How about any other log files I need to monitor? Is notice there is a breakdown of folder by month and day what do they store then?
On Wed, Jun 5, 2013 at 9:44 PM, dan (ddp) <[email protected]> wrote: > On Sat, Jun 1, 2013 at 12:04 AM, frwa onto <[email protected]> wrote: > > Dear Dan, > > In case it reports any thing where is best place to look > is > > it into its particular log files which have been designated ? Which are > the > > main log files to be monitored? > > > > OSSEC reports all alerts to /var/ossec/logs/alerts/alerts.log. > > > > > > > On Fri, May 31, 2013 at 11:36 PM, dan (ddp) <[email protected]> wrote: > >> > >> On Fri, May 31, 2013 at 11:29 AM, frwa onto <[email protected]> wrote: > >> > Dear Dan, > >> > Sorry I am new into Ossec what command should I run > once I > >> > >> It should run by default. > >> > >> > have start ossec to scan my system for e.g. to run rootcheck? Thank > you. > >> > > >> > > >> > On Fri, May 31, 2013 at 10:18 PM, dan (ddp) <[email protected]> wrote: > >> >> > >> >> On Sun, May 19, 2013 at 6:12 AM, frwa onto <[email protected]> > wrote: > >> >> > Thank you dan. Once I installed Ossec is there any command to run > to > >> >> > inspect > >> >> > my current system for any possible intrusion signs? > >> >> > > >> >> > On Friday, May 17, 2013 9:35:14 AM UTC+8, dan (ddpbsd) wrote: > >> >> >> > >> >> >> On Thu, May 16, 2013 at 9:02 PM, frwa onto <[email protected]> > >> >> >> wrote: > >> >> >> > I have a web server and db server running and just came across > >> >> >> > this > >> >> >> > wonderful tool. Do you think is fine to install at this stage > the > >> >> >> > ossec as my server have been running for few months already. > Will > >> >> >> > it > >> >> >> > still be able to help me in intrusion detection and how about my > >> >> >> > file > >> >> >> > check integrity? Thank you. > >> >> >> > > >> >> >> > >> >> > >> >> rootcheck may provide some of indication of compromise (should it see > >> >> evidence). But there isn't really a command to run to perform > specific > >> >> checks. > >> >> > >> >> >> You should be able to check the integrity of many of the files on > >> >> >> the > >> >> >> system by comparing them to rpm. I don't see a problem installing > >> >> >> OSSEC onto a system that's been running already. > >> >> >> > >> >> >> > -- > >> >> >> > > >> >> >> > --- > >> >> >> > You received this message because you are subscribed to the > Google > >> >> >> > Groups "ossec-list" group. > >> >> >> > To unsubscribe from this group and stop receiving emails from > it, > >> >> >> > send > >> >> >> > an email to [email protected]. > >> >> >> > For more options, visit > https://groups.google.com/groups/opt_out. > >> >> >> > > >> >> >> > > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > >> >> > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/groups/opt_out. > >> >> > > >> >> > > >> >> > >> >> -- > >> >> > >> >> --- > >> >> You received this message because you are subscribed to a topic in > the > >> >> Google Groups "ossec-list" group. > >> >> To unsubscribe from this topic, visit > >> >> > >> >> > https://groups.google.com/d/topic/ossec-list/YumS8vZv3PI/unsubscribe?hl=en > . > >> >> To unsubscribe from this group and all its topics, send an email to > >> >> [email protected]. > >> >> > >> >> For more options, visit https://groups.google.com/groups/opt_out. > >> >> > >> >> > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to a topic in the > >> Google Groups "ossec-list" group. > >> To unsubscribe from this topic, visit > >> > https://groups.google.com/d/topic/ossec-list/YumS8vZv3PI/unsubscribe?hl=en > . > >> To unsubscribe from this group and all its topics, send an email to > >> [email protected]. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/YumS8vZv3PI/unsubscribe?hl=en > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
