On Sat, Jun 1, 2013 at 12:04 AM, frwa onto <[email protected]> wrote: > Dear Dan, > In case it reports any thing where is best place to look is > it into its particular log files which have been designated ? Which are the > main log files to be monitored? >
OSSEC reports all alerts to /var/ossec/logs/alerts/alerts.log. > > > On Fri, May 31, 2013 at 11:36 PM, dan (ddp) <[email protected]> wrote: >> >> On Fri, May 31, 2013 at 11:29 AM, frwa onto <[email protected]> wrote: >> > Dear Dan, >> > Sorry I am new into Ossec what command should I run once I >> >> It should run by default. >> >> > have start ossec to scan my system for e.g. to run rootcheck? Thank you. >> > >> > >> > On Fri, May 31, 2013 at 10:18 PM, dan (ddp) <[email protected]> wrote: >> >> >> >> On Sun, May 19, 2013 at 6:12 AM, frwa onto <[email protected]> wrote: >> >> > Thank you dan. Once I installed Ossec is there any command to run to >> >> > inspect >> >> > my current system for any possible intrusion signs? >> >> > >> >> > On Friday, May 17, 2013 9:35:14 AM UTC+8, dan (ddpbsd) wrote: >> >> >> >> >> >> On Thu, May 16, 2013 at 9:02 PM, frwa onto <[email protected]> >> >> >> wrote: >> >> >> > I have a web server and db server running and just came across >> >> >> > this >> >> >> > wonderful tool. Do you think is fine to install at this stage the >> >> >> > ossec as my server have been running for few months already. Will >> >> >> > it >> >> >> > still be able to help me in intrusion detection and how about my >> >> >> > file >> >> >> > check integrity? Thank you. >> >> >> > >> >> >> >> >> >> >> rootcheck may provide some of indication of compromise (should it see >> >> evidence). But there isn't really a command to run to perform specific >> >> checks. >> >> >> >> >> You should be able to check the integrity of many of the files on >> >> >> the >> >> >> system by comparing them to rpm. I don't see a problem installing >> >> >> OSSEC onto a system that's been running already. >> >> >> >> >> >> > -- >> >> >> > >> >> >> > --- >> >> >> > You received this message because you are subscribed to the Google >> >> >> > Groups "ossec-list" group. >> >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> >> > send >> >> >> > an email to [email protected]. >> >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > >> >> >> > >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > >> >> > >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to a topic in the >> >> Google Groups "ossec-list" group. >> >> To unsubscribe from this topic, visit >> >> >> >> https://groups.google.com/d/topic/ossec-list/YumS8vZv3PI/unsubscribe?hl=en. >> >> To unsubscribe from this group and all its topics, send an email to >> >> [email protected]. >> >> >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/YumS8vZv3PI/unsubscribe?hl=en. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
