue, 02 Feb 2010 09:53:45 -0800

On Tue, Feb 2, 2010 at 11:35 AM, Dave Pyke <d...@pyke.ca> wrote:
>
> the ossec.log is showing the file as monitored:
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/critical/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/cron/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/everything/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/hal/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/kernel/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/mail/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/pwdfail/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/sshd/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/telnet/current'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/apache2/access_log'.
> 2010/02/02 08:57:34 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/apache2/error_log'.
>
> However, there is no listing in the alerts.log or the archives for any of
> the sshd alerts, no matter what level I place them at.  I don't use the
> e-mail option, just ossec-wui.
>
> Is there a trace function I can turn on?
>
>


There is a debug flag for each process, usually -d. I'm not sure if that
will give you the info you're looking for though. Definitely worth a shot.

Re: [ossec-list] No ssh alerts?

Reply via email to