On May 26, 2014 12:49 PM, "Nguyễn Văn Hớn" <honi...@gmail.com> wrote: > > Oh thank Dan... the question 1. because when the server dectect attack from agent the only server know that. i think agent need know that. Can you help me more details. ( sorry my english is bad :(
Typically you want a person to know. You could use active response to try and block the attacks, but you should still probably notify an admin or he security team. > 2. i have turn on option <logall>yes</logall> but have error > What error? > Vào 23:43:15 UTC+7 Thứ hai, ngày 26 tháng năm năm 2014, dan (ddpbsd) đã viết: >> >> >> On May 26, 2014 12:39 PM, "Nguyễn Văn Hớn" <hon...@gmail.com> wrote: >> > >> > hi everybody. i have question : >> > How to send alert from server to agent when agent have attacked. And log from agent send to server. Where is it stored? >> > >> >> You can't really send the alerts to the agents. You can send some alerts to a centralized location uskng csyslogd, but there's no functionality to send it to a lot of locations. Why would you want to do this anyways? >> Alerts are stored in /var/ossec/logs/alerts. Log messages are not stored by default, you need to turn on the log all option. If yiu do that they're stored in logs/archives. >> >> > thank for help >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.