On Fri, Sep 6, 2013 at 4:51 AM, frwa onto <[email protected]> wrote: > Dear Dan, > I know your option you gave is just for single file. I Want to > do the whole of /var/log how to go about with that which I think that is > what ossec-logtest does right. > I know neither of this does now work.. > cat /var/log | /var/ossec/bin/ossec-logtest > /usr/local/ossetest.txt 2>&1 > cat: /var/log: Is a directory > [root@capture var]# zcat /var/log | /var/ossec/bin/ossec-logtest > > /usr/local/ossetest.txt 2>&1 > gzip: /var/log is a directory -- ignored >
You're running this on a linux or unix-like system, use the tools available. zcat /var/log/*.gz | /var/ossec/bin/ossec-logtest > How to confirm that syscheck is running. Normally where and what are the > logfiles of ossec for us to to view or look?. Thank you. Sorry very new to > this tool. > /var/ossec/logs/ossec.log contains information like when syscheck runs. /var/ossec/logs/alerts/alerts.log has alert information. > On Thursday, September 5, 2013 9:25:13 PM UTC+8, dan (ddpbsd) wrote: >> >> On Wed, Sep 4, 2013 at 1:54 PM, frwa onto <[email protected]> wrote: >> > Dear Dan, >> > For ossec-logtest I just ran like this ./ossec-logtest? >> > How >> >> The easiest way is to pipe the log file through logtest: >> cat /path/to/logfile | /var/ossec/bin/ossec-logtest >> >> Use zcat if the logfile is compressed. If you want to redirect the >> output to a file, use this: >> cat /path/to/logfile | /var/ossec/bin/ossec-logtest > /path/to/file 2>&1 >> >> >> > about the syscheck how to run it? What will both of this script >> > eventually >> >> By default, syscheck will run when OSSEC starts. >> >> > be doing? Do I need to run the rootcheck ? >> > >> >> Same as syscheck I believe. >> >> > On Wednesday, September 4, 2013 9:38:07 PM UTC+8, dan (ddpbsd) wrote: >> >> >> >> On Tue, Sep 3, 2013 at 12:36 AM, frwa onto <[email protected]> wrote: >> >> > Hi All, >> >> > I just rebuild and install ossec on my centos 6.4 machine. So >> >> > what >> >> > is the next step be done as this is any existing machine and I want >> >> > to >> >> > check >> >> > for any previous intrusion? I also want to get alerts on updates on >> >> > my >> >> > local >> >> > files or any new files created? I am sorry very new to it. >> >> > >> >> >> >> You can use ossec-logtest to check old log files, and syscheck has a >> >> default configuration that can cover most needs. If you have custom >> >> locations that must be monitored, you should add them to the >> >> ossec.conf in the syscheck section. >> >> >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
